@Generated(value="OracleSDKGenerator",
comments="API Version: release")
public interface KmsManagement
extends AutoCloseable
Use the Key Management API to manage vaults and keys. For more information, see Managing Vaults and Managing Keys.
This service client uses CircuitBreakerUtils.DEFAULT_CIRCUIT_BREAKER for all the operations by default if no circuit breaker configuration is defined by the user.
| Modifier and Type | Method and Description |
|---|---|
BackupKeyResponse |
backupKey(BackupKeyRequest request)
Backs up an encrypted file that contains all key versions and metadata of the specified key
so that you can restore the key later.
|
CancelKeyDeletionResponse |
cancelKeyDeletion(CancelKeyDeletionRequest request)
Cancels the scheduled deletion of the specified key.
|
CancelKeyVersionDeletionResponse |
cancelKeyVersionDeletion(CancelKeyVersionDeletionRequest request)
Cancels the scheduled deletion of the specified key version.
|
ChangeKeyCompartmentResponse |
changeKeyCompartment(ChangeKeyCompartmentRequest request)
Moves a key into a different compartment within the same tenancy.
|
CreateKeyResponse |
createKey(CreateKeyRequest request)
Creates a new master encryption key.
|
CreateKeyVersionResponse |
createKeyVersion(CreateKeyVersionRequest request)
Generates a new KeyVersion
resource that provides new cryptographic material for a master encryption key.
|
DisableKeyResponse |
disableKey(DisableKeyRequest request)
Disables a master encryption key so it can no longer be used for encryption, decryption, or
generating new data encryption keys.
|
EnableKeyResponse |
enableKey(EnableKeyRequest request)
Enables a master encryption key so it can be used for encryption, decryption, or generating
new data encryption keys.
|
String |
getEndpoint()
Gets the set endpoint for REST call (ex, https://www.example.com)
|
GetKeyResponse |
getKey(GetKeyRequest request)
Gets information about the specified master encryption key.
|
GetKeyVersionResponse |
getKeyVersion(GetKeyVersionRequest request)
Gets information about the specified key version.
|
KmsManagementPaginators |
getPaginators()
Gets the pre-configured paginators available for list operations in this service which may
return multiple pages of data.
|
GetReplicationStatusResponse |
getReplicationStatus(GetReplicationStatusRequest request)
When a vault has a replica, each operation on the vault or its resources, such as keys, is
replicated and has an associated replicationId.
|
KmsManagementWaiters |
getWaiters()
Gets the pre-configured waiters available for resources for this service.
|
GetWrappingKeyResponse |
getWrappingKey(GetWrappingKeyRequest request)
Gets details about the public RSA wrapping key associated with the vault in the endpoint.
|
ImportKeyResponse |
importKey(ImportKeyRequest request)
Imports AES and RSA keys to create a new key.
|
ImportKeyVersionResponse |
importKeyVersion(ImportKeyVersionRequest request)
Imports AES key material to create a new key version and then rotate the key to begin using
the new key version.
|
ListKeysResponse |
listKeys(ListKeysRequest request)
Lists the master encryption keys in the specified vault and compartment.
|
ListKeyVersionsResponse |
listKeyVersions(ListKeyVersionsRequest request)
Lists all KeyVersion
resources for the specified master encryption key.
|
void |
refreshClient()
Rebuilds the client from scratch.
|
RestoreKeyFromFileResponse |
restoreKeyFromFile(RestoreKeyFromFileRequest request)
Restores the specified key to the specified vault, based on information in the backup file
provided.
|
RestoreKeyFromObjectStoreResponse |
restoreKeyFromObjectStore(RestoreKeyFromObjectStoreRequest request)
Restores the specified key to the specified vault from an Oracle Cloud Infrastructure Object
Storage location.
|
ScheduleKeyDeletionResponse |
scheduleKeyDeletion(ScheduleKeyDeletionRequest request)
Schedules the deletion of the specified key.
|
ScheduleKeyVersionDeletionResponse |
scheduleKeyVersionDeletion(ScheduleKeyVersionDeletionRequest request)
Schedules the deletion of the specified key version.
|
void |
setEndpoint(String endpoint)
Sets the endpoint to call (ex, https://www.example.com).
|
UpdateKeyResponse |
updateKey(UpdateKeyRequest request)
Updates the properties of a master encryption key.
|
closevoid refreshClient()
Rebuilds the client from scratch. Useful to refresh certificates.
void setEndpoint(String endpoint)
Sets the endpoint to call (ex, https://www.example.com).
endpoint - The endpoint of the service.String getEndpoint()
Gets the set endpoint for REST call (ex, https://www.example.com)
BackupKeyResponse backupKey(BackupKeyRequest request)
Backs up an encrypted file that contains all key versions and metadata of the specified key so that you can restore the key later. The file also contains the metadata of the vault that the key belonged to.
request - The request object containing the details to sendBmcException - when an error occurs. This operation will not retry by default, users
can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to
enable retries for it. The specifics of the default retry strategy are described here
https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries
Example: Click here to see how to use BackupKey API.
CancelKeyDeletionResponse cancelKeyDeletion(CancelKeyDeletionRequest request)
Cancels the scheduled deletion of the specified key. Canceling a scheduled deletion restores the key’s lifecycle state to what it was before its scheduled deletion.
As a provisioning operation, this call is subject to a Key Management limit that applies to the total number of requests across all provisioning write operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of provisioning write operations exceeds 10 requests per second for a given tenancy.
request - The request object containing the details to sendBmcException - when an error occurs. This operation will not retry by default, users
can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to
enable retries for it. The specifics of the default retry strategy are described here
https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries
Example: Click here to see how to use CancelKeyDeletion API.
CancelKeyVersionDeletionResponse cancelKeyVersionDeletion(CancelKeyVersionDeletionRequest request)
Cancels the scheduled deletion of the specified key version. Canceling a scheduled deletion restores the key version to its lifecycle state from before its scheduled deletion.
As a provisioning operation, this call is subject to a Key Management limit that applies to the total number of requests across all provisioning write operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of provisioning write operations exceeds 10 requests per second for a given tenancy.
request - The request object containing the details to sendBmcException - when an error occurs. This operation will not retry by default, users
can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to
enable retries for it. The specifics of the default retry strategy are described here
https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries
Example: Click here to see how to use CancelKeyVersionDeletion API.
ChangeKeyCompartmentResponse changeKeyCompartment(ChangeKeyCompartmentRequest request)
Moves a key into a different compartment within the same tenancy. For information about moving resources between compartments, see Moving Resources to a Different Compartment.
When provided, if-match is checked against the ETag values of the key.
As a provisioning operation, this call is subject to a Key Management limit that applies to the total number of requests across all provisioning write operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of provisioning write operations exceeds 10 requests per second for a given tenancy.
request - The request object containing the details to sendBmcException - when an error occurs. This operation will not retry by default, users
can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to
enable retries for it. The specifics of the default retry strategy are described here
https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries
Example: Click here to see how to use ChangeKeyCompartment API.
CreateKeyResponse createKey(CreateKeyRequest request)
Creates a new master encryption key.
As a management operation, this call is subject to a Key Management limit that applies to the total number of requests across all management write operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of management write operations exceeds 10 requests per second for a given tenancy.
request - The request object containing the details to sendBmcException - when an error occurs. This operation will not retry by default, users
can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to
enable retries for it. The specifics of the default retry strategy are described here
https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries
Example: Click here to see how to use CreateKey API.
CreateKeyVersionResponse createKeyVersion(CreateKeyVersionRequest request)
Generates a new KeyVersion
resource that provides new cryptographic material for a master encryption key. The key must
be in an ENABLED state to be rotated.
As a management operation, this call is subject to a Key Management limit that applies to the total number of requests across all management write operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of management write operations exceeds 10 requests per second for a given tenancy.
request - The request object containing the details to sendBmcException - when an error occurs. This operation will not retry by default, users
can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to
enable retries for it. The specifics of the default retry strategy are described here
https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries
Example: Click here to see how to use CreateKeyVersion API.
DisableKeyResponse disableKey(DisableKeyRequest request)
Disables a master encryption key so it can no longer be used for encryption, decryption, or generating new data encryption keys.
As a management operation, this call is subject to a Key Management limit that applies to the total number of requests across all management write operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of management write operations exceeds 10 requests per second for a given tenancy.
request - The request object containing the details to sendBmcException - when an error occurs. This operation will not retry by default, users
can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to
enable retries for it. The specifics of the default retry strategy are described here
https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries
Example: Click here to see how to use DisableKey API.
EnableKeyResponse enableKey(EnableKeyRequest request)
Enables a master encryption key so it can be used for encryption, decryption, or generating new data encryption keys.
As a management operation, this call is subject to a Key Management limit that applies to the total number of requests across all management write operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of management write operations exceeds 10 requests per second for a given tenancy.
request - The request object containing the details to sendBmcException - when an error occurs. This operation will not retry by default, users
can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to
enable retries for it. The specifics of the default retry strategy are described here
https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries
Example: Click here to see how to use EnableKey API.
GetKeyResponse getKey(GetKeyRequest request)
Gets information about the specified master encryption key.
As a management operation, this call is subject to a Key Management limit that applies to the total number of requests across all management read operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of management read operations exceeds 10 requests per second for a given tenancy.
request - The request object containing the details to sendBmcException - when an error occurs. This operation will not retry by default, users
can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to
enable retries for it. The specifics of the default retry strategy are described here
https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries
Example: Click here to see how to use GetKey API.
GetKeyVersionResponse getKeyVersion(GetKeyVersionRequest request)
Gets information about the specified key version.
As a management operation, this call is subject to a Key Management limit that applies to the total number of requests across all management read operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of management read operations exceeds 10 requests per second for a given tenancy.
request - The request object containing the details to sendBmcException - when an error occurs. This operation will not retry by default, users
can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to
enable retries for it. The specifics of the default retry strategy are described here
https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries
Example: Click here to see how to use GetKeyVersion API.
GetReplicationStatusResponse getReplicationStatus(GetReplicationStatusRequest request)
When a vault has a replica, each operation on the vault or its resources, such as keys, is replicated and has an associated replicationId. Replication status provides details about whether the operation associated with the given replicationId has been successfully applied across replicas.
request - The request object containing the details to sendBmcException - when an error occurs. This operation will not retry by default, users
can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to
enable retries for it. The specifics of the default retry strategy are described here
https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries
Example: Click here to see how to use GetReplicationStatus API.
GetWrappingKeyResponse getWrappingKey(GetWrappingKeyRequest request)
Gets details about the public RSA wrapping key associated with the vault in the endpoint. Each vault has an RSA key-pair that wraps and unwraps AES key material for import into Key Management.
request - The request object containing the details to sendBmcException - when an error occurs. This operation will not retry by default, users
can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to
enable retries for it. The specifics of the default retry strategy are described here
https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries
Example: Click here to see how to use GetWrappingKey API.
ImportKeyResponse importKey(ImportKeyRequest request)
Imports AES and RSA keys to create a new key. The key material must be base64-encoded and wrapped by the vault’s public RSA wrapping key before you can import it. Key Management supports both RSA and AES keys. The AES keys are symmetric keys of length 128 bits (16 bytes), 192 bits (24 bytes), or 256 bits (32 bytes), and the RSA keys are asymmetric keys of length 2048 bits (256 bytes), 3072 bits (384 bytes), and 4096 bits (512 bytes). Furthermore, the key length must match what you specify at the time of import. When importing an asymmetric key, only private key must be wrapped in PKCS8 format while the corresponding public key is generated internally by KMS.
request - The request object containing the details to sendBmcException - when an error occurs. This operation will not retry by default, users
can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to
enable retries for it. The specifics of the default retry strategy are described here
https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries
Example: Click here to see how to use ImportKey API.
ImportKeyVersionResponse importKeyVersion(ImportKeyVersionRequest request)
Imports AES key material to create a new key version and then rotate the key to begin using the new key version. The key material must be base64-encoded and wrapped by the vault’s public RSA wrapping key before you can import it. Key Management supports AES symmetric keys that are exactly 16, 24, or 32 bytes. Furthermore, the key length must match the length of the specified key and what you specify as the length at the time of import. When importing an asymmetric key, only the private key must be wrapped in PKCS8 format while the corresponding public key is generated internally by KMS.
request - The request object containing the details to sendBmcException - when an error occurs. This operation will not retry by default, users
can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to
enable retries for it. The specifics of the default retry strategy are described here
https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries
Example: Click here to see how to use ImportKeyVersion API.
ListKeyVersionsResponse listKeyVersions(ListKeyVersionsRequest request)
Lists all KeyVersion resources for the specified master encryption key.
As a management operation, this call is subject to a Key Management limit that applies to the total number of requests across all management read operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of management read operations exceeds 10 requests per second for a given tenancy.
request - The request object containing the details to sendBmcException - when an error occurs. This operation will not retry by default, users
can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to
enable retries for it. The specifics of the default retry strategy are described here
https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries
Example: Click here to see how to use ListKeyVersions API.
ListKeysResponse listKeys(ListKeysRequest request)
Lists the master encryption keys in the specified vault and compartment.
As a management operation, this call is subject to a Key Management limit that applies to the total number of requests across all management read operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of management read operations exceeds 10 requests per second for a given tenancy.
request - The request object containing the details to sendBmcException - when an error occurs. This operation will not retry by default, users
can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to
enable retries for it. The specifics of the default retry strategy are described here
https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries
Example: Click here to see how to use ListKeys API.
RestoreKeyFromFileResponse restoreKeyFromFile(RestoreKeyFromFileRequest request)
Restores the specified key to the specified vault, based on information in the backup file provided. If the vault doesn’t exist, the operation returns a response with a 404 HTTP status error code. You need to first restore the vault associated with the key.
Note: This operation consumes a stream.
If the stream supports InputStream.mark(int) and InputStream.reset(), when a retry is necessary, the stream is reset so it starts at
the beginning (or whatever the stream's position was at the time this operation is called}.
Note this means that if the caller has used InputStream.mark(int) before,
then the mark will not be the same anymore after this operation, and a subsequent call to
InputStream.reset() by the caller will reset the stream not to the caller's
mark, but to the position the stream was in when this operation was called.
If the stream is a FileInputStream, and the stream's FileChannel position can be changed (like for a regular file), the stream
will be wrapped in such a way that it does provide support for InputStream.mark(int) and InputStream.reset(). Then the same
procedure as above is followed. If the stream's FileChannel
position cannot be changed (like for a named pipe), then the stream's contents will be
buffered in memory, as described below.
If the stream does not support InputStream.mark(int) and InputStream.reset(), then the stream is wrapped in a BufferedInputStream, which means the entire contents may be buffered in memory. Then
the same procedure as above is followed.
The contents of the stream, except when the stream is a FileInputStream
whose FileChannel position can be changed, should be less than 2
GiB in size if retries are used. This is because streams 2 GiB in size or larger do no
guarantee that mark-and-reset can be performed. If the stream is larger, do not use built-in
retries and manage retries yourself.
request - The request object containing the details to sendBmcException - when an error occurs. This operation will not retry by default, users
can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to
enable retries for it. The specifics of the default retry strategy are described here
https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries
Example: Click here to see how to use RestoreKeyFromFile API.
RestoreKeyFromObjectStoreResponse restoreKeyFromObjectStore(RestoreKeyFromObjectStoreRequest request)
Restores the specified key to the specified vault from an Oracle Cloud Infrastructure Object Storage location. If the vault doesn’t exist, the operation returns a response with a 404 HTTP status error code. You need to first restore the vault associated with the key.
request - The request object containing the details to sendBmcException - when an error occurs. This operation will not retry by default, users
can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to
enable retries for it. The specifics of the default retry strategy are described here
https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries
Example: Click here to see how to use RestoreKeyFromObjectStore API.
ScheduleKeyDeletionResponse scheduleKeyDeletion(ScheduleKeyDeletionRequest request)
Schedules the deletion of the specified key. This sets the lifecycle state of the key to
PENDING_DELETION and then deletes it after the specified retention period ends.
As a provisioning operation, this call is subject to a Key Management limit that applies to the total number of requests across all provisioning write operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of provisioning write operations exceeds 10 requests per second for a given tenancy.
request - The request object containing the details to sendBmcException - when an error occurs. This operation will not retry by default, users
can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to
enable retries for it. The specifics of the default retry strategy are described here
https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries
Example: Click here to see how to use ScheduleKeyDeletion API.
ScheduleKeyVersionDeletionResponse scheduleKeyVersionDeletion(ScheduleKeyVersionDeletionRequest request)
Schedules the deletion of the specified key version. This sets the lifecycle state of the key
version to PENDING_DELETION and then deletes it after the specified retention period ends.
As a provisioning operation, this call is subject to a Key Management limit that applies to the total number of requests across all provisioning write operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of provisioning write operations exceeds 10 requests per second for a given tenancy.
request - The request object containing the details to sendBmcException - when an error occurs. This operation will not retry by default, users
can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to
enable retries for it. The specifics of the default retry strategy are described here
https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries
Example: Click here to see how to use ScheduleKeyVersionDeletion API.
UpdateKeyResponse updateKey(UpdateKeyRequest request)
Updates the properties of a master encryption key. Specifically, you can update the
displayName, freeformTags, and definedTags properties. Furthermore, the key must be in
an ENABLED or CREATING state to be updated.
As a management operation, this call is subject to a Key Management limit that applies to the total number of requests across all management write operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of management write operations exceeds 10 requests per second for a given tenancy.
request - The request object containing the details to sendBmcException - when an error occurs. This operation will not retry by default, users
can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to
enable retries for it. The specifics of the default retry strategy are described here
https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries
Example: Click here to see how to use UpdateKey API.
KmsManagementWaiters getWaiters()
Gets the pre-configured waiters available for resources for this service.
KmsManagementPaginators getPaginators()
Gets the pre-configured paginators available for list operations in this service which may
return multiple pages of data. These paginators provide an Iterable
interface so that service responses, or resources/records, can be iterated through without
having to manually deal with pagination and page tokens.
Copyright © 2016–2025. All rights reserved.