KMS / Client / enable_key

enable_key

KMS.Client.enable_key(**kwargs)

Sets the key state of a KMS key to enabled. This allows you to use the KMS key for cryptographic operations.

The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

Required permissions: kms:EnableKey (key policy)

Related operations: DisableKey

Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

See also: AWS API Documentation

Request Syntax

response = client.enable_key(
    KeyId='string'
)

Parameters:

KeyId (string) –

[REQUIRED]

Identifies the KMS key to enable.

Specify the key ID or key ARN of the KMS key.

For example:

• Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

• Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

Returns:

None

Exceptions

• KMS.Client.exceptions.NotFoundException

• KMS.Client.exceptions.InvalidArnException

• KMS.Client.exceptions.DependencyTimeoutException

• KMS.Client.exceptions.KMSInternalException

• KMS.Client.exceptions.LimitExceededException

• KMS.Client.exceptions.KMSInvalidStateException

Examples

The following example enables the specified KMS key.

response = client.enable_key(
    # The identifier of the KMS key to enable. You can use the key ID or the Amazon Resource Name (ARN) of the KMS key.
    KeyId='1234abcd-12ab-34cd-56ef-1234567890ab',
)

print(response)

Expected Output:

{
    'ResponseMetadata': {
        '...': '...',
    },
}