KMS / Client / disable_key
disable_key#
- KMS.Client.disable_key(**kwargs)#
Sets the state of a KMS key to disabled. This change temporarily prevents use of the KMS key for cryptographic operations.
For more information about how key state affects the use of a KMS key, see Key states of KMS keys in the Key Management Service Developer Guide .
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:DisableKey (key policy)
Related operations: EnableKey
Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
See also: AWS API Documentation
Request Syntax
response = client.disable_key( KeyId='string' )
- Parameters:
KeyId (string) –
[REQUIRED]
Identifies the KMS key to disable.
Specify the key ID or key ARN of the KMS key.
For example:
Key ID:
1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN:
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
- Returns:
None
Exceptions
Examples
The following example disables the specified KMS key.
response = client.disable_key( # The identifier of the KMS key to disable. You can use the key ID or the Amazon Resource Name (ARN) of the KMS key. KeyId='1234abcd-12ab-34cd-56ef-1234567890ab', ) print(response)
Expected Output:
{ 'ResponseMetadata': { '...': '...', }, }