aws-sdk-kms 1.29.0 → 1.34.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/lib/aws-sdk-kms.rb +7 -4
- data/lib/aws-sdk-kms/client.rb +243 -141
- data/lib/aws-sdk-kms/client_api.rb +3 -0
- data/lib/aws-sdk-kms/errors.rb +55 -33
- data/lib/aws-sdk-kms/resource.rb +1 -0
- data/lib/aws-sdk-kms/types.rb +165 -100
- metadata +5 -5
@@ -1032,6 +1032,7 @@ module Aws::KMS
|
|
1032
1032
|
o.errors << Shapes::ShapeRef.new(shape: InvalidGrantTokenException)
|
1033
1033
|
o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
|
1034
1034
|
o.errors << Shapes::ShapeRef.new(shape: KMSInvalidStateException)
|
1035
|
+
o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
|
1035
1036
|
end)
|
1036
1037
|
|
1037
1038
|
api.add_operation(:generate_data_key_pair_without_plaintext, Seahorse::Model::Operation.new.tap do |o|
|
@@ -1048,6 +1049,7 @@ module Aws::KMS
|
|
1048
1049
|
o.errors << Shapes::ShapeRef.new(shape: InvalidGrantTokenException)
|
1049
1050
|
o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
|
1050
1051
|
o.errors << Shapes::ShapeRef.new(shape: KMSInvalidStateException)
|
1052
|
+
o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
|
1051
1053
|
end)
|
1052
1054
|
|
1053
1055
|
api.add_operation(:generate_data_key_without_plaintext, Seahorse::Model::Operation.new.tap do |o|
|
@@ -1387,6 +1389,7 @@ module Aws::KMS
|
|
1387
1389
|
o.errors << Shapes::ShapeRef.new(shape: DependencyTimeoutException)
|
1388
1390
|
o.errors << Shapes::ShapeRef.new(shape: NotFoundException)
|
1389
1391
|
o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
|
1392
|
+
o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
|
1390
1393
|
o.errors << Shapes::ShapeRef.new(shape: KMSInvalidStateException)
|
1391
1394
|
end)
|
1392
1395
|
|
data/lib/aws-sdk-kms/errors.rb
CHANGED
@@ -6,6 +6,61 @@
|
|
6
6
|
# WARNING ABOUT GENERATED CODE
|
7
7
|
|
8
8
|
module Aws::KMS
|
9
|
+
|
10
|
+
# When KMS returns an error response, the Ruby SDK constructs and raises an error.
|
11
|
+
# These errors all extend Aws::KMS::Errors::ServiceError < {Aws::Errors::ServiceError}
|
12
|
+
#
|
13
|
+
# You can rescue all KMS errors using ServiceError:
|
14
|
+
#
|
15
|
+
# begin
|
16
|
+
# # do stuff
|
17
|
+
# rescue Aws::KMS::Errors::ServiceError
|
18
|
+
# # rescues all KMS API errors
|
19
|
+
# end
|
20
|
+
#
|
21
|
+
#
|
22
|
+
# ## Request Context
|
23
|
+
# ServiceError objects have a {Aws::Errors::ServiceError#context #context} method that returns
|
24
|
+
# information about the request that generated the error.
|
25
|
+
# See {Seahorse::Client::RequestContext} for more information.
|
26
|
+
#
|
27
|
+
# ## Error Classes
|
28
|
+
# * {AlreadyExistsException}
|
29
|
+
# * {CloudHsmClusterInUseException}
|
30
|
+
# * {CloudHsmClusterInvalidConfigurationException}
|
31
|
+
# * {CloudHsmClusterNotActiveException}
|
32
|
+
# * {CloudHsmClusterNotFoundException}
|
33
|
+
# * {CloudHsmClusterNotRelatedException}
|
34
|
+
# * {CustomKeyStoreHasCMKsException}
|
35
|
+
# * {CustomKeyStoreInvalidStateException}
|
36
|
+
# * {CustomKeyStoreNameInUseException}
|
37
|
+
# * {CustomKeyStoreNotFoundException}
|
38
|
+
# * {DependencyTimeoutException}
|
39
|
+
# * {DisabledException}
|
40
|
+
# * {ExpiredImportTokenException}
|
41
|
+
# * {IncorrectKeyException}
|
42
|
+
# * {IncorrectKeyMaterialException}
|
43
|
+
# * {IncorrectTrustAnchorException}
|
44
|
+
# * {InvalidAliasNameException}
|
45
|
+
# * {InvalidArnException}
|
46
|
+
# * {InvalidCiphertextException}
|
47
|
+
# * {InvalidGrantIdException}
|
48
|
+
# * {InvalidGrantTokenException}
|
49
|
+
# * {InvalidImportTokenException}
|
50
|
+
# * {InvalidKeyUsageException}
|
51
|
+
# * {InvalidMarkerException}
|
52
|
+
# * {KMSInternalException}
|
53
|
+
# * {KMSInvalidSignatureException}
|
54
|
+
# * {KMSInvalidStateException}
|
55
|
+
# * {KeyUnavailableException}
|
56
|
+
# * {LimitExceededException}
|
57
|
+
# * {MalformedPolicyDocumentException}
|
58
|
+
# * {NotFoundException}
|
59
|
+
# * {TagException}
|
60
|
+
# * {UnsupportedOperationException}
|
61
|
+
#
|
62
|
+
# Additionally, error classes are dynamically generated for service errors based on the error code
|
63
|
+
# if they are not defined above.
|
9
64
|
module Errors
|
10
65
|
|
11
66
|
extend Aws::Errors::DynamicErrors
|
@@ -23,7 +78,6 @@ module Aws::KMS
|
|
23
78
|
def message
|
24
79
|
@message || @data[:message]
|
25
80
|
end
|
26
|
-
|
27
81
|
end
|
28
82
|
|
29
83
|
class CloudHsmClusterInUseException < ServiceError
|
@@ -39,7 +93,6 @@ module Aws::KMS
|
|
39
93
|
def message
|
40
94
|
@message || @data[:message]
|
41
95
|
end
|
42
|
-
|
43
96
|
end
|
44
97
|
|
45
98
|
class CloudHsmClusterInvalidConfigurationException < ServiceError
|
@@ -55,7 +108,6 @@ module Aws::KMS
|
|
55
108
|
def message
|
56
109
|
@message || @data[:message]
|
57
110
|
end
|
58
|
-
|
59
111
|
end
|
60
112
|
|
61
113
|
class CloudHsmClusterNotActiveException < ServiceError
|
@@ -71,7 +123,6 @@ module Aws::KMS
|
|
71
123
|
def message
|
72
124
|
@message || @data[:message]
|
73
125
|
end
|
74
|
-
|
75
126
|
end
|
76
127
|
|
77
128
|
class CloudHsmClusterNotFoundException < ServiceError
|
@@ -87,7 +138,6 @@ module Aws::KMS
|
|
87
138
|
def message
|
88
139
|
@message || @data[:message]
|
89
140
|
end
|
90
|
-
|
91
141
|
end
|
92
142
|
|
93
143
|
class CloudHsmClusterNotRelatedException < ServiceError
|
@@ -103,7 +153,6 @@ module Aws::KMS
|
|
103
153
|
def message
|
104
154
|
@message || @data[:message]
|
105
155
|
end
|
106
|
-
|
107
156
|
end
|
108
157
|
|
109
158
|
class CustomKeyStoreHasCMKsException < ServiceError
|
@@ -119,7 +168,6 @@ module Aws::KMS
|
|
119
168
|
def message
|
120
169
|
@message || @data[:message]
|
121
170
|
end
|
122
|
-
|
123
171
|
end
|
124
172
|
|
125
173
|
class CustomKeyStoreInvalidStateException < ServiceError
|
@@ -135,7 +183,6 @@ module Aws::KMS
|
|
135
183
|
def message
|
136
184
|
@message || @data[:message]
|
137
185
|
end
|
138
|
-
|
139
186
|
end
|
140
187
|
|
141
188
|
class CustomKeyStoreNameInUseException < ServiceError
|
@@ -151,7 +198,6 @@ module Aws::KMS
|
|
151
198
|
def message
|
152
199
|
@message || @data[:message]
|
153
200
|
end
|
154
|
-
|
155
201
|
end
|
156
202
|
|
157
203
|
class CustomKeyStoreNotFoundException < ServiceError
|
@@ -167,7 +213,6 @@ module Aws::KMS
|
|
167
213
|
def message
|
168
214
|
@message || @data[:message]
|
169
215
|
end
|
170
|
-
|
171
216
|
end
|
172
217
|
|
173
218
|
class DependencyTimeoutException < ServiceError
|
@@ -183,7 +228,6 @@ module Aws::KMS
|
|
183
228
|
def message
|
184
229
|
@message || @data[:message]
|
185
230
|
end
|
186
|
-
|
187
231
|
end
|
188
232
|
|
189
233
|
class DisabledException < ServiceError
|
@@ -199,7 +243,6 @@ module Aws::KMS
|
|
199
243
|
def message
|
200
244
|
@message || @data[:message]
|
201
245
|
end
|
202
|
-
|
203
246
|
end
|
204
247
|
|
205
248
|
class ExpiredImportTokenException < ServiceError
|
@@ -215,7 +258,6 @@ module Aws::KMS
|
|
215
258
|
def message
|
216
259
|
@message || @data[:message]
|
217
260
|
end
|
218
|
-
|
219
261
|
end
|
220
262
|
|
221
263
|
class IncorrectKeyException < ServiceError
|
@@ -231,7 +273,6 @@ module Aws::KMS
|
|
231
273
|
def message
|
232
274
|
@message || @data[:message]
|
233
275
|
end
|
234
|
-
|
235
276
|
end
|
236
277
|
|
237
278
|
class IncorrectKeyMaterialException < ServiceError
|
@@ -247,7 +288,6 @@ module Aws::KMS
|
|
247
288
|
def message
|
248
289
|
@message || @data[:message]
|
249
290
|
end
|
250
|
-
|
251
291
|
end
|
252
292
|
|
253
293
|
class IncorrectTrustAnchorException < ServiceError
|
@@ -263,7 +303,6 @@ module Aws::KMS
|
|
263
303
|
def message
|
264
304
|
@message || @data[:message]
|
265
305
|
end
|
266
|
-
|
267
306
|
end
|
268
307
|
|
269
308
|
class InvalidAliasNameException < ServiceError
|
@@ -279,7 +318,6 @@ module Aws::KMS
|
|
279
318
|
def message
|
280
319
|
@message || @data[:message]
|
281
320
|
end
|
282
|
-
|
283
321
|
end
|
284
322
|
|
285
323
|
class InvalidArnException < ServiceError
|
@@ -295,7 +333,6 @@ module Aws::KMS
|
|
295
333
|
def message
|
296
334
|
@message || @data[:message]
|
297
335
|
end
|
298
|
-
|
299
336
|
end
|
300
337
|
|
301
338
|
class InvalidCiphertextException < ServiceError
|
@@ -311,7 +348,6 @@ module Aws::KMS
|
|
311
348
|
def message
|
312
349
|
@message || @data[:message]
|
313
350
|
end
|
314
|
-
|
315
351
|
end
|
316
352
|
|
317
353
|
class InvalidGrantIdException < ServiceError
|
@@ -327,7 +363,6 @@ module Aws::KMS
|
|
327
363
|
def message
|
328
364
|
@message || @data[:message]
|
329
365
|
end
|
330
|
-
|
331
366
|
end
|
332
367
|
|
333
368
|
class InvalidGrantTokenException < ServiceError
|
@@ -343,7 +378,6 @@ module Aws::KMS
|
|
343
378
|
def message
|
344
379
|
@message || @data[:message]
|
345
380
|
end
|
346
|
-
|
347
381
|
end
|
348
382
|
|
349
383
|
class InvalidImportTokenException < ServiceError
|
@@ -359,7 +393,6 @@ module Aws::KMS
|
|
359
393
|
def message
|
360
394
|
@message || @data[:message]
|
361
395
|
end
|
362
|
-
|
363
396
|
end
|
364
397
|
|
365
398
|
class InvalidKeyUsageException < ServiceError
|
@@ -375,7 +408,6 @@ module Aws::KMS
|
|
375
408
|
def message
|
376
409
|
@message || @data[:message]
|
377
410
|
end
|
378
|
-
|
379
411
|
end
|
380
412
|
|
381
413
|
class InvalidMarkerException < ServiceError
|
@@ -391,7 +423,6 @@ module Aws::KMS
|
|
391
423
|
def message
|
392
424
|
@message || @data[:message]
|
393
425
|
end
|
394
|
-
|
395
426
|
end
|
396
427
|
|
397
428
|
class KMSInternalException < ServiceError
|
@@ -407,7 +438,6 @@ module Aws::KMS
|
|
407
438
|
def message
|
408
439
|
@message || @data[:message]
|
409
440
|
end
|
410
|
-
|
411
441
|
end
|
412
442
|
|
413
443
|
class KMSInvalidSignatureException < ServiceError
|
@@ -423,7 +453,6 @@ module Aws::KMS
|
|
423
453
|
def message
|
424
454
|
@message || @data[:message]
|
425
455
|
end
|
426
|
-
|
427
456
|
end
|
428
457
|
|
429
458
|
class KMSInvalidStateException < ServiceError
|
@@ -439,7 +468,6 @@ module Aws::KMS
|
|
439
468
|
def message
|
440
469
|
@message || @data[:message]
|
441
470
|
end
|
442
|
-
|
443
471
|
end
|
444
472
|
|
445
473
|
class KeyUnavailableException < ServiceError
|
@@ -455,7 +483,6 @@ module Aws::KMS
|
|
455
483
|
def message
|
456
484
|
@message || @data[:message]
|
457
485
|
end
|
458
|
-
|
459
486
|
end
|
460
487
|
|
461
488
|
class LimitExceededException < ServiceError
|
@@ -471,7 +498,6 @@ module Aws::KMS
|
|
471
498
|
def message
|
472
499
|
@message || @data[:message]
|
473
500
|
end
|
474
|
-
|
475
501
|
end
|
476
502
|
|
477
503
|
class MalformedPolicyDocumentException < ServiceError
|
@@ -487,7 +513,6 @@ module Aws::KMS
|
|
487
513
|
def message
|
488
514
|
@message || @data[:message]
|
489
515
|
end
|
490
|
-
|
491
516
|
end
|
492
517
|
|
493
518
|
class NotFoundException < ServiceError
|
@@ -503,7 +528,6 @@ module Aws::KMS
|
|
503
528
|
def message
|
504
529
|
@message || @data[:message]
|
505
530
|
end
|
506
|
-
|
507
531
|
end
|
508
532
|
|
509
533
|
class TagException < ServiceError
|
@@ -519,7 +543,6 @@ module Aws::KMS
|
|
519
543
|
def message
|
520
544
|
@message || @data[:message]
|
521
545
|
end
|
522
|
-
|
523
546
|
end
|
524
547
|
|
525
548
|
class UnsupportedOperationException < ServiceError
|
@@ -535,7 +558,6 @@ module Aws::KMS
|
|
535
558
|
def message
|
536
559
|
@message || @data[:message]
|
537
560
|
end
|
538
|
-
|
539
561
|
end
|
540
562
|
|
541
563
|
end
|
data/lib/aws-sdk-kms/resource.rb
CHANGED
data/lib/aws-sdk-kms/types.rb
CHANGED
@@ -76,8 +76,12 @@ module Aws::KMS
|
|
76
76
|
end
|
77
77
|
|
78
78
|
# @!attribute [rw] key_id
|
79
|
-
# The
|
79
|
+
# The Amazon Resource Name ([key ARN][1]) of the CMK whose deletion is
|
80
80
|
# canceled.
|
81
|
+
#
|
82
|
+
#
|
83
|
+
#
|
84
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
81
85
|
# @return [String]
|
82
86
|
#
|
83
87
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CancelKeyDeletionResponse AWS API Documentation
|
@@ -433,15 +437,16 @@ module Aws::KMS
|
|
433
437
|
# @return [Array<String>]
|
434
438
|
#
|
435
439
|
# @!attribute [rw] constraints
|
436
|
-
# Allows a cryptographic operation only when the encryption
|
437
|
-
# matches or includes the encryption context specified in this
|
440
|
+
# Allows a [cryptographic operation][1] only when the encryption
|
441
|
+
# context matches or includes the encryption context specified in this
|
438
442
|
# structure. For more information about encryption context, see
|
439
|
-
# [Encryption Context][
|
443
|
+
# [Encryption Context][2] in the <i> <i>AWS Key Management Service
|
440
444
|
# Developer Guide</i> </i>.
|
441
445
|
#
|
442
446
|
#
|
443
447
|
#
|
444
|
-
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#
|
448
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
|
449
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
445
450
|
# @return [Types::GrantConstraints]
|
446
451
|
#
|
447
452
|
# @!attribute [rw] grant_tokens
|
@@ -575,8 +580,8 @@ module Aws::KMS
|
|
575
580
|
# @return [String]
|
576
581
|
#
|
577
582
|
# @!attribute [rw] key_usage
|
578
|
-
# Determines the cryptographic operations for which you can use
|
579
|
-
# CMK. The default value is `ENCRYPT_DECRYPT`. This parameter is
|
583
|
+
# Determines the [cryptographic operations][1] for which you can use
|
584
|
+
# the CMK. The default value is `ENCRYPT_DECRYPT`. This parameter is
|
580
585
|
# required only for asymmetric CMKs. You can't change the `KeyUsage`
|
581
586
|
# value after the CMK is created.
|
582
587
|
#
|
@@ -589,6 +594,10 @@ module Aws::KMS
|
|
589
594
|
# `ENCRYPT_DECRYPT` or `SIGN_VERIFY`.
|
590
595
|
#
|
591
596
|
# * For asymmetric CMKs with ECC key material, specify `SIGN_VERIFY`.
|
597
|
+
#
|
598
|
+
#
|
599
|
+
#
|
600
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
|
592
601
|
# @return [String]
|
593
602
|
#
|
594
603
|
# @!attribute [rw] customer_master_key_spec
|
@@ -922,12 +931,13 @@ module Aws::KMS
|
|
922
931
|
#
|
923
932
|
# * `SUBNET_NOT_FOUND` - A subnet in the AWS CloudHSM cluster
|
924
933
|
# configuration was deleted. If AWS KMS cannot find all of the
|
925
|
-
# subnets
|
926
|
-
# store
|
927
|
-
# create a cluster from a backup and associate it with
|
928
|
-
# key store. This process
|
929
|
-
#
|
930
|
-
#
|
934
|
+
# subnets in the cluster configuration, attempts to connect the
|
935
|
+
# custom key store to the AWS CloudHSM cluster fail. To fix this
|
936
|
+
# error, create a cluster from a recent backup and associate it with
|
937
|
+
# your custom key store. (This process creates a new cluster
|
938
|
+
# configuration with a VPC and private subnets.) For details, see
|
939
|
+
# [How to Fix a Connection Failure][1] in the *AWS Key Management
|
940
|
+
# Service Developer Guide*.
|
931
941
|
#
|
932
942
|
# * `USER_LOCKED_OUT` - The `kmsuser` CU account is locked out of the
|
933
943
|
# associated AWS CloudHSM cluster due to too many failed password
|
@@ -993,9 +1003,9 @@ module Aws::KMS
|
|
993
1003
|
#
|
994
1004
|
# @!attribute [rw] encryption_context
|
995
1005
|
# Specifies the encryption context to use when decrypting the data. An
|
996
|
-
# encryption context is valid only for cryptographic operations
|
997
|
-
# symmetric CMK. The standard asymmetric encryption algorithms
|
998
|
-
# AWS KMS uses do not support an encryption context.
|
1006
|
+
# encryption context is valid only for [cryptographic operations][1]
|
1007
|
+
# with a symmetric CMK. The standard asymmetric encryption algorithms
|
1008
|
+
# that AWS KMS uses do not support an encryption context.
|
999
1009
|
#
|
1000
1010
|
# An *encryption context* is a collection of non-secret key-value
|
1001
1011
|
# pairs that represents additional authenticated data. When you use an
|
@@ -1004,12 +1014,13 @@ module Aws::KMS
|
|
1004
1014
|
# An encryption context is optional when encrypting with a symmetric
|
1005
1015
|
# CMK, but it is highly recommended.
|
1006
1016
|
#
|
1007
|
-
# For more information, see [Encryption Context][
|
1017
|
+
# For more information, see [Encryption Context][2] in the *AWS Key
|
1008
1018
|
# Management Service Developer Guide*.
|
1009
1019
|
#
|
1010
1020
|
#
|
1011
1021
|
#
|
1012
|
-
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#
|
1022
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
|
1023
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
1013
1024
|
# @return [Hash<String,String>]
|
1014
1025
|
#
|
1015
1026
|
# @!attribute [rw] grant_tokens
|
@@ -1081,8 +1092,12 @@ module Aws::KMS
|
|
1081
1092
|
end
|
1082
1093
|
|
1083
1094
|
# @!attribute [rw] key_id
|
1084
|
-
# The ARN of the
|
1085
|
-
#
|
1095
|
+
# The Amazon Resource Name ([key ARN][1]) of the CMK that was used to
|
1096
|
+
# decrypt the ciphertext.
|
1097
|
+
#
|
1098
|
+
#
|
1099
|
+
#
|
1100
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
1086
1101
|
# @return [String]
|
1087
1102
|
#
|
1088
1103
|
# @!attribute [rw] plaintext
|
@@ -1547,9 +1562,10 @@ module Aws::KMS
|
|
1547
1562
|
#
|
1548
1563
|
# @!attribute [rw] encryption_context
|
1549
1564
|
# Specifies the encryption context that will be used to encrypt the
|
1550
|
-
# data. An encryption context is valid only for cryptographic
|
1551
|
-
# operations with a symmetric CMK. The standard asymmetric
|
1552
|
-
# algorithms that AWS KMS uses do not support an encryption
|
1565
|
+
# data. An encryption context is valid only for [cryptographic
|
1566
|
+
# operations][1] with a symmetric CMK. The standard asymmetric
|
1567
|
+
# encryption algorithms that AWS KMS uses do not support an encryption
|
1568
|
+
# context.
|
1553
1569
|
#
|
1554
1570
|
# An *encryption context* is a collection of non-secret key-value
|
1555
1571
|
# pairs that represents additional authenticated data. When you use an
|
@@ -1558,12 +1574,13 @@ module Aws::KMS
|
|
1558
1574
|
# An encryption context is optional when encrypting with a symmetric
|
1559
1575
|
# CMK, but it is highly recommended.
|
1560
1576
|
#
|
1561
|
-
# For more information, see [Encryption Context][
|
1577
|
+
# For more information, see [Encryption Context][2] in the *AWS Key
|
1562
1578
|
# Management Service Developer Guide*.
|
1563
1579
|
#
|
1564
1580
|
#
|
1565
1581
|
#
|
1566
|
-
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#
|
1582
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
|
1583
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
1567
1584
|
# @return [Hash<String,String>]
|
1568
1585
|
#
|
1569
1586
|
# @!attribute [rw] grant_tokens
|
@@ -1605,7 +1622,12 @@ module Aws::KMS
|
|
1605
1622
|
# @return [String]
|
1606
1623
|
#
|
1607
1624
|
# @!attribute [rw] key_id
|
1608
|
-
# The
|
1625
|
+
# The Amazon Resource Name ([key ARN][1]) of the CMK that was used to
|
1626
|
+
# encrypt the plaintext.
|
1627
|
+
#
|
1628
|
+
#
|
1629
|
+
#
|
1630
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
1609
1631
|
# @return [String]
|
1610
1632
|
#
|
1611
1633
|
# @!attribute [rw] encryption_algorithm
|
@@ -1669,7 +1691,9 @@ module Aws::KMS
|
|
1669
1691
|
#
|
1670
1692
|
# @!attribute [rw] key_id
|
1671
1693
|
# Specifies the symmetric CMK that encrypts the private key in the
|
1672
|
-
# data key pair. You cannot specify an asymmetric
|
1694
|
+
# data key pair. You cannot specify an asymmetric CMK or a CMK in a
|
1695
|
+
# custom key store. To get the type and origin of your CMK, use the
|
1696
|
+
# DescribeKey operation.
|
1673
1697
|
#
|
1674
1698
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
1675
1699
|
# name, or alias ARN. When using an alias name, prefix it with
|
@@ -1738,7 +1762,12 @@ module Aws::KMS
|
|
1738
1762
|
# @return [String]
|
1739
1763
|
#
|
1740
1764
|
# @!attribute [rw] key_id
|
1741
|
-
# The
|
1765
|
+
# The Amazon Resource Name ([key ARN][1]) of the CMK that encrypted
|
1766
|
+
# the private key.
|
1767
|
+
#
|
1768
|
+
#
|
1769
|
+
#
|
1770
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
1742
1771
|
# @return [String]
|
1743
1772
|
#
|
1744
1773
|
# @!attribute [rw] key_pair_spec
|
@@ -1790,7 +1819,8 @@ module Aws::KMS
|
|
1790
1819
|
# @!attribute [rw] key_id
|
1791
1820
|
# Specifies the CMK that encrypts the private key in the data key
|
1792
1821
|
# pair. You must specify a symmetric CMK. You cannot use an asymmetric
|
1793
|
-
# CMK. To get the type
|
1822
|
+
# CMK or a CMK in a custom key store. To get the type and origin of
|
1823
|
+
# your CMK, use the DescribeKey operation.
|
1794
1824
|
#
|
1795
1825
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
1796
1826
|
# name, or alias ARN. When using an alias name, prefix it with
|
@@ -1852,27 +1882,12 @@ module Aws::KMS
|
|
1852
1882
|
# @return [String]
|
1853
1883
|
#
|
1854
1884
|
# @!attribute [rw] key_id
|
1855
|
-
#
|
1856
|
-
#
|
1857
|
-
# CMK. To get the type of your CMK, use the DescribeKey operation.
|
1885
|
+
# The Amazon Resource Name ([key ARN][1]) of the CMK that encrypted
|
1886
|
+
# the private key.
|
1858
1887
|
#
|
1859
|
-
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
1860
|
-
# name, or alias ARN. When using an alias name, prefix it with
|
1861
|
-
# `"alias/"`.
|
1862
1888
|
#
|
1863
|
-
# For example:
|
1864
1889
|
#
|
1865
|
-
#
|
1866
|
-
#
|
1867
|
-
# * Key ARN:
|
1868
|
-
# `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
|
1869
|
-
#
|
1870
|
-
# * Alias name: `alias/ExampleAlias`
|
1871
|
-
#
|
1872
|
-
# * Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`
|
1873
|
-
#
|
1874
|
-
# To get the key ID and key ARN for a CMK, use ListKeys or
|
1875
|
-
# DescribeKey. To get the alias name and alias ARN, use ListAliases.
|
1890
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
1876
1891
|
# @return [String]
|
1877
1892
|
#
|
1878
1893
|
# @!attribute [rw] key_pair_spec
|
@@ -1999,7 +2014,12 @@ module Aws::KMS
|
|
1999
2014
|
# @return [String]
|
2000
2015
|
#
|
2001
2016
|
# @!attribute [rw] key_id
|
2002
|
-
# The
|
2017
|
+
# The Amazon Resource Name ([key ARN][1]) of the CMK that encrypted
|
2018
|
+
# the data key.
|
2019
|
+
#
|
2020
|
+
#
|
2021
|
+
#
|
2022
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
2003
2023
|
# @return [String]
|
2004
2024
|
#
|
2005
2025
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyResponse AWS API Documentation
|
@@ -2107,7 +2127,12 @@ module Aws::KMS
|
|
2107
2127
|
# @return [String]
|
2108
2128
|
#
|
2109
2129
|
# @!attribute [rw] key_id
|
2110
|
-
# The
|
2130
|
+
# The Amazon Resource Name ([key ARN][1]) of the CMK that encrypted
|
2131
|
+
# the data key.
|
2132
|
+
#
|
2133
|
+
#
|
2134
|
+
#
|
2135
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
2111
2136
|
# @return [String]
|
2112
2137
|
#
|
2113
2138
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintextResponse AWS API Documentation
|
@@ -2302,9 +2327,13 @@ module Aws::KMS
|
|
2302
2327
|
end
|
2303
2328
|
|
2304
2329
|
# @!attribute [rw] key_id
|
2305
|
-
# The
|
2306
|
-
# request. This is the same CMK specified
|
2307
|
-
# `GetParametersForImport` request.
|
2330
|
+
# The Amazon Resource Name ([key ARN][1]) of the CMK to use in a
|
2331
|
+
# subsequent ImportKeyMaterial request. This is the same CMK specified
|
2332
|
+
# in the `GetParametersForImport` request.
|
2333
|
+
#
|
2334
|
+
#
|
2335
|
+
#
|
2336
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
2308
2337
|
# @return [String]
|
2309
2338
|
#
|
2310
2339
|
# @!attribute [rw] import_token
|
@@ -2384,8 +2413,12 @@ module Aws::KMS
|
|
2384
2413
|
end
|
2385
2414
|
|
2386
2415
|
# @!attribute [rw] key_id
|
2387
|
-
# The
|
2388
|
-
# downloaded.
|
2416
|
+
# The Amazon Resource Name ([key ARN][1]) of the asymmetric CMK from
|
2417
|
+
# which the public key was downloaded.
|
2418
|
+
#
|
2419
|
+
#
|
2420
|
+
#
|
2421
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
2389
2422
|
# @return [String]
|
2390
2423
|
#
|
2391
2424
|
# @!attribute [rw] public_key
|
@@ -2446,26 +2479,16 @@ module Aws::KMS
|
|
2446
2479
|
include Aws::Structure
|
2447
2480
|
end
|
2448
2481
|
|
2449
|
-
# Use this structure to allow cryptographic operations in the grant
|
2450
|
-
# when the operation request includes the specified [encryption
|
2451
|
-
# context][
|
2452
|
-
#
|
2453
|
-
# AWS KMS applies the grant constraints only when the grant allows a
|
2454
|
-
# cryptographic operation that accepts an encryption context as input,
|
2455
|
-
# such as the following.
|
2456
|
-
#
|
2457
|
-
# * Encrypt
|
2482
|
+
# Use this structure to allow [cryptographic operations][1] in the grant
|
2483
|
+
# only when the operation request includes the specified [encryption
|
2484
|
+
# context][2].
|
2458
2485
|
#
|
2459
|
-
#
|
2460
|
-
#
|
2461
|
-
#
|
2462
|
-
#
|
2463
|
-
#
|
2464
|
-
#
|
2465
|
-
# * ReEncrypt
|
2466
|
-
#
|
2467
|
-
# AWS KMS does not apply the grant constraints to other operations, such
|
2468
|
-
# as DescribeKey or ScheduleKeyDeletion.
|
2486
|
+
# AWS KMS applies the grant constraints only to cryptographic operations
|
2487
|
+
# that support an encryption context, that is, all cryptographic
|
2488
|
+
# operations with a [symmetric CMK][3]. Grant constraints are not
|
2489
|
+
# applied to operations that do not support an encryption context, such
|
2490
|
+
# as cryptographic operations with asymmetric CMKs and management
|
2491
|
+
# operations, such as DescribeKey or ScheduleKeyDeletion.
|
2469
2492
|
#
|
2470
2493
|
# In a cryptographic operation, the encryption context in the decryption
|
2471
2494
|
# operation must be an exact, case-sensitive match for the keys and
|
@@ -2479,13 +2502,15 @@ module Aws::KMS
|
|
2479
2502
|
# differ only by case. To require a fully case-sensitive encryption
|
2480
2503
|
# context, use the `kms:EncryptionContext:` and
|
2481
2504
|
# `kms:EncryptionContextKeys` conditions in an IAM or key policy. For
|
2482
|
-
# details, see [kms:EncryptionContext:][
|
2505
|
+
# details, see [kms:EncryptionContext:][4] in the <i> <i>AWS Key
|
2483
2506
|
# Management Service Developer Guide</i> </i>.
|
2484
2507
|
#
|
2485
2508
|
#
|
2486
2509
|
#
|
2487
|
-
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#
|
2488
|
-
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/
|
2510
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
|
2511
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
2512
|
+
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#symmetric-cmks
|
2513
|
+
# [4]: https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-context
|
2489
2514
|
#
|
2490
2515
|
# @note When making an API call, you may pass GrantConstraints
|
2491
2516
|
# data as a hash:
|
@@ -2501,17 +2526,25 @@ module Aws::KMS
|
|
2501
2526
|
#
|
2502
2527
|
# @!attribute [rw] encryption_context_subset
|
2503
2528
|
# A list of key-value pairs that must be included in the encryption
|
2504
|
-
# context of the cryptographic operation request. The grant
|
2505
|
-
# cryptographic operation only when the encryption context
|
2506
|
-
# request includes the key-value pairs specified in this
|
2507
|
-
# although it can include additional key-value pairs.
|
2529
|
+
# context of the [cryptographic operation][1] request. The grant
|
2530
|
+
# allows the cryptographic operation only when the encryption context
|
2531
|
+
# in the request includes the key-value pairs specified in this
|
2532
|
+
# constraint, although it can include additional key-value pairs.
|
2533
|
+
#
|
2534
|
+
#
|
2535
|
+
#
|
2536
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
|
2508
2537
|
# @return [Hash<String,String>]
|
2509
2538
|
#
|
2510
2539
|
# @!attribute [rw] encryption_context_equals
|
2511
2540
|
# A list of key-value pairs that must match the encryption context in
|
2512
|
-
# the cryptographic operation request. The grant allows the
|
2513
|
-
# only when the encryption context in the request is the
|
2514
|
-
# encryption context specified in this constraint.
|
2541
|
+
# the [cryptographic operation][1] request. The grant allows the
|
2542
|
+
# operation only when the encryption context in the request is the
|
2543
|
+
# same as the encryption context specified in this constraint.
|
2544
|
+
#
|
2545
|
+
#
|
2546
|
+
#
|
2547
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
|
2515
2548
|
# @return [Hash<String,String>]
|
2516
2549
|
#
|
2517
2550
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GrantConstraints AWS API Documentation
|
@@ -2522,7 +2555,7 @@ module Aws::KMS
|
|
2522
2555
|
include Aws::Structure
|
2523
2556
|
end
|
2524
2557
|
|
2525
|
-
# Contains information about
|
2558
|
+
# Contains information about a grant.
|
2526
2559
|
#
|
2527
2560
|
# @!attribute [rw] key_id
|
2528
2561
|
# The unique identifier for the customer master key (CMK) to which the
|
@@ -2544,7 +2577,18 @@ module Aws::KMS
|
|
2544
2577
|
# @return [Time]
|
2545
2578
|
#
|
2546
2579
|
# @!attribute [rw] grantee_principal
|
2547
|
-
# The
|
2580
|
+
# The identity that gets the permissions in the grant.
|
2581
|
+
#
|
2582
|
+
# The `GranteePrincipal` field in the `ListGrants` response usually
|
2583
|
+
# contains the user or role designated as the grantee principal in the
|
2584
|
+
# grant. However, when the grantee principal in the grant is an AWS
|
2585
|
+
# service, the `GranteePrincipal` field contains the [service
|
2586
|
+
# principal][1], which might represent several different grantee
|
2587
|
+
# principals.
|
2588
|
+
#
|
2589
|
+
#
|
2590
|
+
#
|
2591
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services
|
2548
2592
|
# @return [String]
|
2549
2593
|
#
|
2550
2594
|
# @!attribute [rw] retiring_principal
|
@@ -2930,15 +2974,19 @@ module Aws::KMS
|
|
2930
2974
|
# @return [String]
|
2931
2975
|
#
|
2932
2976
|
# @!attribute [rw] key_usage
|
2933
|
-
# The cryptographic operations for which you can use the CMK.
|
2977
|
+
# The [cryptographic operations][1] for which you can use the CMK.
|
2978
|
+
#
|
2979
|
+
#
|
2980
|
+
#
|
2981
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
|
2934
2982
|
# @return [String]
|
2935
2983
|
#
|
2936
2984
|
# @!attribute [rw] key_state
|
2937
|
-
# The
|
2985
|
+
# The current status of the CMK.
|
2938
2986
|
#
|
2939
2987
|
# For more information about how key state affects the use of a CMK,
|
2940
|
-
# see [
|
2941
|
-
#
|
2988
|
+
# see [Key state: Effect on your CMK][1] in the *AWS Key Management
|
2989
|
+
# Service Developer Guide*.
|
2942
2990
|
#
|
2943
2991
|
#
|
2944
2992
|
#
|
@@ -3011,16 +3059,16 @@ module Aws::KMS
|
|
3011
3059
|
# @return [String]
|
3012
3060
|
#
|
3013
3061
|
# @!attribute [rw] encryption_algorithms
|
3014
|
-
#
|
3015
|
-
#
|
3062
|
+
# The encryption algorithms that the CMK supports. You cannot use the
|
3063
|
+
# CMK with other encryption algorithms within AWS KMS.
|
3016
3064
|
#
|
3017
3065
|
# This field appears only when the `KeyUsage` of the CMK is
|
3018
3066
|
# `ENCRYPT_DECRYPT`.
|
3019
3067
|
# @return [Array<String>]
|
3020
3068
|
#
|
3021
3069
|
# @!attribute [rw] signing_algorithms
|
3022
|
-
#
|
3023
|
-
#
|
3070
|
+
# The signing algorithms that the CMK supports. You cannot use the CMK
|
3071
|
+
# with other signing algorithms within AWS KMS.
|
3024
3072
|
#
|
3025
3073
|
# This field appears only when the `KeyUsage` of the CMK is
|
3026
3074
|
# `SIGN_VERIFY`.
|
@@ -3794,7 +3842,12 @@ module Aws::KMS
|
|
3794
3842
|
# @return [String]
|
3795
3843
|
#
|
3796
3844
|
# @!attribute [rw] key_id
|
3797
|
-
#
|
3845
|
+
# The Amazon Resource Name ([key ARN][1]) of the CMK that was used to
|
3846
|
+
# reencrypt the data.
|
3847
|
+
#
|
3848
|
+
#
|
3849
|
+
#
|
3850
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
3798
3851
|
# @return [String]
|
3799
3852
|
#
|
3800
3853
|
# @!attribute [rw] source_encryption_algorithm
|
@@ -3935,8 +3988,12 @@ module Aws::KMS
|
|
3935
3988
|
end
|
3936
3989
|
|
3937
3990
|
# @!attribute [rw] key_id
|
3938
|
-
# The
|
3939
|
-
#
|
3991
|
+
# The Amazon Resource Name ([key ARN][1]) of the CMK whose deletion is
|
3992
|
+
# scheduled.
|
3993
|
+
#
|
3994
|
+
#
|
3995
|
+
#
|
3996
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
3940
3997
|
# @return [String]
|
3941
3998
|
#
|
3942
3999
|
# @!attribute [rw] deletion_date
|
@@ -4033,8 +4090,12 @@ module Aws::KMS
|
|
4033
4090
|
end
|
4034
4091
|
|
4035
4092
|
# @!attribute [rw] key_id
|
4036
|
-
# The Amazon Resource Name (ARN) of the asymmetric CMK that
|
4037
|
-
# to sign the message.
|
4093
|
+
# The Amazon Resource Name ([key ARN][1]) of the asymmetric CMK that
|
4094
|
+
# was used to sign the message.
|
4095
|
+
#
|
4096
|
+
#
|
4097
|
+
#
|
4098
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
4038
4099
|
# @return [String]
|
4039
4100
|
#
|
4040
4101
|
# @!attribute [rw] signature
|
@@ -4448,8 +4509,12 @@ module Aws::KMS
|
|
4448
4509
|
end
|
4449
4510
|
|
4450
4511
|
# @!attribute [rw] key_id
|
4451
|
-
# The
|
4452
|
-
# the signature.
|
4512
|
+
# The Amazon Resource Name ([key ARN][1]) of the asymmetric CMK that
|
4513
|
+
# was used to verify the signature.
|
4514
|
+
#
|
4515
|
+
#
|
4516
|
+
#
|
4517
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
4453
4518
|
# @return [String]
|
4454
4519
|
#
|
4455
4520
|
# @!attribute [rw] signature_valid
|