ScheduleKeyDeletion
Schedules a KMS key for deletion.
Description
The ScheduleKeyDeletion operation schedules the deletion of a KMS key. By default, QKMS waits 30 days before deleting the key to give you time to recover it if you change your mind. You can specify a waiting period between 7 and 30 days.
note
- While the key is pending deletion, its key state is
PendingDeletion. - During the waiting period, you can use
CancelKeyDeletionto cancel the deletion of the KMS key. - After the waiting period ends, QKMS deletes the KMS key and all related key material.
- Deleting a KMS key is irreversible. After a key is deleted, you can no longer decrypt data that was encrypted under that KMS key.
- Cross-account use: No. You cannot schedule deletion of a KMS key in a different account.
Request Syntax
Headers
| Name | Description | Required | Type |
|---|---|---|---|
| Content-Type | Must be "application/x-amz-json-1.1" | Yes | string |
| X-Amz-Target | Must be "TrentService.ScheduleKeyDeletion" | Yes | string |
Request Body
| Name | Description | Required | Type |
|---|---|---|---|
| KeyId | The identifier of the KMS key to schedule for deletion. This can be the key ID or key ARN of the KMS key. | Yes | string |
| PendingWindowInDays | The waiting period, specified in number of days. After the waiting period ends, QKMS deletes the KMS key. The value must be between 7 and 30, inclusive. If you don't specify a value, QKMS uses 30. | No | integer |
POST / HTTP/1.1
Content-Type: application/x-amz-json-1.1
X-Amz-Target: TrentService.ScheduleKeyDeletion
{
"KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
"PendingWindowInDays": 7
}
Values in italics indicate user input and should be replaced with actual values.
Response Elements
| Name | Description | Required | Type |
|---|---|---|---|
| KeyId | The Amazon Resource Name (ARN) of the KMS key that is scheduled for deletion. | No | String |
| DeletionDate | The date and time after which QKMS deletes the KMS key. | No | String |
| KeyState | The current state of the KMS key. When this value is `PendingDeletion`, you cannot use the KMS key for cryptographic operations. | No | String |
| PendingWindowInDays | The number of days remaining in the waiting period before QKMS deletes the KMS key. | No | String |
Special Errors
| Error Code | Description |
|---|---|
| DependencyTimeoutException | The system timed out while trying to fulfill the request. |
| InvalidArnException | The request was rejected because a specified ARN was not valid. |
| KMSInternalException | An internal error occurred. |
| KMSInvalidStateException | The request was rejected because the key state is not valid for this operation. |
| NotFoundException | The request was rejected because the specified entity or resource could not be found. |
Permissions
To use the ScheduleKeyDeletion operation, you must have the following permissions:
kms:ScheduleKeyDeletionon the KMS key (specified in the policy)
Try It Out
Test ScheduleKeyDeletion
Schedule a KMS key for deletion.
Coming Soon
This feature is currently under development and will be available soon.