Item State

Set Item State

AES and RSA keys support different states - Enabled, Disabled, Pending Deletion.
Users can update an item state to be either Enabled or Disabled.
When a user tries to delete an item, it will be put into Pending Deletion.
By default all newly created keys are in an Enabled state.
Any keys that are not in an Enabled state cannot be used for any cryptographic operations - Encrypt or Decrypt. This includes putting a key that is protecting a different item in the system into a Disabled or Pending Deletion state will fail.

🚧

WARNING

If you are using Encryption-as-a-Service (EaaS), Akeyless cannot track the keys usage, hence placing a key that encrypts other secrets into Disabled or Pending Deletion in that case will succeed.

The following state machine applies:

  • CLI
    The following parameters are supported:
    • -n,--name - The item name
    • --version - Set a version state of a specific item (i.e. after a rotate-key operation, cannot be the last item version)
    • -s,--desired-state - The state you want to change

Examples

Prerequisite - key1 is created:

$ akeyless create-key -n key1 --alg AES256GCM
=====================
Encryption Key Fragement #1 created succsessfully in 13 milliseconds
Encryption Key Fragement #2 created succsessfully in 14 milliseconds
Encryption Key Fragement #3 created succsessfully in 14 milliseconds
=====================
A new AES256GCM key named key1 was successfully created

Example 1 - Setting key1 state to Disabled:

$ akeyless set-item-state -n key1 -s disabled
Item key1 state was successfully set to disabled

Example 2 - Setting key1 state back to Enabled:

$ akeyless set-item-state -n key1 -s enabled
Item key1 state was successfully set to enabled

Example 3 - Canceling key1 deletion:

$ akeyless delete-item -n key1 --delete-in-days=30
Item key1 set to be deleted on 2020-01-30 08:05:00 +0000 UTC

$ akeyless set-item-state -n key1 -s disabled
Item key1 state was successfully set to disabled
  • UI
    Example 1 - Setting key1 state to Disabled (Canceling deletion):

Example 2 - Setting key1 state back to Enabled:

Example 3 - key1 deletion date:


Did this page help you?