Skip to content

Disable Key

kms_disable_key R Documentation

Sets the state of a KMS key to disabled

Description

Sets the state of a KMS key to disabled. This change temporarily prevents use of the KMS key for cryptographic operations.

For more information about how key state affects the use of a KMS key, see Key states of KMS keys in the Key Management Service Developer Guide .

The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

Required permissions: kms:DisableKey (key policy)

Related operations: enable_key

Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

Usage

kms_disable_key(KeyId)

Arguments

KeyId

[required] Identifies the KMS key to disable.

Specify the key ID or key ARN of the KMS key.

For example:

  • Key ID: ⁠1234abcd-12ab-34cd-56ef-1234567890ab⁠

  • Key ARN: ⁠arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab⁠

To get the key ID and key ARN for a KMS key, use list_keys or describe_key.

Value

An empty list.

Request syntax

svc$disable_key(
  KeyId = "string"
)

Examples

## Not run: 
# The following example disables the specified KMS key.
svc$disable_key(
  KeyId = "1234abcd-12ab-34cd-56ef-1234567890ab"
)

## End(Not run)