aws-sdk-kms 1.32.0 → 1.37.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws-sdk-kms.rb +4 -2
- data/lib/aws-sdk-kms/client.rb +201 -144
- data/lib/aws-sdk-kms/client_api.rb +5 -0
- data/lib/aws-sdk-kms/customizations.rb +1 -0
- data/lib/aws-sdk-kms/errors.rb +2 -0
- data/lib/aws-sdk-kms/resource.rb +2 -0
- data/lib/aws-sdk-kms/types.rb +279 -100
- metadata +4 -4
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
# WARNING ABOUT GENERATED CODE
|
2
4
|
#
|
3
5
|
# This file is generated. See the contributing guide for more information:
|
@@ -1032,6 +1034,7 @@ module Aws::KMS
|
|
1032
1034
|
o.errors << Shapes::ShapeRef.new(shape: InvalidGrantTokenException)
|
1033
1035
|
o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
|
1034
1036
|
o.errors << Shapes::ShapeRef.new(shape: KMSInvalidStateException)
|
1037
|
+
o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
|
1035
1038
|
end)
|
1036
1039
|
|
1037
1040
|
api.add_operation(:generate_data_key_pair_without_plaintext, Seahorse::Model::Operation.new.tap do |o|
|
@@ -1048,6 +1051,7 @@ module Aws::KMS
|
|
1048
1051
|
o.errors << Shapes::ShapeRef.new(shape: InvalidGrantTokenException)
|
1049
1052
|
o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
|
1050
1053
|
o.errors << Shapes::ShapeRef.new(shape: KMSInvalidStateException)
|
1054
|
+
o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
|
1051
1055
|
end)
|
1052
1056
|
|
1053
1057
|
api.add_operation(:generate_data_key_without_plaintext, Seahorse::Model::Operation.new.tap do |o|
|
@@ -1387,6 +1391,7 @@ module Aws::KMS
|
|
1387
1391
|
o.errors << Shapes::ShapeRef.new(shape: DependencyTimeoutException)
|
1388
1392
|
o.errors << Shapes::ShapeRef.new(shape: NotFoundException)
|
1389
1393
|
o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
|
1394
|
+
o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
|
1390
1395
|
o.errors << Shapes::ShapeRef.new(shape: KMSInvalidStateException)
|
1391
1396
|
end)
|
1392
1397
|
|
data/lib/aws-sdk-kms/errors.rb
CHANGED
data/lib/aws-sdk-kms/resource.rb
CHANGED
data/lib/aws-sdk-kms/types.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
# WARNING ABOUT GENERATED CODE
|
2
4
|
#
|
3
5
|
# This file is generated. See the contributing guide for more information:
|
@@ -28,6 +30,7 @@ module Aws::KMS
|
|
28
30
|
:alias_name,
|
29
31
|
:alias_arn,
|
30
32
|
:target_key_id)
|
33
|
+
SENSITIVE = []
|
31
34
|
include Aws::Structure
|
32
35
|
end
|
33
36
|
|
@@ -41,6 +44,7 @@ module Aws::KMS
|
|
41
44
|
#
|
42
45
|
class AlreadyExistsException < Struct.new(
|
43
46
|
:message)
|
47
|
+
SENSITIVE = []
|
44
48
|
include Aws::Structure
|
45
49
|
end
|
46
50
|
|
@@ -72,18 +76,24 @@ module Aws::KMS
|
|
72
76
|
#
|
73
77
|
class CancelKeyDeletionRequest < Struct.new(
|
74
78
|
:key_id)
|
79
|
+
SENSITIVE = []
|
75
80
|
include Aws::Structure
|
76
81
|
end
|
77
82
|
|
78
83
|
# @!attribute [rw] key_id
|
79
|
-
# The
|
84
|
+
# The Amazon Resource Name ([key ARN][1]) of the CMK whose deletion is
|
80
85
|
# canceled.
|
86
|
+
#
|
87
|
+
#
|
88
|
+
#
|
89
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
81
90
|
# @return [String]
|
82
91
|
#
|
83
92
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CancelKeyDeletionResponse AWS API Documentation
|
84
93
|
#
|
85
94
|
class CancelKeyDeletionResponse < Struct.new(
|
86
95
|
:key_id)
|
96
|
+
SENSITIVE = []
|
87
97
|
include Aws::Structure
|
88
98
|
end
|
89
99
|
|
@@ -108,6 +118,7 @@ module Aws::KMS
|
|
108
118
|
#
|
109
119
|
class CloudHsmClusterInUseException < Struct.new(
|
110
120
|
:message)
|
121
|
+
SENSITIVE = []
|
111
122
|
include Aws::Structure
|
112
123
|
end
|
113
124
|
|
@@ -160,6 +171,7 @@ module Aws::KMS
|
|
160
171
|
#
|
161
172
|
class CloudHsmClusterInvalidConfigurationException < Struct.new(
|
162
173
|
:message)
|
174
|
+
SENSITIVE = []
|
163
175
|
include Aws::Structure
|
164
176
|
end
|
165
177
|
|
@@ -180,6 +192,7 @@ module Aws::KMS
|
|
180
192
|
#
|
181
193
|
class CloudHsmClusterNotActiveException < Struct.new(
|
182
194
|
:message)
|
195
|
+
SENSITIVE = []
|
183
196
|
include Aws::Structure
|
184
197
|
end
|
185
198
|
|
@@ -194,6 +207,7 @@ module Aws::KMS
|
|
194
207
|
#
|
195
208
|
class CloudHsmClusterNotFoundException < Struct.new(
|
196
209
|
:message)
|
210
|
+
SENSITIVE = []
|
197
211
|
include Aws::Structure
|
198
212
|
end
|
199
213
|
|
@@ -221,6 +235,7 @@ module Aws::KMS
|
|
221
235
|
#
|
222
236
|
class CloudHsmClusterNotRelatedException < Struct.new(
|
223
237
|
:message)
|
238
|
+
SENSITIVE = []
|
224
239
|
include Aws::Structure
|
225
240
|
end
|
226
241
|
|
@@ -241,6 +256,7 @@ module Aws::KMS
|
|
241
256
|
#
|
242
257
|
class ConnectCustomKeyStoreRequest < Struct.new(
|
243
258
|
:custom_key_store_id)
|
259
|
+
SENSITIVE = []
|
244
260
|
include Aws::Structure
|
245
261
|
end
|
246
262
|
|
@@ -280,6 +296,7 @@ module Aws::KMS
|
|
280
296
|
class CreateAliasRequest < Struct.new(
|
281
297
|
:alias_name,
|
282
298
|
:target_key_id)
|
299
|
+
SENSITIVE = []
|
283
300
|
include Aws::Structure
|
284
301
|
end
|
285
302
|
|
@@ -342,6 +359,7 @@ module Aws::KMS
|
|
342
359
|
:cloud_hsm_cluster_id,
|
343
360
|
:trust_anchor_certificate,
|
344
361
|
:key_store_password)
|
362
|
+
SENSITIVE = [:key_store_password]
|
345
363
|
include Aws::Structure
|
346
364
|
end
|
347
365
|
|
@@ -353,6 +371,7 @@ module Aws::KMS
|
|
353
371
|
#
|
354
372
|
class CreateCustomKeyStoreResponse < Struct.new(
|
355
373
|
:custom_key_store_id)
|
374
|
+
SENSITIVE = []
|
356
375
|
include Aws::Structure
|
357
376
|
end
|
358
377
|
|
@@ -433,15 +452,16 @@ module Aws::KMS
|
|
433
452
|
# @return [Array<String>]
|
434
453
|
#
|
435
454
|
# @!attribute [rw] constraints
|
436
|
-
# Allows a cryptographic operation only when the encryption
|
437
|
-
# matches or includes the encryption context specified in this
|
455
|
+
# Allows a [cryptographic operation][1] only when the encryption
|
456
|
+
# context matches or includes the encryption context specified in this
|
438
457
|
# structure. For more information about encryption context, see
|
439
|
-
# [Encryption Context][
|
458
|
+
# [Encryption Context][2] in the <i> <i>AWS Key Management Service
|
440
459
|
# Developer Guide</i> </i>.
|
441
460
|
#
|
442
461
|
#
|
443
462
|
#
|
444
|
-
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#
|
463
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
|
464
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
445
465
|
# @return [Types::GrantConstraints]
|
446
466
|
#
|
447
467
|
# @!attribute [rw] grant_tokens
|
@@ -483,6 +503,7 @@ module Aws::KMS
|
|
483
503
|
:constraints,
|
484
504
|
:grant_tokens,
|
485
505
|
:name)
|
506
|
+
SENSITIVE = []
|
486
507
|
include Aws::Structure
|
487
508
|
end
|
488
509
|
|
@@ -509,6 +530,7 @@ module Aws::KMS
|
|
509
530
|
class CreateGrantResponse < Struct.new(
|
510
531
|
:grant_token,
|
511
532
|
:grant_id)
|
533
|
+
SENSITIVE = []
|
512
534
|
include Aws::Structure
|
513
535
|
end
|
514
536
|
|
@@ -575,8 +597,8 @@ module Aws::KMS
|
|
575
597
|
# @return [String]
|
576
598
|
#
|
577
599
|
# @!attribute [rw] key_usage
|
578
|
-
# Determines the cryptographic operations for which you can use
|
579
|
-
# CMK. The default value is `ENCRYPT_DECRYPT`. This parameter is
|
600
|
+
# Determines the [cryptographic operations][1] for which you can use
|
601
|
+
# the CMK. The default value is `ENCRYPT_DECRYPT`. This parameter is
|
580
602
|
# required only for asymmetric CMKs. You can't change the `KeyUsage`
|
581
603
|
# value after the CMK is created.
|
582
604
|
#
|
@@ -589,6 +611,10 @@ module Aws::KMS
|
|
589
611
|
# `ENCRYPT_DECRYPT` or `SIGN_VERIFY`.
|
590
612
|
#
|
591
613
|
# * For asymmetric CMKs with ECC key material, specify `SIGN_VERIFY`.
|
614
|
+
#
|
615
|
+
#
|
616
|
+
#
|
617
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
|
592
618
|
# @return [String]
|
593
619
|
#
|
594
620
|
# @!attribute [rw] customer_master_key_spec
|
@@ -755,6 +781,7 @@ module Aws::KMS
|
|
755
781
|
:custom_key_store_id,
|
756
782
|
:bypass_policy_lockout_safety_check,
|
757
783
|
:tags)
|
784
|
+
SENSITIVE = []
|
758
785
|
include Aws::Structure
|
759
786
|
end
|
760
787
|
|
@@ -766,6 +793,7 @@ module Aws::KMS
|
|
766
793
|
#
|
767
794
|
class CreateKeyResponse < Struct.new(
|
768
795
|
:key_metadata)
|
796
|
+
SENSITIVE = []
|
769
797
|
include Aws::Structure
|
770
798
|
end
|
771
799
|
|
@@ -781,6 +809,7 @@ module Aws::KMS
|
|
781
809
|
#
|
782
810
|
class CustomKeyStoreHasCMKsException < Struct.new(
|
783
811
|
:message)
|
812
|
+
SENSITIVE = []
|
784
813
|
include Aws::Structure
|
785
814
|
end
|
786
815
|
|
@@ -810,6 +839,7 @@ module Aws::KMS
|
|
810
839
|
#
|
811
840
|
class CustomKeyStoreInvalidStateException < Struct.new(
|
812
841
|
:message)
|
842
|
+
SENSITIVE = []
|
813
843
|
include Aws::Structure
|
814
844
|
end
|
815
845
|
|
@@ -824,6 +854,7 @@ module Aws::KMS
|
|
824
854
|
#
|
825
855
|
class CustomKeyStoreNameInUseException < Struct.new(
|
826
856
|
:message)
|
857
|
+
SENSITIVE = []
|
827
858
|
include Aws::Structure
|
828
859
|
end
|
829
860
|
|
@@ -837,6 +868,7 @@ module Aws::KMS
|
|
837
868
|
#
|
838
869
|
class CustomKeyStoreNotFoundException < Struct.new(
|
839
870
|
:message)
|
871
|
+
SENSITIVE = []
|
840
872
|
include Aws::Structure
|
841
873
|
end
|
842
874
|
|
@@ -922,12 +954,13 @@ module Aws::KMS
|
|
922
954
|
#
|
923
955
|
# * `SUBNET_NOT_FOUND` - A subnet in the AWS CloudHSM cluster
|
924
956
|
# configuration was deleted. If AWS KMS cannot find all of the
|
925
|
-
# subnets
|
926
|
-
# store
|
927
|
-
# create a cluster from a backup and associate it with
|
928
|
-
# key store. This process
|
929
|
-
#
|
930
|
-
#
|
957
|
+
# subnets in the cluster configuration, attempts to connect the
|
958
|
+
# custom key store to the AWS CloudHSM cluster fail. To fix this
|
959
|
+
# error, create a cluster from a recent backup and associate it with
|
960
|
+
# your custom key store. (This process creates a new cluster
|
961
|
+
# configuration with a VPC and private subnets.) For details, see
|
962
|
+
# [How to Fix a Connection Failure][1] in the *AWS Key Management
|
963
|
+
# Service Developer Guide*.
|
931
964
|
#
|
932
965
|
# * `USER_LOCKED_OUT` - The `kmsuser` CU account is locked out of the
|
933
966
|
# associated AWS CloudHSM cluster due to too many failed password
|
@@ -971,6 +1004,7 @@ module Aws::KMS
|
|
971
1004
|
:connection_state,
|
972
1005
|
:connection_error_code,
|
973
1006
|
:creation_date)
|
1007
|
+
SENSITIVE = []
|
974
1008
|
include Aws::Structure
|
975
1009
|
end
|
976
1010
|
|
@@ -993,9 +1027,9 @@ module Aws::KMS
|
|
993
1027
|
#
|
994
1028
|
# @!attribute [rw] encryption_context
|
995
1029
|
# Specifies the encryption context to use when decrypting the data. An
|
996
|
-
# encryption context is valid only for cryptographic operations
|
997
|
-
# symmetric CMK. The standard asymmetric encryption algorithms
|
998
|
-
# AWS KMS uses do not support an encryption context.
|
1030
|
+
# encryption context is valid only for [cryptographic operations][1]
|
1031
|
+
# with a symmetric CMK. The standard asymmetric encryption algorithms
|
1032
|
+
# that AWS KMS uses do not support an encryption context.
|
999
1033
|
#
|
1000
1034
|
# An *encryption context* is a collection of non-secret key-value
|
1001
1035
|
# pairs that represents additional authenticated data. When you use an
|
@@ -1004,12 +1038,13 @@ module Aws::KMS
|
|
1004
1038
|
# An encryption context is optional when encrypting with a symmetric
|
1005
1039
|
# CMK, but it is highly recommended.
|
1006
1040
|
#
|
1007
|
-
# For more information, see [Encryption Context][
|
1041
|
+
# For more information, see [Encryption Context][2] in the *AWS Key
|
1008
1042
|
# Management Service Developer Guide*.
|
1009
1043
|
#
|
1010
1044
|
#
|
1011
1045
|
#
|
1012
|
-
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#
|
1046
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
|
1047
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
1013
1048
|
# @return [Hash<String,String>]
|
1014
1049
|
#
|
1015
1050
|
# @!attribute [rw] grant_tokens
|
@@ -1077,12 +1112,17 @@ module Aws::KMS
|
|
1077
1112
|
:grant_tokens,
|
1078
1113
|
:key_id,
|
1079
1114
|
:encryption_algorithm)
|
1115
|
+
SENSITIVE = []
|
1080
1116
|
include Aws::Structure
|
1081
1117
|
end
|
1082
1118
|
|
1083
1119
|
# @!attribute [rw] key_id
|
1084
|
-
# The ARN of the
|
1085
|
-
#
|
1120
|
+
# The Amazon Resource Name ([key ARN][1]) of the CMK that was used to
|
1121
|
+
# decrypt the ciphertext.
|
1122
|
+
#
|
1123
|
+
#
|
1124
|
+
#
|
1125
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
1086
1126
|
# @return [String]
|
1087
1127
|
#
|
1088
1128
|
# @!attribute [rw] plaintext
|
@@ -1100,6 +1140,7 @@ module Aws::KMS
|
|
1100
1140
|
:key_id,
|
1101
1141
|
:plaintext,
|
1102
1142
|
:encryption_algorithm)
|
1143
|
+
SENSITIVE = [:plaintext]
|
1103
1144
|
include Aws::Structure
|
1104
1145
|
end
|
1105
1146
|
|
@@ -1119,6 +1160,7 @@ module Aws::KMS
|
|
1119
1160
|
#
|
1120
1161
|
class DeleteAliasRequest < Struct.new(
|
1121
1162
|
:alias_name)
|
1163
|
+
SENSITIVE = []
|
1122
1164
|
include Aws::Structure
|
1123
1165
|
end
|
1124
1166
|
|
@@ -1138,6 +1180,7 @@ module Aws::KMS
|
|
1138
1180
|
#
|
1139
1181
|
class DeleteCustomKeyStoreRequest < Struct.new(
|
1140
1182
|
:custom_key_store_id)
|
1183
|
+
SENSITIVE = []
|
1141
1184
|
include Aws::Structure
|
1142
1185
|
end
|
1143
1186
|
|
@@ -1173,6 +1216,7 @@ module Aws::KMS
|
|
1173
1216
|
#
|
1174
1217
|
class DeleteImportedKeyMaterialRequest < Struct.new(
|
1175
1218
|
:key_id)
|
1219
|
+
SENSITIVE = []
|
1176
1220
|
include Aws::Structure
|
1177
1221
|
end
|
1178
1222
|
|
@@ -1186,6 +1230,7 @@ module Aws::KMS
|
|
1186
1230
|
#
|
1187
1231
|
class DependencyTimeoutException < Struct.new(
|
1188
1232
|
:message)
|
1233
|
+
SENSITIVE = []
|
1189
1234
|
include Aws::Structure
|
1190
1235
|
end
|
1191
1236
|
|
@@ -1238,6 +1283,7 @@ module Aws::KMS
|
|
1238
1283
|
:custom_key_store_name,
|
1239
1284
|
:limit,
|
1240
1285
|
:marker)
|
1286
|
+
SENSITIVE = []
|
1241
1287
|
include Aws::Structure
|
1242
1288
|
end
|
1243
1289
|
|
@@ -1263,6 +1309,7 @@ module Aws::KMS
|
|
1263
1309
|
:custom_key_stores,
|
1264
1310
|
:next_marker,
|
1265
1311
|
:truncated)
|
1312
|
+
SENSITIVE = []
|
1266
1313
|
include Aws::Structure
|
1267
1314
|
end
|
1268
1315
|
|
@@ -1321,6 +1368,7 @@ module Aws::KMS
|
|
1321
1368
|
class DescribeKeyRequest < Struct.new(
|
1322
1369
|
:key_id,
|
1323
1370
|
:grant_tokens)
|
1371
|
+
SENSITIVE = []
|
1324
1372
|
include Aws::Structure
|
1325
1373
|
end
|
1326
1374
|
|
@@ -1332,6 +1380,7 @@ module Aws::KMS
|
|
1332
1380
|
#
|
1333
1381
|
class DescribeKeyResponse < Struct.new(
|
1334
1382
|
:key_metadata)
|
1383
|
+
SENSITIVE = []
|
1335
1384
|
include Aws::Structure
|
1336
1385
|
end
|
1337
1386
|
|
@@ -1362,6 +1411,7 @@ module Aws::KMS
|
|
1362
1411
|
#
|
1363
1412
|
class DisableKeyRequest < Struct.new(
|
1364
1413
|
:key_id)
|
1414
|
+
SENSITIVE = []
|
1365
1415
|
include Aws::Structure
|
1366
1416
|
end
|
1367
1417
|
|
@@ -1400,6 +1450,7 @@ module Aws::KMS
|
|
1400
1450
|
#
|
1401
1451
|
class DisableKeyRotationRequest < Struct.new(
|
1402
1452
|
:key_id)
|
1453
|
+
SENSITIVE = []
|
1403
1454
|
include Aws::Structure
|
1404
1455
|
end
|
1405
1456
|
|
@@ -1412,6 +1463,7 @@ module Aws::KMS
|
|
1412
1463
|
#
|
1413
1464
|
class DisabledException < Struct.new(
|
1414
1465
|
:message)
|
1466
|
+
SENSITIVE = []
|
1415
1467
|
include Aws::Structure
|
1416
1468
|
end
|
1417
1469
|
|
@@ -1432,6 +1484,7 @@ module Aws::KMS
|
|
1432
1484
|
#
|
1433
1485
|
class DisconnectCustomKeyStoreRequest < Struct.new(
|
1434
1486
|
:custom_key_store_id)
|
1487
|
+
SENSITIVE = []
|
1435
1488
|
include Aws::Structure
|
1436
1489
|
end
|
1437
1490
|
|
@@ -1466,6 +1519,7 @@ module Aws::KMS
|
|
1466
1519
|
#
|
1467
1520
|
class EnableKeyRequest < Struct.new(
|
1468
1521
|
:key_id)
|
1522
|
+
SENSITIVE = []
|
1469
1523
|
include Aws::Structure
|
1470
1524
|
end
|
1471
1525
|
|
@@ -1502,6 +1556,7 @@ module Aws::KMS
|
|
1502
1556
|
#
|
1503
1557
|
class EnableKeyRotationRequest < Struct.new(
|
1504
1558
|
:key_id)
|
1559
|
+
SENSITIVE = []
|
1505
1560
|
include Aws::Structure
|
1506
1561
|
end
|
1507
1562
|
|
@@ -1547,9 +1602,10 @@ module Aws::KMS
|
|
1547
1602
|
#
|
1548
1603
|
# @!attribute [rw] encryption_context
|
1549
1604
|
# Specifies the encryption context that will be used to encrypt the
|
1550
|
-
# data. An encryption context is valid only for cryptographic
|
1551
|
-
# operations with a symmetric CMK. The standard asymmetric
|
1552
|
-
# algorithms that AWS KMS uses do not support an encryption
|
1605
|
+
# data. An encryption context is valid only for [cryptographic
|
1606
|
+
# operations][1] with a symmetric CMK. The standard asymmetric
|
1607
|
+
# encryption algorithms that AWS KMS uses do not support an encryption
|
1608
|
+
# context.
|
1553
1609
|
#
|
1554
1610
|
# An *encryption context* is a collection of non-secret key-value
|
1555
1611
|
# pairs that represents additional authenticated data. When you use an
|
@@ -1558,12 +1614,13 @@ module Aws::KMS
|
|
1558
1614
|
# An encryption context is optional when encrypting with a symmetric
|
1559
1615
|
# CMK, but it is highly recommended.
|
1560
1616
|
#
|
1561
|
-
# For more information, see [Encryption Context][
|
1617
|
+
# For more information, see [Encryption Context][2] in the *AWS Key
|
1562
1618
|
# Management Service Developer Guide*.
|
1563
1619
|
#
|
1564
1620
|
#
|
1565
1621
|
#
|
1566
|
-
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#
|
1622
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
|
1623
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
1567
1624
|
# @return [Hash<String,String>]
|
1568
1625
|
#
|
1569
1626
|
# @!attribute [rw] grant_tokens
|
@@ -1596,6 +1653,7 @@ module Aws::KMS
|
|
1596
1653
|
:encryption_context,
|
1597
1654
|
:grant_tokens,
|
1598
1655
|
:encryption_algorithm)
|
1656
|
+
SENSITIVE = [:plaintext]
|
1599
1657
|
include Aws::Structure
|
1600
1658
|
end
|
1601
1659
|
|
@@ -1605,7 +1663,12 @@ module Aws::KMS
|
|
1605
1663
|
# @return [String]
|
1606
1664
|
#
|
1607
1665
|
# @!attribute [rw] key_id
|
1608
|
-
# The
|
1666
|
+
# The Amazon Resource Name ([key ARN][1]) of the CMK that was used to
|
1667
|
+
# encrypt the plaintext.
|
1668
|
+
#
|
1669
|
+
#
|
1670
|
+
#
|
1671
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
1609
1672
|
# @return [String]
|
1610
1673
|
#
|
1611
1674
|
# @!attribute [rw] encryption_algorithm
|
@@ -1618,6 +1681,7 @@ module Aws::KMS
|
|
1618
1681
|
:ciphertext_blob,
|
1619
1682
|
:key_id,
|
1620
1683
|
:encryption_algorithm)
|
1684
|
+
SENSITIVE = []
|
1621
1685
|
include Aws::Structure
|
1622
1686
|
end
|
1623
1687
|
|
@@ -1633,6 +1697,7 @@ module Aws::KMS
|
|
1633
1697
|
#
|
1634
1698
|
class ExpiredImportTokenException < Struct.new(
|
1635
1699
|
:message)
|
1700
|
+
SENSITIVE = []
|
1636
1701
|
include Aws::Structure
|
1637
1702
|
end
|
1638
1703
|
|
@@ -1669,7 +1734,9 @@ module Aws::KMS
|
|
1669
1734
|
#
|
1670
1735
|
# @!attribute [rw] key_id
|
1671
1736
|
# Specifies the symmetric CMK that encrypts the private key in the
|
1672
|
-
# data key pair. You cannot specify an asymmetric
|
1737
|
+
# data key pair. You cannot specify an asymmetric CMK or a CMK in a
|
1738
|
+
# custom key store. To get the type and origin of your CMK, use the
|
1739
|
+
# DescribeKey operation.
|
1673
1740
|
#
|
1674
1741
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
1675
1742
|
# name, or alias ARN. When using an alias name, prefix it with
|
@@ -1718,6 +1785,7 @@ module Aws::KMS
|
|
1718
1785
|
:key_id,
|
1719
1786
|
:key_pair_spec,
|
1720
1787
|
:grant_tokens)
|
1788
|
+
SENSITIVE = []
|
1721
1789
|
include Aws::Structure
|
1722
1790
|
end
|
1723
1791
|
|
@@ -1738,7 +1806,12 @@ module Aws::KMS
|
|
1738
1806
|
# @return [String]
|
1739
1807
|
#
|
1740
1808
|
# @!attribute [rw] key_id
|
1741
|
-
# The
|
1809
|
+
# The Amazon Resource Name ([key ARN][1]) of the CMK that encrypted
|
1810
|
+
# the private key.
|
1811
|
+
#
|
1812
|
+
#
|
1813
|
+
#
|
1814
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
1742
1815
|
# @return [String]
|
1743
1816
|
#
|
1744
1817
|
# @!attribute [rw] key_pair_spec
|
@@ -1753,6 +1826,7 @@ module Aws::KMS
|
|
1753
1826
|
:public_key,
|
1754
1827
|
:key_id,
|
1755
1828
|
:key_pair_spec)
|
1829
|
+
SENSITIVE = [:private_key_plaintext]
|
1756
1830
|
include Aws::Structure
|
1757
1831
|
end
|
1758
1832
|
|
@@ -1790,7 +1864,8 @@ module Aws::KMS
|
|
1790
1864
|
# @!attribute [rw] key_id
|
1791
1865
|
# Specifies the CMK that encrypts the private key in the data key
|
1792
1866
|
# pair. You must specify a symmetric CMK. You cannot use an asymmetric
|
1793
|
-
# CMK. To get the type
|
1867
|
+
# CMK or a CMK in a custom key store. To get the type and origin of
|
1868
|
+
# your CMK, use the DescribeKey operation.
|
1794
1869
|
#
|
1795
1870
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
1796
1871
|
# name, or alias ARN. When using an alias name, prefix it with
|
@@ -1838,6 +1913,7 @@ module Aws::KMS
|
|
1838
1913
|
:key_id,
|
1839
1914
|
:key_pair_spec,
|
1840
1915
|
:grant_tokens)
|
1916
|
+
SENSITIVE = []
|
1841
1917
|
include Aws::Structure
|
1842
1918
|
end
|
1843
1919
|
|
@@ -1852,27 +1928,12 @@ module Aws::KMS
|
|
1852
1928
|
# @return [String]
|
1853
1929
|
#
|
1854
1930
|
# @!attribute [rw] key_id
|
1855
|
-
#
|
1856
|
-
#
|
1857
|
-
# CMK. To get the type of your CMK, use the DescribeKey operation.
|
1931
|
+
# The Amazon Resource Name ([key ARN][1]) of the CMK that encrypted
|
1932
|
+
# the private key.
|
1858
1933
|
#
|
1859
|
-
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
1860
|
-
# name, or alias ARN. When using an alias name, prefix it with
|
1861
|
-
# `"alias/"`.
|
1862
1934
|
#
|
1863
|
-
# For example:
|
1864
|
-
#
|
1865
|
-
# * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
|
1866
|
-
#
|
1867
|
-
# * Key ARN:
|
1868
|
-
# `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
|
1869
1935
|
#
|
1870
|
-
#
|
1871
|
-
#
|
1872
|
-
# * Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`
|
1873
|
-
#
|
1874
|
-
# To get the key ID and key ARN for a CMK, use ListKeys or
|
1875
|
-
# DescribeKey. To get the alias name and alias ARN, use ListAliases.
|
1936
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
1876
1937
|
# @return [String]
|
1877
1938
|
#
|
1878
1939
|
# @!attribute [rw] key_pair_spec
|
@@ -1886,6 +1947,7 @@ module Aws::KMS
|
|
1886
1947
|
:public_key,
|
1887
1948
|
:key_id,
|
1888
1949
|
:key_pair_spec)
|
1950
|
+
SENSITIVE = []
|
1889
1951
|
include Aws::Structure
|
1890
1952
|
end
|
1891
1953
|
|
@@ -1982,6 +2044,7 @@ module Aws::KMS
|
|
1982
2044
|
:number_of_bytes,
|
1983
2045
|
:key_spec,
|
1984
2046
|
:grant_tokens)
|
2047
|
+
SENSITIVE = []
|
1985
2048
|
include Aws::Structure
|
1986
2049
|
end
|
1987
2050
|
|
@@ -1999,7 +2062,12 @@ module Aws::KMS
|
|
1999
2062
|
# @return [String]
|
2000
2063
|
#
|
2001
2064
|
# @!attribute [rw] key_id
|
2002
|
-
# The
|
2065
|
+
# The Amazon Resource Name ([key ARN][1]) of the CMK that encrypted
|
2066
|
+
# the data key.
|
2067
|
+
#
|
2068
|
+
#
|
2069
|
+
#
|
2070
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
2003
2071
|
# @return [String]
|
2004
2072
|
#
|
2005
2073
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyResponse AWS API Documentation
|
@@ -2008,6 +2076,7 @@ module Aws::KMS
|
|
2008
2076
|
:ciphertext_blob,
|
2009
2077
|
:plaintext,
|
2010
2078
|
:key_id)
|
2079
|
+
SENSITIVE = [:plaintext]
|
2011
2080
|
include Aws::Structure
|
2012
2081
|
end
|
2013
2082
|
|
@@ -2098,6 +2167,7 @@ module Aws::KMS
|
|
2098
2167
|
:key_spec,
|
2099
2168
|
:number_of_bytes,
|
2100
2169
|
:grant_tokens)
|
2170
|
+
SENSITIVE = []
|
2101
2171
|
include Aws::Structure
|
2102
2172
|
end
|
2103
2173
|
|
@@ -2107,7 +2177,12 @@ module Aws::KMS
|
|
2107
2177
|
# @return [String]
|
2108
2178
|
#
|
2109
2179
|
# @!attribute [rw] key_id
|
2110
|
-
# The
|
2180
|
+
# The Amazon Resource Name ([key ARN][1]) of the CMK that encrypted
|
2181
|
+
# the data key.
|
2182
|
+
#
|
2183
|
+
#
|
2184
|
+
#
|
2185
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
2111
2186
|
# @return [String]
|
2112
2187
|
#
|
2113
2188
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintextResponse AWS API Documentation
|
@@ -2115,6 +2190,7 @@ module Aws::KMS
|
|
2115
2190
|
class GenerateDataKeyWithoutPlaintextResponse < Struct.new(
|
2116
2191
|
:ciphertext_blob,
|
2117
2192
|
:key_id)
|
2193
|
+
SENSITIVE = []
|
2118
2194
|
include Aws::Structure
|
2119
2195
|
end
|
2120
2196
|
|
@@ -2145,6 +2221,7 @@ module Aws::KMS
|
|
2145
2221
|
class GenerateRandomRequest < Struct.new(
|
2146
2222
|
:number_of_bytes,
|
2147
2223
|
:custom_key_store_id)
|
2224
|
+
SENSITIVE = []
|
2148
2225
|
include Aws::Structure
|
2149
2226
|
end
|
2150
2227
|
|
@@ -2157,6 +2234,7 @@ module Aws::KMS
|
|
2157
2234
|
#
|
2158
2235
|
class GenerateRandomResponse < Struct.new(
|
2159
2236
|
:plaintext)
|
2237
|
+
SENSITIVE = [:plaintext]
|
2160
2238
|
include Aws::Structure
|
2161
2239
|
end
|
2162
2240
|
|
@@ -2194,6 +2272,7 @@ module Aws::KMS
|
|
2194
2272
|
class GetKeyPolicyRequest < Struct.new(
|
2195
2273
|
:key_id,
|
2196
2274
|
:policy_name)
|
2275
|
+
SENSITIVE = []
|
2197
2276
|
include Aws::Structure
|
2198
2277
|
end
|
2199
2278
|
|
@@ -2205,6 +2284,7 @@ module Aws::KMS
|
|
2205
2284
|
#
|
2206
2285
|
class GetKeyPolicyResponse < Struct.new(
|
2207
2286
|
:policy)
|
2287
|
+
SENSITIVE = []
|
2208
2288
|
include Aws::Structure
|
2209
2289
|
end
|
2210
2290
|
|
@@ -2236,6 +2316,7 @@ module Aws::KMS
|
|
2236
2316
|
#
|
2237
2317
|
class GetKeyRotationStatusRequest < Struct.new(
|
2238
2318
|
:key_id)
|
2319
|
+
SENSITIVE = []
|
2239
2320
|
include Aws::Structure
|
2240
2321
|
end
|
2241
2322
|
|
@@ -2247,6 +2328,7 @@ module Aws::KMS
|
|
2247
2328
|
#
|
2248
2329
|
class GetKeyRotationStatusResponse < Struct.new(
|
2249
2330
|
:key_rotation_enabled)
|
2331
|
+
SENSITIVE = []
|
2250
2332
|
include Aws::Structure
|
2251
2333
|
end
|
2252
2334
|
|
@@ -2298,13 +2380,18 @@ module Aws::KMS
|
|
2298
2380
|
:key_id,
|
2299
2381
|
:wrapping_algorithm,
|
2300
2382
|
:wrapping_key_spec)
|
2383
|
+
SENSITIVE = []
|
2301
2384
|
include Aws::Structure
|
2302
2385
|
end
|
2303
2386
|
|
2304
2387
|
# @!attribute [rw] key_id
|
2305
|
-
# The
|
2306
|
-
# request. This is the same CMK specified
|
2307
|
-
# `GetParametersForImport` request.
|
2388
|
+
# The Amazon Resource Name ([key ARN][1]) of the CMK to use in a
|
2389
|
+
# subsequent ImportKeyMaterial request. This is the same CMK specified
|
2390
|
+
# in the `GetParametersForImport` request.
|
2391
|
+
#
|
2392
|
+
#
|
2393
|
+
#
|
2394
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
2308
2395
|
# @return [String]
|
2309
2396
|
#
|
2310
2397
|
# @!attribute [rw] import_token
|
@@ -2330,6 +2417,7 @@ module Aws::KMS
|
|
2330
2417
|
:import_token,
|
2331
2418
|
:public_key,
|
2332
2419
|
:parameters_valid_to)
|
2420
|
+
SENSITIVE = [:public_key]
|
2333
2421
|
include Aws::Structure
|
2334
2422
|
end
|
2335
2423
|
|
@@ -2380,12 +2468,17 @@ module Aws::KMS
|
|
2380
2468
|
class GetPublicKeyRequest < Struct.new(
|
2381
2469
|
:key_id,
|
2382
2470
|
:grant_tokens)
|
2471
|
+
SENSITIVE = []
|
2383
2472
|
include Aws::Structure
|
2384
2473
|
end
|
2385
2474
|
|
2386
2475
|
# @!attribute [rw] key_id
|
2387
|
-
# The
|
2388
|
-
# downloaded.
|
2476
|
+
# The Amazon Resource Name ([key ARN][1]) of the asymmetric CMK from
|
2477
|
+
# which the public key was downloaded.
|
2478
|
+
#
|
2479
|
+
#
|
2480
|
+
#
|
2481
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
2389
2482
|
# @return [String]
|
2390
2483
|
#
|
2391
2484
|
# @!attribute [rw] public_key
|
@@ -2443,29 +2536,20 @@ module Aws::KMS
|
|
2443
2536
|
:key_usage,
|
2444
2537
|
:encryption_algorithms,
|
2445
2538
|
:signing_algorithms)
|
2539
|
+
SENSITIVE = []
|
2446
2540
|
include Aws::Structure
|
2447
2541
|
end
|
2448
2542
|
|
2449
|
-
# Use this structure to allow cryptographic operations in the grant
|
2450
|
-
# when the operation request includes the specified [encryption
|
2451
|
-
# context][
|
2452
|
-
#
|
2453
|
-
# AWS KMS applies the grant constraints only when the grant allows a
|
2454
|
-
# cryptographic operation that accepts an encryption context as input,
|
2455
|
-
# such as the following.
|
2543
|
+
# Use this structure to allow [cryptographic operations][1] in the grant
|
2544
|
+
# only when the operation request includes the specified [encryption
|
2545
|
+
# context][2].
|
2456
2546
|
#
|
2457
|
-
#
|
2458
|
-
#
|
2459
|
-
#
|
2460
|
-
#
|
2461
|
-
#
|
2462
|
-
#
|
2463
|
-
# * GenerateDataKeyWithoutPlaintext
|
2464
|
-
#
|
2465
|
-
# * ReEncrypt
|
2466
|
-
#
|
2467
|
-
# AWS KMS does not apply the grant constraints to other operations, such
|
2468
|
-
# as DescribeKey or ScheduleKeyDeletion.
|
2547
|
+
# AWS KMS applies the grant constraints only to cryptographic operations
|
2548
|
+
# that support an encryption context, that is, all cryptographic
|
2549
|
+
# operations with a [symmetric CMK][3]. Grant constraints are not
|
2550
|
+
# applied to operations that do not support an encryption context, such
|
2551
|
+
# as cryptographic operations with asymmetric CMKs and management
|
2552
|
+
# operations, such as DescribeKey or ScheduleKeyDeletion.
|
2469
2553
|
#
|
2470
2554
|
# In a cryptographic operation, the encryption context in the decryption
|
2471
2555
|
# operation must be an exact, case-sensitive match for the keys and
|
@@ -2479,13 +2563,15 @@ module Aws::KMS
|
|
2479
2563
|
# differ only by case. To require a fully case-sensitive encryption
|
2480
2564
|
# context, use the `kms:EncryptionContext:` and
|
2481
2565
|
# `kms:EncryptionContextKeys` conditions in an IAM or key policy. For
|
2482
|
-
# details, see [kms:EncryptionContext:][
|
2566
|
+
# details, see [kms:EncryptionContext:][4] in the <i> <i>AWS Key
|
2483
2567
|
# Management Service Developer Guide</i> </i>.
|
2484
2568
|
#
|
2485
2569
|
#
|
2486
2570
|
#
|
2487
|
-
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#
|
2488
|
-
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/
|
2571
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
|
2572
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
2573
|
+
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#symmetric-cmks
|
2574
|
+
# [4]: https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-context
|
2489
2575
|
#
|
2490
2576
|
# @note When making an API call, you may pass GrantConstraints
|
2491
2577
|
# data as a hash:
|
@@ -2501,17 +2587,25 @@ module Aws::KMS
|
|
2501
2587
|
#
|
2502
2588
|
# @!attribute [rw] encryption_context_subset
|
2503
2589
|
# A list of key-value pairs that must be included in the encryption
|
2504
|
-
# context of the cryptographic operation request. The grant
|
2505
|
-
# cryptographic operation only when the encryption context
|
2506
|
-
# request includes the key-value pairs specified in this
|
2507
|
-
# although it can include additional key-value pairs.
|
2590
|
+
# context of the [cryptographic operation][1] request. The grant
|
2591
|
+
# allows the cryptographic operation only when the encryption context
|
2592
|
+
# in the request includes the key-value pairs specified in this
|
2593
|
+
# constraint, although it can include additional key-value pairs.
|
2594
|
+
#
|
2595
|
+
#
|
2596
|
+
#
|
2597
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
|
2508
2598
|
# @return [Hash<String,String>]
|
2509
2599
|
#
|
2510
2600
|
# @!attribute [rw] encryption_context_equals
|
2511
2601
|
# A list of key-value pairs that must match the encryption context in
|
2512
|
-
# the cryptographic operation request. The grant allows the
|
2513
|
-
# only when the encryption context in the request is the
|
2514
|
-
# encryption context specified in this constraint.
|
2602
|
+
# the [cryptographic operation][1] request. The grant allows the
|
2603
|
+
# operation only when the encryption context in the request is the
|
2604
|
+
# same as the encryption context specified in this constraint.
|
2605
|
+
#
|
2606
|
+
#
|
2607
|
+
#
|
2608
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
|
2515
2609
|
# @return [Hash<String,String>]
|
2516
2610
|
#
|
2517
2611
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GrantConstraints AWS API Documentation
|
@@ -2519,10 +2613,11 @@ module Aws::KMS
|
|
2519
2613
|
class GrantConstraints < Struct.new(
|
2520
2614
|
:encryption_context_subset,
|
2521
2615
|
:encryption_context_equals)
|
2616
|
+
SENSITIVE = []
|
2522
2617
|
include Aws::Structure
|
2523
2618
|
end
|
2524
2619
|
|
2525
|
-
# Contains information about
|
2620
|
+
# Contains information about a grant.
|
2526
2621
|
#
|
2527
2622
|
# @!attribute [rw] key_id
|
2528
2623
|
# The unique identifier for the customer master key (CMK) to which the
|
@@ -2544,7 +2639,18 @@ module Aws::KMS
|
|
2544
2639
|
# @return [Time]
|
2545
2640
|
#
|
2546
2641
|
# @!attribute [rw] grantee_principal
|
2547
|
-
# The
|
2642
|
+
# The identity that gets the permissions in the grant.
|
2643
|
+
#
|
2644
|
+
# The `GranteePrincipal` field in the `ListGrants` response usually
|
2645
|
+
# contains the user or role designated as the grantee principal in the
|
2646
|
+
# grant. However, when the grantee principal in the grant is an AWS
|
2647
|
+
# service, the `GranteePrincipal` field contains the [service
|
2648
|
+
# principal][1], which might represent several different grantee
|
2649
|
+
# principals.
|
2650
|
+
#
|
2651
|
+
#
|
2652
|
+
#
|
2653
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services
|
2548
2654
|
# @return [String]
|
2549
2655
|
#
|
2550
2656
|
# @!attribute [rw] retiring_principal
|
@@ -2576,6 +2682,7 @@ module Aws::KMS
|
|
2576
2682
|
:issuing_account,
|
2577
2683
|
:operations,
|
2578
2684
|
:constraints)
|
2685
|
+
SENSITIVE = []
|
2579
2686
|
include Aws::Structure
|
2580
2687
|
end
|
2581
2688
|
|
@@ -2647,6 +2754,7 @@ module Aws::KMS
|
|
2647
2754
|
:encrypted_key_material,
|
2648
2755
|
:valid_to,
|
2649
2756
|
:expiration_model)
|
2757
|
+
SENSITIVE = []
|
2650
2758
|
include Aws::Structure
|
2651
2759
|
end
|
2652
2760
|
|
@@ -2666,6 +2774,7 @@ module Aws::KMS
|
|
2666
2774
|
#
|
2667
2775
|
class IncorrectKeyException < Struct.new(
|
2668
2776
|
:message)
|
2777
|
+
SENSITIVE = []
|
2669
2778
|
include Aws::Structure
|
2670
2779
|
end
|
2671
2780
|
|
@@ -2680,6 +2789,7 @@ module Aws::KMS
|
|
2680
2789
|
#
|
2681
2790
|
class IncorrectKeyMaterialException < Struct.new(
|
2682
2791
|
:message)
|
2792
|
+
SENSITIVE = []
|
2683
2793
|
include Aws::Structure
|
2684
2794
|
end
|
2685
2795
|
|
@@ -2701,6 +2811,7 @@ module Aws::KMS
|
|
2701
2811
|
#
|
2702
2812
|
class IncorrectTrustAnchorException < Struct.new(
|
2703
2813
|
:message)
|
2814
|
+
SENSITIVE = []
|
2704
2815
|
include Aws::Structure
|
2705
2816
|
end
|
2706
2817
|
|
@@ -2714,6 +2825,7 @@ module Aws::KMS
|
|
2714
2825
|
#
|
2715
2826
|
class InvalidAliasNameException < Struct.new(
|
2716
2827
|
:message)
|
2828
|
+
SENSITIVE = []
|
2717
2829
|
include Aws::Structure
|
2718
2830
|
end
|
2719
2831
|
|
@@ -2727,6 +2839,7 @@ module Aws::KMS
|
|
2727
2839
|
#
|
2728
2840
|
class InvalidArnException < Struct.new(
|
2729
2841
|
:message)
|
2842
|
+
SENSITIVE = []
|
2730
2843
|
include Aws::Structure
|
2731
2844
|
end
|
2732
2845
|
|
@@ -2745,6 +2858,7 @@ module Aws::KMS
|
|
2745
2858
|
#
|
2746
2859
|
class InvalidCiphertextException < Struct.new(
|
2747
2860
|
:message)
|
2861
|
+
SENSITIVE = []
|
2748
2862
|
include Aws::Structure
|
2749
2863
|
end
|
2750
2864
|
|
@@ -2757,6 +2871,7 @@ module Aws::KMS
|
|
2757
2871
|
#
|
2758
2872
|
class InvalidGrantIdException < Struct.new(
|
2759
2873
|
:message)
|
2874
|
+
SENSITIVE = []
|
2760
2875
|
include Aws::Structure
|
2761
2876
|
end
|
2762
2877
|
|
@@ -2770,6 +2885,7 @@ module Aws::KMS
|
|
2770
2885
|
#
|
2771
2886
|
class InvalidGrantTokenException < Struct.new(
|
2772
2887
|
:message)
|
2888
|
+
SENSITIVE = []
|
2773
2889
|
include Aws::Structure
|
2774
2890
|
end
|
2775
2891
|
|
@@ -2783,6 +2899,7 @@ module Aws::KMS
|
|
2783
2899
|
#
|
2784
2900
|
class InvalidImportTokenException < Struct.new(
|
2785
2901
|
:message)
|
2902
|
+
SENSITIVE = []
|
2786
2903
|
include Aws::Structure
|
2787
2904
|
end
|
2788
2905
|
|
@@ -2810,6 +2927,7 @@ module Aws::KMS
|
|
2810
2927
|
#
|
2811
2928
|
class InvalidKeyUsageException < Struct.new(
|
2812
2929
|
:message)
|
2930
|
+
SENSITIVE = []
|
2813
2931
|
include Aws::Structure
|
2814
2932
|
end
|
2815
2933
|
|
@@ -2823,6 +2941,7 @@ module Aws::KMS
|
|
2823
2941
|
#
|
2824
2942
|
class InvalidMarkerException < Struct.new(
|
2825
2943
|
:message)
|
2944
|
+
SENSITIVE = []
|
2826
2945
|
include Aws::Structure
|
2827
2946
|
end
|
2828
2947
|
|
@@ -2836,6 +2955,7 @@ module Aws::KMS
|
|
2836
2955
|
#
|
2837
2956
|
class KMSInternalException < Struct.new(
|
2838
2957
|
:message)
|
2958
|
+
SENSITIVE = []
|
2839
2959
|
include Aws::Structure
|
2840
2960
|
end
|
2841
2961
|
|
@@ -2851,6 +2971,7 @@ module Aws::KMS
|
|
2851
2971
|
#
|
2852
2972
|
class KMSInvalidSignatureException < Struct.new(
|
2853
2973
|
:message)
|
2974
|
+
SENSITIVE = []
|
2854
2975
|
include Aws::Structure
|
2855
2976
|
end
|
2856
2977
|
|
@@ -2872,6 +2993,7 @@ module Aws::KMS
|
|
2872
2993
|
#
|
2873
2994
|
class KMSInvalidStateException < Struct.new(
|
2874
2995
|
:message)
|
2996
|
+
SENSITIVE = []
|
2875
2997
|
include Aws::Structure
|
2876
2998
|
end
|
2877
2999
|
|
@@ -2890,6 +3012,7 @@ module Aws::KMS
|
|
2890
3012
|
class KeyListEntry < Struct.new(
|
2891
3013
|
:key_id,
|
2892
3014
|
:key_arn)
|
3015
|
+
SENSITIVE = []
|
2893
3016
|
include Aws::Structure
|
2894
3017
|
end
|
2895
3018
|
|
@@ -2930,15 +3053,19 @@ module Aws::KMS
|
|
2930
3053
|
# @return [String]
|
2931
3054
|
#
|
2932
3055
|
# @!attribute [rw] key_usage
|
2933
|
-
# The cryptographic operations for which you can use the CMK.
|
3056
|
+
# The [cryptographic operations][1] for which you can use the CMK.
|
3057
|
+
#
|
3058
|
+
#
|
3059
|
+
#
|
3060
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
|
2934
3061
|
# @return [String]
|
2935
3062
|
#
|
2936
3063
|
# @!attribute [rw] key_state
|
2937
|
-
# The
|
3064
|
+
# The current status of the CMK.
|
2938
3065
|
#
|
2939
3066
|
# For more information about how key state affects the use of a CMK,
|
2940
|
-
# see [
|
2941
|
-
#
|
3067
|
+
# see [Key state: Effect on your CMK][1] in the *AWS Key Management
|
3068
|
+
# Service Developer Guide*.
|
2942
3069
|
#
|
2943
3070
|
#
|
2944
3071
|
#
|
@@ -3011,16 +3138,16 @@ module Aws::KMS
|
|
3011
3138
|
# @return [String]
|
3012
3139
|
#
|
3013
3140
|
# @!attribute [rw] encryption_algorithms
|
3014
|
-
#
|
3015
|
-
#
|
3141
|
+
# The encryption algorithms that the CMK supports. You cannot use the
|
3142
|
+
# CMK with other encryption algorithms within AWS KMS.
|
3016
3143
|
#
|
3017
3144
|
# This field appears only when the `KeyUsage` of the CMK is
|
3018
3145
|
# `ENCRYPT_DECRYPT`.
|
3019
3146
|
# @return [Array<String>]
|
3020
3147
|
#
|
3021
3148
|
# @!attribute [rw] signing_algorithms
|
3022
|
-
#
|
3023
|
-
#
|
3149
|
+
# The signing algorithms that the CMK supports. You cannot use the CMK
|
3150
|
+
# with other signing algorithms within AWS KMS.
|
3024
3151
|
#
|
3025
3152
|
# This field appears only when the `KeyUsage` of the CMK is
|
3026
3153
|
# `SIGN_VERIFY`.
|
@@ -3047,6 +3174,7 @@ module Aws::KMS
|
|
3047
3174
|
:customer_master_key_spec,
|
3048
3175
|
:encryption_algorithms,
|
3049
3176
|
:signing_algorithms)
|
3177
|
+
SENSITIVE = []
|
3050
3178
|
include Aws::Structure
|
3051
3179
|
end
|
3052
3180
|
|
@@ -3060,6 +3188,7 @@ module Aws::KMS
|
|
3060
3188
|
#
|
3061
3189
|
class KeyUnavailableException < Struct.new(
|
3062
3190
|
:message)
|
3191
|
+
SENSITIVE = []
|
3063
3192
|
include Aws::Structure
|
3064
3193
|
end
|
3065
3194
|
|
@@ -3078,6 +3207,7 @@ module Aws::KMS
|
|
3078
3207
|
#
|
3079
3208
|
class LimitExceededException < Struct.new(
|
3080
3209
|
:message)
|
3210
|
+
SENSITIVE = []
|
3081
3211
|
include Aws::Structure
|
3082
3212
|
end
|
3083
3213
|
|
@@ -3122,6 +3252,7 @@ module Aws::KMS
|
|
3122
3252
|
:key_id,
|
3123
3253
|
:limit,
|
3124
3254
|
:marker)
|
3255
|
+
SENSITIVE = []
|
3125
3256
|
include Aws::Structure
|
3126
3257
|
end
|
3127
3258
|
|
@@ -3147,6 +3278,7 @@ module Aws::KMS
|
|
3147
3278
|
:aliases,
|
3148
3279
|
:next_marker,
|
3149
3280
|
:truncated)
|
3281
|
+
SENSITIVE = []
|
3150
3282
|
include Aws::Structure
|
3151
3283
|
end
|
3152
3284
|
|
@@ -3198,6 +3330,7 @@ module Aws::KMS
|
|
3198
3330
|
:limit,
|
3199
3331
|
:marker,
|
3200
3332
|
:key_id)
|
3333
|
+
SENSITIVE = []
|
3201
3334
|
include Aws::Structure
|
3202
3335
|
end
|
3203
3336
|
|
@@ -3223,6 +3356,7 @@ module Aws::KMS
|
|
3223
3356
|
:grants,
|
3224
3357
|
:next_marker,
|
3225
3358
|
:truncated)
|
3359
|
+
SENSITIVE = []
|
3226
3360
|
include Aws::Structure
|
3227
3361
|
end
|
3228
3362
|
|
@@ -3275,6 +3409,7 @@ module Aws::KMS
|
|
3275
3409
|
:key_id,
|
3276
3410
|
:limit,
|
3277
3411
|
:marker)
|
3412
|
+
SENSITIVE = []
|
3278
3413
|
include Aws::Structure
|
3279
3414
|
end
|
3280
3415
|
|
@@ -3300,6 +3435,7 @@ module Aws::KMS
|
|
3300
3435
|
:policy_names,
|
3301
3436
|
:next_marker,
|
3302
3437
|
:truncated)
|
3438
|
+
SENSITIVE = []
|
3303
3439
|
include Aws::Structure
|
3304
3440
|
end
|
3305
3441
|
|
@@ -3332,6 +3468,7 @@ module Aws::KMS
|
|
3332
3468
|
class ListKeysRequest < Struct.new(
|
3333
3469
|
:limit,
|
3334
3470
|
:marker)
|
3471
|
+
SENSITIVE = []
|
3335
3472
|
include Aws::Structure
|
3336
3473
|
end
|
3337
3474
|
|
@@ -3357,6 +3494,7 @@ module Aws::KMS
|
|
3357
3494
|
:keys,
|
3358
3495
|
:next_marker,
|
3359
3496
|
:truncated)
|
3497
|
+
SENSITIVE = []
|
3360
3498
|
include Aws::Structure
|
3361
3499
|
end
|
3362
3500
|
|
@@ -3409,6 +3547,7 @@ module Aws::KMS
|
|
3409
3547
|
:key_id,
|
3410
3548
|
:limit,
|
3411
3549
|
:marker)
|
3550
|
+
SENSITIVE = []
|
3412
3551
|
include Aws::Structure
|
3413
3552
|
end
|
3414
3553
|
|
@@ -3436,6 +3575,7 @@ module Aws::KMS
|
|
3436
3575
|
:tags,
|
3437
3576
|
:next_marker,
|
3438
3577
|
:truncated)
|
3578
|
+
SENSITIVE = []
|
3439
3579
|
include Aws::Structure
|
3440
3580
|
end
|
3441
3581
|
|
@@ -3486,6 +3626,7 @@ module Aws::KMS
|
|
3486
3626
|
:limit,
|
3487
3627
|
:marker,
|
3488
3628
|
:retiring_principal)
|
3629
|
+
SENSITIVE = []
|
3489
3630
|
include Aws::Structure
|
3490
3631
|
end
|
3491
3632
|
|
@@ -3499,6 +3640,7 @@ module Aws::KMS
|
|
3499
3640
|
#
|
3500
3641
|
class MalformedPolicyDocumentException < Struct.new(
|
3501
3642
|
:message)
|
3643
|
+
SENSITIVE = []
|
3502
3644
|
include Aws::Structure
|
3503
3645
|
end
|
3504
3646
|
|
@@ -3512,6 +3654,7 @@ module Aws::KMS
|
|
3512
3654
|
#
|
3513
3655
|
class NotFoundException < Struct.new(
|
3514
3656
|
:message)
|
3657
|
+
SENSITIVE = []
|
3515
3658
|
include Aws::Structure
|
3516
3659
|
end
|
3517
3660
|
|
@@ -3608,6 +3751,7 @@ module Aws::KMS
|
|
3608
3751
|
:policy_name,
|
3609
3752
|
:policy,
|
3610
3753
|
:bypass_policy_lockout_safety_check)
|
3754
|
+
SENSITIVE = []
|
3611
3755
|
include Aws::Structure
|
3612
3756
|
end
|
3613
3757
|
|
@@ -3781,6 +3925,7 @@ module Aws::KMS
|
|
3781
3925
|
:source_encryption_algorithm,
|
3782
3926
|
:destination_encryption_algorithm,
|
3783
3927
|
:grant_tokens)
|
3928
|
+
SENSITIVE = []
|
3784
3929
|
include Aws::Structure
|
3785
3930
|
end
|
3786
3931
|
|
@@ -3794,7 +3939,12 @@ module Aws::KMS
|
|
3794
3939
|
# @return [String]
|
3795
3940
|
#
|
3796
3941
|
# @!attribute [rw] key_id
|
3797
|
-
#
|
3942
|
+
# The Amazon Resource Name ([key ARN][1]) of the CMK that was used to
|
3943
|
+
# reencrypt the data.
|
3944
|
+
#
|
3945
|
+
#
|
3946
|
+
#
|
3947
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
3798
3948
|
# @return [String]
|
3799
3949
|
#
|
3800
3950
|
# @!attribute [rw] source_encryption_algorithm
|
@@ -3814,6 +3964,7 @@ module Aws::KMS
|
|
3814
3964
|
:key_id,
|
3815
3965
|
:source_encryption_algorithm,
|
3816
3966
|
:destination_encryption_algorithm)
|
3967
|
+
SENSITIVE = []
|
3817
3968
|
include Aws::Structure
|
3818
3969
|
end
|
3819
3970
|
|
@@ -3853,6 +4004,7 @@ module Aws::KMS
|
|
3853
4004
|
:grant_token,
|
3854
4005
|
:key_id,
|
3855
4006
|
:grant_id)
|
4007
|
+
SENSITIVE = []
|
3856
4008
|
include Aws::Structure
|
3857
4009
|
end
|
3858
4010
|
|
@@ -3891,6 +4043,7 @@ module Aws::KMS
|
|
3891
4043
|
class RevokeGrantRequest < Struct.new(
|
3892
4044
|
:key_id,
|
3893
4045
|
:grant_id)
|
4046
|
+
SENSITIVE = []
|
3894
4047
|
include Aws::Structure
|
3895
4048
|
end
|
3896
4049
|
|
@@ -3931,12 +4084,17 @@ module Aws::KMS
|
|
3931
4084
|
class ScheduleKeyDeletionRequest < Struct.new(
|
3932
4085
|
:key_id,
|
3933
4086
|
:pending_window_in_days)
|
4087
|
+
SENSITIVE = []
|
3934
4088
|
include Aws::Structure
|
3935
4089
|
end
|
3936
4090
|
|
3937
4091
|
# @!attribute [rw] key_id
|
3938
|
-
# The
|
3939
|
-
#
|
4092
|
+
# The Amazon Resource Name ([key ARN][1]) of the CMK whose deletion is
|
4093
|
+
# scheduled.
|
4094
|
+
#
|
4095
|
+
#
|
4096
|
+
#
|
4097
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
3940
4098
|
# @return [String]
|
3941
4099
|
#
|
3942
4100
|
# @!attribute [rw] deletion_date
|
@@ -3949,6 +4107,7 @@ module Aws::KMS
|
|
3949
4107
|
class ScheduleKeyDeletionResponse < Struct.new(
|
3950
4108
|
:key_id,
|
3951
4109
|
:deletion_date)
|
4110
|
+
SENSITIVE = []
|
3952
4111
|
include Aws::Structure
|
3953
4112
|
end
|
3954
4113
|
|
@@ -4029,12 +4188,17 @@ module Aws::KMS
|
|
4029
4188
|
:message_type,
|
4030
4189
|
:grant_tokens,
|
4031
4190
|
:signing_algorithm)
|
4191
|
+
SENSITIVE = [:message]
|
4032
4192
|
include Aws::Structure
|
4033
4193
|
end
|
4034
4194
|
|
4035
4195
|
# @!attribute [rw] key_id
|
4036
|
-
# The Amazon Resource Name (ARN) of the asymmetric CMK that
|
4037
|
-
# to sign the message.
|
4196
|
+
# The Amazon Resource Name ([key ARN][1]) of the asymmetric CMK that
|
4197
|
+
# was used to sign the message.
|
4198
|
+
#
|
4199
|
+
#
|
4200
|
+
#
|
4201
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
4038
4202
|
# @return [String]
|
4039
4203
|
#
|
4040
4204
|
# @!attribute [rw] signature
|
@@ -4068,6 +4232,7 @@ module Aws::KMS
|
|
4068
4232
|
:key_id,
|
4069
4233
|
:signature,
|
4070
4234
|
:signing_algorithm)
|
4235
|
+
SENSITIVE = []
|
4071
4236
|
include Aws::Structure
|
4072
4237
|
end
|
4073
4238
|
|
@@ -4104,6 +4269,7 @@ module Aws::KMS
|
|
4104
4269
|
class Tag < Struct.new(
|
4105
4270
|
:tag_key,
|
4106
4271
|
:tag_value)
|
4272
|
+
SENSITIVE = []
|
4107
4273
|
include Aws::Structure
|
4108
4274
|
end
|
4109
4275
|
|
@@ -4116,6 +4282,7 @@ module Aws::KMS
|
|
4116
4282
|
#
|
4117
4283
|
class TagException < Struct.new(
|
4118
4284
|
:message)
|
4285
|
+
SENSITIVE = []
|
4119
4286
|
include Aws::Structure
|
4120
4287
|
end
|
4121
4288
|
|
@@ -4157,6 +4324,7 @@ module Aws::KMS
|
|
4157
4324
|
class TagResourceRequest < Struct.new(
|
4158
4325
|
:key_id,
|
4159
4326
|
:tags)
|
4327
|
+
SENSITIVE = []
|
4160
4328
|
include Aws::Structure
|
4161
4329
|
end
|
4162
4330
|
|
@@ -4170,6 +4338,7 @@ module Aws::KMS
|
|
4170
4338
|
#
|
4171
4339
|
class UnsupportedOperationException < Struct.new(
|
4172
4340
|
:message)
|
4341
|
+
SENSITIVE = []
|
4173
4342
|
include Aws::Structure
|
4174
4343
|
end
|
4175
4344
|
|
@@ -4206,6 +4375,7 @@ module Aws::KMS
|
|
4206
4375
|
class UntagResourceRequest < Struct.new(
|
4207
4376
|
:key_id,
|
4208
4377
|
:tag_keys)
|
4378
|
+
SENSITIVE = []
|
4209
4379
|
include Aws::Structure
|
4210
4380
|
end
|
4211
4381
|
|
@@ -4254,6 +4424,7 @@ module Aws::KMS
|
|
4254
4424
|
class UpdateAliasRequest < Struct.new(
|
4255
4425
|
:alias_name,
|
4256
4426
|
:target_key_id)
|
4427
|
+
SENSITIVE = []
|
4257
4428
|
include Aws::Structure
|
4258
4429
|
end
|
4259
4430
|
|
@@ -4313,6 +4484,7 @@ module Aws::KMS
|
|
4313
4484
|
:new_custom_key_store_name,
|
4314
4485
|
:key_store_password,
|
4315
4486
|
:cloud_hsm_cluster_id)
|
4487
|
+
SENSITIVE = [:key_store_password]
|
4316
4488
|
include Aws::Structure
|
4317
4489
|
end
|
4318
4490
|
|
@@ -4353,6 +4525,7 @@ module Aws::KMS
|
|
4353
4525
|
class UpdateKeyDescriptionRequest < Struct.new(
|
4354
4526
|
:key_id,
|
4355
4527
|
:description)
|
4528
|
+
SENSITIVE = []
|
4356
4529
|
include Aws::Structure
|
4357
4530
|
end
|
4358
4531
|
|
@@ -4444,12 +4617,17 @@ module Aws::KMS
|
|
4444
4617
|
:signature,
|
4445
4618
|
:signing_algorithm,
|
4446
4619
|
:grant_tokens)
|
4620
|
+
SENSITIVE = [:message]
|
4447
4621
|
include Aws::Structure
|
4448
4622
|
end
|
4449
4623
|
|
4450
4624
|
# @!attribute [rw] key_id
|
4451
|
-
# The
|
4452
|
-
# the signature.
|
4625
|
+
# The Amazon Resource Name ([key ARN][1]) of the asymmetric CMK that
|
4626
|
+
# was used to verify the signature.
|
4627
|
+
#
|
4628
|
+
#
|
4629
|
+
#
|
4630
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
|
4453
4631
|
# @return [String]
|
4454
4632
|
#
|
4455
4633
|
# @!attribute [rw] signature_valid
|
@@ -4470,6 +4648,7 @@ module Aws::KMS
|
|
4470
4648
|
:key_id,
|
4471
4649
|
:signature_valid,
|
4472
4650
|
:signing_algorithm)
|
4651
|
+
SENSITIVE = []
|
4473
4652
|
include Aws::Structure
|
4474
4653
|
end
|
4475
4654
|
|