- Categories:
System functions (System Information)
SYSTEM$GET_CMK_INFO¶
Returns the status of your customer-managed key (CMK) for use with Tri-Secret Secure.
Syntax¶
SYSTEM$GET_CMK_INFO()
Returns¶
Returns a status message indicating the state of your CMK. The output includes the values that you specified when calling SYSTEM$REGISTER_CMK_INFO. If you have enabled private connectivity, the staus message returned by SYSTEM$GET_CMK_INFO includes whether your CMK is privately connected.
The following messages are possible, using CMKs on Amazon Web Services as a representative example:
Your CMK is registered, but not yet enabled, to use Tri-Secret Secure:
CMK with ARN: arn:aws:kms:us-west-2:736112632310:key/ceab36e4-f0e5-4b46-9a78-86e8f17a0f59 is pre-registered for Tri-Secret Secure.
Your CMK is activated and in use with Tri-Secret Secure:
CMK with ARN: arn:aws:kms:us-west-2:736112632310:key/ceab36e4-f0e5-4b46-9a78-86e8f17a0f59 is activated for Tri-Secret Secure.
You have an active CMK, but you just pre-registered a new key:
CMK with ARN: arn:aws:kms:us-west-2:736112632310:key/ceab36e4-f0e5-4b46-9a78-86e8f17a0f59 is activated with Tri-Secret Secure, but CMK with ARN: arn:aws:kms:us-west-2:481048248138:key/e08cb6c0-7c09-4f37-8e55-e395a12fe965 is pre-registered for Tri-Secret Secure.
You have an active key, but have not registered any CMK to use Tri-Secret Secure:
CMK info has not been pre-registered in this account yet, but CMK arn:aws:kms:us-west-2:736112632310:key/ceab36e4-f0e5-4b46-9a78-86e8f17a0f59 is activated with Tri-Secret Secure.
You have not registered any CMK to use Tri-Secret Secure:
CMK info has not been pre-registered in this account yet.
Your active CMK is registered with private connectivity enabled.
CMK with ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab with PrivateLink enabled is activated for Tri-Secret Secure.
Your active CMK is registered with private connectivity not enabled.
CMK with ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab is activated for Tri-Secret Secure.
Access control requirements¶
Only account administrators (users with the ACCOUNTADMIN role) or a role that is granted the MONITOR SECURITY privilege can call this function.
Examples¶
Obtain the status CMK for your Snowflake account:
SELECT SYSTEM$GET_CMK_INFO();