AmazonKeyManagementServiceClient.UpdateCustomKeyStore Method (UpdateCustomKeyStoreRequest) | AWS SDK for .NET V3 (original) (raw)

This example changes the friendly name of the AWS KMS custom key store to the name that you specify. This operation does not return any data. To verify that the operation worked, use the DescribeCustomKeyStores operation.

To edit the friendly name of a custom key store

var client = new AmazonKeyManagementServiceClient(); var response = client.UpdateCustomKeyStore(new UpdateCustomKeyStoreRequest { CustomKeyStoreId = "cks-1234567890abcdef0", // The ID of the custom key store that you are updating. NewCustomKeyStoreName = "DevelopmentKeys" // A new friendly name for the custom key store. });

This example tells AWS KMS the password for the kmsuser crypto user in the AWS CloudHSM cluster that is associated with the AWS KMS custom key store. (It does not change the password in the CloudHSM cluster.) This operation does not return any data.

To edit the password of an AWS CloudHSM key store

var client = new AmazonKeyManagementServiceClient(); var response = client.UpdateCustomKeyStore(new UpdateCustomKeyStoreRequest { CustomKeyStoreId = "cks-1234567890abcdef0", // The ID of the custom key store that you are updating. KeyStorePassword = "ExamplePassword" // The password for the kmsuser crypto user in the CloudHSM cluster. });

This example changes the AWS CloudHSM cluster that is associated with an AWS CloudHSM key store to a related cluster, such as a different backup of the same cluster. This operation does not return any data. To verify that the operation worked, use the DescribeCustomKeyStores operation.

var client = new AmazonKeyManagementServiceClient(); var response = client.UpdateCustomKeyStore(new UpdateCustomKeyStoreRequest { CloudHsmClusterId = "cluster-234abcdefABC", // The ID of the AWS CloudHSM cluster that you want to associate with the custom key store. This cluster must be related to the original CloudHSM cluster for this key store. CustomKeyStoreId = "cks-1234567890abcdef0" // The ID of the custom key store that you are updating. });

To update the proxy authentication credential for your external key store, specify both the RawSecretAccessKey and the AccessKeyId, even if you are changing only one of the values. You can use this feature to fix an invalid credential or to change the credential when the external key store proxy rotates it.

To update the proxy authentication credential of an external key store

var client = new AmazonKeyManagementServiceClient(); var response = client.UpdateCustomKeyStore(new UpdateCustomKeyStoreRequest { CustomKeyStoreId = "cks-1234567890abcdef0", // Identifies the custom key store XksProxyAuthenticationCredential = new XksProxyAuthenticationCredentialType { AccessKeyId = "ABCDE12345670EXAMPLE", RawSecretAccessKey = "DXjSUawnel2fr6SKC7G25CNxTyWKE5PF9XX6H/u9pSo=" } // Specifies the values in the proxy authentication credential });

This example updates the proxy URI path for an external key store

To edit the proxy URI path of an external key store.

var client = new AmazonKeyManagementServiceClient(); var response = client.UpdateCustomKeyStore(new UpdateCustomKeyStoreRequest { CustomKeyStoreId = "cks-1234567890abcdef0", // The ID of the custom key store that you are updating XksProxyUriPath = "/new-path/kms/xks/v1" // The URI path to the external key store proxy APIs });

To change the external key store proxy connectivity option from public endpoint connectivity to VPC endpoint service connectivity, in addition to changing the XksProxyConnectivity value, you must change the XksProxyUriEndpoint value to reflect the private DNS name associated with the VPC endpoint service. You must also add an XksProxyVpcEndpointServiceName value.

To update the proxy connectivity of an external key store to VPC_ENDPOINT_SERVICE

var client = new AmazonKeyManagementServiceClient(); var response = client.UpdateCustomKeyStore(new UpdateCustomKeyStoreRequest { CustomKeyStoreId = "cks-1234567890abcdef0", // Identifies the custom key store XksProxyConnectivity = "VPC_ENDPOINT_SERVICE", // Specifies the connectivity option XksProxyUriEndpoint = "https://myproxy-private.xks.example.com", // Specifies the URI endpoint that AWS KMS uses when communicating with the external key store proxy XksProxyVpcEndpointServiceName = "com.amazonaws.vpce.us-east-1.vpce-svc-example" // Specifies the name of the VPC endpoint service that the proxy uses for communication });