kms_disable_key: Sets the state of a customer master key (CMK) to disabled

Description

Sets the state of a customer master key (CMK) to disabled. This change temporarily prevents use of the CMK for cryptographic operations.

For more information about how key state affects the use of a CMK, see How Key State Affects the Use of a Customer Master Key in the AWS Key Management Service Developer Guide .

The CMK that you use for this operation must be in a compatible key state. For details, see How Key State Affects Use of a Customer Master Key in the AWS Key Management Service Developer Guide.

Cross-account use: No. You cannot perform this operation on a CMK in a different AWS account.

Required permissions: kms:DisableKey (key policy)

Related operations: enable_key

Usage

kms_disable_key(KeyId)

Arguments

KeyId

[required] A unique identifier for the customer master key (CMK).

Specify the key ID or the Amazon Resource Name (ARN) of the CMK.

For example:

Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a CMK, use list_keys or describe_key.

Value

An empty list.

Request syntax

svc$disable_key(
  KeyId = "string"
)

Examples

Run this code

# NOT RUN {
# The following example disables the specified CMK.
svc$disable_key(
  KeyId = "1234abcd-12ab-34cd-56ef-1234567890ab"
)
# }
# NOT RUN {
# }

Run the code above in your browser using DataLab