aws-sdk-kms 1.32.0 → 1.37.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # WARNING ABOUT GENERATED CODE
2
4
  #
3
5
  # This file is generated. See the contributing guide for more information:
@@ -1032,6 +1034,7 @@ module Aws::KMS
1032
1034
  o.errors << Shapes::ShapeRef.new(shape: InvalidGrantTokenException)
1033
1035
  o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
1034
1036
  o.errors << Shapes::ShapeRef.new(shape: KMSInvalidStateException)
1037
+ o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
1035
1038
  end)
1036
1039
 
1037
1040
  api.add_operation(:generate_data_key_pair_without_plaintext, Seahorse::Model::Operation.new.tap do |o|
@@ -1048,6 +1051,7 @@ module Aws::KMS
1048
1051
  o.errors << Shapes::ShapeRef.new(shape: InvalidGrantTokenException)
1049
1052
  o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
1050
1053
  o.errors << Shapes::ShapeRef.new(shape: KMSInvalidStateException)
1054
+ o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
1051
1055
  end)
1052
1056
 
1053
1057
  api.add_operation(:generate_data_key_without_plaintext, Seahorse::Model::Operation.new.tap do |o|
@@ -1387,6 +1391,7 @@ module Aws::KMS
1387
1391
  o.errors << Shapes::ShapeRef.new(shape: DependencyTimeoutException)
1388
1392
  o.errors << Shapes::ShapeRef.new(shape: NotFoundException)
1389
1393
  o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
1394
+ o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
1390
1395
  o.errors << Shapes::ShapeRef.new(shape: KMSInvalidStateException)
1391
1396
  end)
1392
1397
 
@@ -1,3 +1,4 @@
1
+ # frozen_string_literal: true
1
2
  # WARNING ABOUT GENERATED CODE
2
3
  #
3
4
  # This file is generated. See the contributing for info on making contributions:
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # WARNING ABOUT GENERATED CODE
2
4
  #
3
5
  # This file is generated. See the contributing guide for more information:
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # WARNING ABOUT GENERATED CODE
2
4
  #
3
5
  # This file is generated. See the contributing guide for more information:
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # WARNING ABOUT GENERATED CODE
2
4
  #
3
5
  # This file is generated. See the contributing guide for more information:
@@ -28,6 +30,7 @@ module Aws::KMS
28
30
  :alias_name,
29
31
  :alias_arn,
30
32
  :target_key_id)
33
+ SENSITIVE = []
31
34
  include Aws::Structure
32
35
  end
33
36
 
@@ -41,6 +44,7 @@ module Aws::KMS
41
44
  #
42
45
  class AlreadyExistsException < Struct.new(
43
46
  :message)
47
+ SENSITIVE = []
44
48
  include Aws::Structure
45
49
  end
46
50
 
@@ -72,18 +76,24 @@ module Aws::KMS
72
76
  #
73
77
  class CancelKeyDeletionRequest < Struct.new(
74
78
  :key_id)
79
+ SENSITIVE = []
75
80
  include Aws::Structure
76
81
  end
77
82
 
78
83
  # @!attribute [rw] key_id
79
- # The unique identifier of the master key for which deletion is
84
+ # The Amazon Resource Name ([key ARN][1]) of the CMK whose deletion is
80
85
  # canceled.
86
+ #
87
+ #
88
+ #
89
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
81
90
  # @return [String]
82
91
  #
83
92
  # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CancelKeyDeletionResponse AWS API Documentation
84
93
  #
85
94
  class CancelKeyDeletionResponse < Struct.new(
86
95
  :key_id)
96
+ SENSITIVE = []
87
97
  include Aws::Structure
88
98
  end
89
99
 
@@ -108,6 +118,7 @@ module Aws::KMS
108
118
  #
109
119
  class CloudHsmClusterInUseException < Struct.new(
110
120
  :message)
121
+ SENSITIVE = []
111
122
  include Aws::Structure
112
123
  end
113
124
 
@@ -160,6 +171,7 @@ module Aws::KMS
160
171
  #
161
172
  class CloudHsmClusterInvalidConfigurationException < Struct.new(
162
173
  :message)
174
+ SENSITIVE = []
163
175
  include Aws::Structure
164
176
  end
165
177
 
@@ -180,6 +192,7 @@ module Aws::KMS
180
192
  #
181
193
  class CloudHsmClusterNotActiveException < Struct.new(
182
194
  :message)
195
+ SENSITIVE = []
183
196
  include Aws::Structure
184
197
  end
185
198
 
@@ -194,6 +207,7 @@ module Aws::KMS
194
207
  #
195
208
  class CloudHsmClusterNotFoundException < Struct.new(
196
209
  :message)
210
+ SENSITIVE = []
197
211
  include Aws::Structure
198
212
  end
199
213
 
@@ -221,6 +235,7 @@ module Aws::KMS
221
235
  #
222
236
  class CloudHsmClusterNotRelatedException < Struct.new(
223
237
  :message)
238
+ SENSITIVE = []
224
239
  include Aws::Structure
225
240
  end
226
241
 
@@ -241,6 +256,7 @@ module Aws::KMS
241
256
  #
242
257
  class ConnectCustomKeyStoreRequest < Struct.new(
243
258
  :custom_key_store_id)
259
+ SENSITIVE = []
244
260
  include Aws::Structure
245
261
  end
246
262
 
@@ -280,6 +296,7 @@ module Aws::KMS
280
296
  class CreateAliasRequest < Struct.new(
281
297
  :alias_name,
282
298
  :target_key_id)
299
+ SENSITIVE = []
283
300
  include Aws::Structure
284
301
  end
285
302
 
@@ -342,6 +359,7 @@ module Aws::KMS
342
359
  :cloud_hsm_cluster_id,
343
360
  :trust_anchor_certificate,
344
361
  :key_store_password)
362
+ SENSITIVE = [:key_store_password]
345
363
  include Aws::Structure
346
364
  end
347
365
 
@@ -353,6 +371,7 @@ module Aws::KMS
353
371
  #
354
372
  class CreateCustomKeyStoreResponse < Struct.new(
355
373
  :custom_key_store_id)
374
+ SENSITIVE = []
356
375
  include Aws::Structure
357
376
  end
358
377
 
@@ -433,15 +452,16 @@ module Aws::KMS
433
452
  # @return [Array<String>]
434
453
  #
435
454
  # @!attribute [rw] constraints
436
- # Allows a cryptographic operation only when the encryption context
437
- # matches or includes the encryption context specified in this
455
+ # Allows a [cryptographic operation][1] only when the encryption
456
+ # context matches or includes the encryption context specified in this
438
457
  # structure. For more information about encryption context, see
439
- # [Encryption Context][1] in the <i> <i>AWS Key Management Service
458
+ # [Encryption Context][2] in the <i> <i>AWS Key Management Service
440
459
  # Developer Guide</i> </i>.
441
460
  #
442
461
  #
443
462
  #
444
- # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
463
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
464
+ # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
445
465
  # @return [Types::GrantConstraints]
446
466
  #
447
467
  # @!attribute [rw] grant_tokens
@@ -483,6 +503,7 @@ module Aws::KMS
483
503
  :constraints,
484
504
  :grant_tokens,
485
505
  :name)
506
+ SENSITIVE = []
486
507
  include Aws::Structure
487
508
  end
488
509
 
@@ -509,6 +530,7 @@ module Aws::KMS
509
530
  class CreateGrantResponse < Struct.new(
510
531
  :grant_token,
511
532
  :grant_id)
533
+ SENSITIVE = []
512
534
  include Aws::Structure
513
535
  end
514
536
 
@@ -575,8 +597,8 @@ module Aws::KMS
575
597
  # @return [String]
576
598
  #
577
599
  # @!attribute [rw] key_usage
578
- # Determines the cryptographic operations for which you can use the
579
- # CMK. The default value is `ENCRYPT_DECRYPT`. This parameter is
600
+ # Determines the [cryptographic operations][1] for which you can use
601
+ # the CMK. The default value is `ENCRYPT_DECRYPT`. This parameter is
580
602
  # required only for asymmetric CMKs. You can't change the `KeyUsage`
581
603
  # value after the CMK is created.
582
604
  #
@@ -589,6 +611,10 @@ module Aws::KMS
589
611
  # `ENCRYPT_DECRYPT` or `SIGN_VERIFY`.
590
612
  #
591
613
  # * For asymmetric CMKs with ECC key material, specify `SIGN_VERIFY`.
614
+ #
615
+ #
616
+ #
617
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
592
618
  # @return [String]
593
619
  #
594
620
  # @!attribute [rw] customer_master_key_spec
@@ -755,6 +781,7 @@ module Aws::KMS
755
781
  :custom_key_store_id,
756
782
  :bypass_policy_lockout_safety_check,
757
783
  :tags)
784
+ SENSITIVE = []
758
785
  include Aws::Structure
759
786
  end
760
787
 
@@ -766,6 +793,7 @@ module Aws::KMS
766
793
  #
767
794
  class CreateKeyResponse < Struct.new(
768
795
  :key_metadata)
796
+ SENSITIVE = []
769
797
  include Aws::Structure
770
798
  end
771
799
 
@@ -781,6 +809,7 @@ module Aws::KMS
781
809
  #
782
810
  class CustomKeyStoreHasCMKsException < Struct.new(
783
811
  :message)
812
+ SENSITIVE = []
784
813
  include Aws::Structure
785
814
  end
786
815
 
@@ -810,6 +839,7 @@ module Aws::KMS
810
839
  #
811
840
  class CustomKeyStoreInvalidStateException < Struct.new(
812
841
  :message)
842
+ SENSITIVE = []
813
843
  include Aws::Structure
814
844
  end
815
845
 
@@ -824,6 +854,7 @@ module Aws::KMS
824
854
  #
825
855
  class CustomKeyStoreNameInUseException < Struct.new(
826
856
  :message)
857
+ SENSITIVE = []
827
858
  include Aws::Structure
828
859
  end
829
860
 
@@ -837,6 +868,7 @@ module Aws::KMS
837
868
  #
838
869
  class CustomKeyStoreNotFoundException < Struct.new(
839
870
  :message)
871
+ SENSITIVE = []
840
872
  include Aws::Structure
841
873
  end
842
874
 
@@ -922,12 +954,13 @@ module Aws::KMS
922
954
  #
923
955
  # * `SUBNET_NOT_FOUND` - A subnet in the AWS CloudHSM cluster
924
956
  # configuration was deleted. If AWS KMS cannot find all of the
925
- # subnets that were configured for the cluster when the custom key
926
- # store was created, attempts to connect fail. To fix this error,
927
- # create a cluster from a backup and associate it with your custom
928
- # key store. This process includes selecting a VPC and subnets. For
929
- # details, see [How to Fix a Connection Failure][1] in the *AWS Key
930
- # Management Service Developer Guide*.
957
+ # subnets in the cluster configuration, attempts to connect the
958
+ # custom key store to the AWS CloudHSM cluster fail. To fix this
959
+ # error, create a cluster from a recent backup and associate it with
960
+ # your custom key store. (This process creates a new cluster
961
+ # configuration with a VPC and private subnets.) For details, see
962
+ # [How to Fix a Connection Failure][1] in the *AWS Key Management
963
+ # Service Developer Guide*.
931
964
  #
932
965
  # * `USER_LOCKED_OUT` - The `kmsuser` CU account is locked out of the
933
966
  # associated AWS CloudHSM cluster due to too many failed password
@@ -971,6 +1004,7 @@ module Aws::KMS
971
1004
  :connection_state,
972
1005
  :connection_error_code,
973
1006
  :creation_date)
1007
+ SENSITIVE = []
974
1008
  include Aws::Structure
975
1009
  end
976
1010
 
@@ -993,9 +1027,9 @@ module Aws::KMS
993
1027
  #
994
1028
  # @!attribute [rw] encryption_context
995
1029
  # Specifies the encryption context to use when decrypting the data. An
996
- # encryption context is valid only for cryptographic operations with a
997
- # symmetric CMK. The standard asymmetric encryption algorithms that
998
- # AWS KMS uses do not support an encryption context.
1030
+ # encryption context is valid only for [cryptographic operations][1]
1031
+ # with a symmetric CMK. The standard asymmetric encryption algorithms
1032
+ # that AWS KMS uses do not support an encryption context.
999
1033
  #
1000
1034
  # An *encryption context* is a collection of non-secret key-value
1001
1035
  # pairs that represents additional authenticated data. When you use an
@@ -1004,12 +1038,13 @@ module Aws::KMS
1004
1038
  # An encryption context is optional when encrypting with a symmetric
1005
1039
  # CMK, but it is highly recommended.
1006
1040
  #
1007
- # For more information, see [Encryption Context][1] in the *AWS Key
1041
+ # For more information, see [Encryption Context][2] in the *AWS Key
1008
1042
  # Management Service Developer Guide*.
1009
1043
  #
1010
1044
  #
1011
1045
  #
1012
- # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
1046
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
1047
+ # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
1013
1048
  # @return [Hash<String,String>]
1014
1049
  #
1015
1050
  # @!attribute [rw] grant_tokens
@@ -1077,12 +1112,17 @@ module Aws::KMS
1077
1112
  :grant_tokens,
1078
1113
  :key_id,
1079
1114
  :encryption_algorithm)
1115
+ SENSITIVE = []
1080
1116
  include Aws::Structure
1081
1117
  end
1082
1118
 
1083
1119
  # @!attribute [rw] key_id
1084
- # The ARN of the customer master key that was used to perform the
1085
- # decryption.
1120
+ # The Amazon Resource Name ([key ARN][1]) of the CMK that was used to
1121
+ # decrypt the ciphertext.
1122
+ #
1123
+ #
1124
+ #
1125
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
1086
1126
  # @return [String]
1087
1127
  #
1088
1128
  # @!attribute [rw] plaintext
@@ -1100,6 +1140,7 @@ module Aws::KMS
1100
1140
  :key_id,
1101
1141
  :plaintext,
1102
1142
  :encryption_algorithm)
1143
+ SENSITIVE = [:plaintext]
1103
1144
  include Aws::Structure
1104
1145
  end
1105
1146
 
@@ -1119,6 +1160,7 @@ module Aws::KMS
1119
1160
  #
1120
1161
  class DeleteAliasRequest < Struct.new(
1121
1162
  :alias_name)
1163
+ SENSITIVE = []
1122
1164
  include Aws::Structure
1123
1165
  end
1124
1166
 
@@ -1138,6 +1180,7 @@ module Aws::KMS
1138
1180
  #
1139
1181
  class DeleteCustomKeyStoreRequest < Struct.new(
1140
1182
  :custom_key_store_id)
1183
+ SENSITIVE = []
1141
1184
  include Aws::Structure
1142
1185
  end
1143
1186
 
@@ -1173,6 +1216,7 @@ module Aws::KMS
1173
1216
  #
1174
1217
  class DeleteImportedKeyMaterialRequest < Struct.new(
1175
1218
  :key_id)
1219
+ SENSITIVE = []
1176
1220
  include Aws::Structure
1177
1221
  end
1178
1222
 
@@ -1186,6 +1230,7 @@ module Aws::KMS
1186
1230
  #
1187
1231
  class DependencyTimeoutException < Struct.new(
1188
1232
  :message)
1233
+ SENSITIVE = []
1189
1234
  include Aws::Structure
1190
1235
  end
1191
1236
 
@@ -1238,6 +1283,7 @@ module Aws::KMS
1238
1283
  :custom_key_store_name,
1239
1284
  :limit,
1240
1285
  :marker)
1286
+ SENSITIVE = []
1241
1287
  include Aws::Structure
1242
1288
  end
1243
1289
 
@@ -1263,6 +1309,7 @@ module Aws::KMS
1263
1309
  :custom_key_stores,
1264
1310
  :next_marker,
1265
1311
  :truncated)
1312
+ SENSITIVE = []
1266
1313
  include Aws::Structure
1267
1314
  end
1268
1315
 
@@ -1321,6 +1368,7 @@ module Aws::KMS
1321
1368
  class DescribeKeyRequest < Struct.new(
1322
1369
  :key_id,
1323
1370
  :grant_tokens)
1371
+ SENSITIVE = []
1324
1372
  include Aws::Structure
1325
1373
  end
1326
1374
 
@@ -1332,6 +1380,7 @@ module Aws::KMS
1332
1380
  #
1333
1381
  class DescribeKeyResponse < Struct.new(
1334
1382
  :key_metadata)
1383
+ SENSITIVE = []
1335
1384
  include Aws::Structure
1336
1385
  end
1337
1386
 
@@ -1362,6 +1411,7 @@ module Aws::KMS
1362
1411
  #
1363
1412
  class DisableKeyRequest < Struct.new(
1364
1413
  :key_id)
1414
+ SENSITIVE = []
1365
1415
  include Aws::Structure
1366
1416
  end
1367
1417
 
@@ -1400,6 +1450,7 @@ module Aws::KMS
1400
1450
  #
1401
1451
  class DisableKeyRotationRequest < Struct.new(
1402
1452
  :key_id)
1453
+ SENSITIVE = []
1403
1454
  include Aws::Structure
1404
1455
  end
1405
1456
 
@@ -1412,6 +1463,7 @@ module Aws::KMS
1412
1463
  #
1413
1464
  class DisabledException < Struct.new(
1414
1465
  :message)
1466
+ SENSITIVE = []
1415
1467
  include Aws::Structure
1416
1468
  end
1417
1469
 
@@ -1432,6 +1484,7 @@ module Aws::KMS
1432
1484
  #
1433
1485
  class DisconnectCustomKeyStoreRequest < Struct.new(
1434
1486
  :custom_key_store_id)
1487
+ SENSITIVE = []
1435
1488
  include Aws::Structure
1436
1489
  end
1437
1490
 
@@ -1466,6 +1519,7 @@ module Aws::KMS
1466
1519
  #
1467
1520
  class EnableKeyRequest < Struct.new(
1468
1521
  :key_id)
1522
+ SENSITIVE = []
1469
1523
  include Aws::Structure
1470
1524
  end
1471
1525
 
@@ -1502,6 +1556,7 @@ module Aws::KMS
1502
1556
  #
1503
1557
  class EnableKeyRotationRequest < Struct.new(
1504
1558
  :key_id)
1559
+ SENSITIVE = []
1505
1560
  include Aws::Structure
1506
1561
  end
1507
1562
 
@@ -1547,9 +1602,10 @@ module Aws::KMS
1547
1602
  #
1548
1603
  # @!attribute [rw] encryption_context
1549
1604
  # Specifies the encryption context that will be used to encrypt the
1550
- # data. An encryption context is valid only for cryptographic
1551
- # operations with a symmetric CMK. The standard asymmetric encryption
1552
- # algorithms that AWS KMS uses do not support an encryption context.
1605
+ # data. An encryption context is valid only for [cryptographic
1606
+ # operations][1] with a symmetric CMK. The standard asymmetric
1607
+ # encryption algorithms that AWS KMS uses do not support an encryption
1608
+ # context.
1553
1609
  #
1554
1610
  # An *encryption context* is a collection of non-secret key-value
1555
1611
  # pairs that represents additional authenticated data. When you use an
@@ -1558,12 +1614,13 @@ module Aws::KMS
1558
1614
  # An encryption context is optional when encrypting with a symmetric
1559
1615
  # CMK, but it is highly recommended.
1560
1616
  #
1561
- # For more information, see [Encryption Context][1] in the *AWS Key
1617
+ # For more information, see [Encryption Context][2] in the *AWS Key
1562
1618
  # Management Service Developer Guide*.
1563
1619
  #
1564
1620
  #
1565
1621
  #
1566
- # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
1622
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
1623
+ # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
1567
1624
  # @return [Hash<String,String>]
1568
1625
  #
1569
1626
  # @!attribute [rw] grant_tokens
@@ -1596,6 +1653,7 @@ module Aws::KMS
1596
1653
  :encryption_context,
1597
1654
  :grant_tokens,
1598
1655
  :encryption_algorithm)
1656
+ SENSITIVE = [:plaintext]
1599
1657
  include Aws::Structure
1600
1658
  end
1601
1659
 
@@ -1605,7 +1663,12 @@ module Aws::KMS
1605
1663
  # @return [String]
1606
1664
  #
1607
1665
  # @!attribute [rw] key_id
1608
- # The ID of the key used during encryption.
1666
+ # The Amazon Resource Name ([key ARN][1]) of the CMK that was used to
1667
+ # encrypt the plaintext.
1668
+ #
1669
+ #
1670
+ #
1671
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
1609
1672
  # @return [String]
1610
1673
  #
1611
1674
  # @!attribute [rw] encryption_algorithm
@@ -1618,6 +1681,7 @@ module Aws::KMS
1618
1681
  :ciphertext_blob,
1619
1682
  :key_id,
1620
1683
  :encryption_algorithm)
1684
+ SENSITIVE = []
1621
1685
  include Aws::Structure
1622
1686
  end
1623
1687
 
@@ -1633,6 +1697,7 @@ module Aws::KMS
1633
1697
  #
1634
1698
  class ExpiredImportTokenException < Struct.new(
1635
1699
  :message)
1700
+ SENSITIVE = []
1636
1701
  include Aws::Structure
1637
1702
  end
1638
1703
 
@@ -1669,7 +1734,9 @@ module Aws::KMS
1669
1734
  #
1670
1735
  # @!attribute [rw] key_id
1671
1736
  # Specifies the symmetric CMK that encrypts the private key in the
1672
- # data key pair. You cannot specify an asymmetric CMKs.
1737
+ # data key pair. You cannot specify an asymmetric CMK or a CMK in a
1738
+ # custom key store. To get the type and origin of your CMK, use the
1739
+ # DescribeKey operation.
1673
1740
  #
1674
1741
  # To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
1675
1742
  # name, or alias ARN. When using an alias name, prefix it with
@@ -1718,6 +1785,7 @@ module Aws::KMS
1718
1785
  :key_id,
1719
1786
  :key_pair_spec,
1720
1787
  :grant_tokens)
1788
+ SENSITIVE = []
1721
1789
  include Aws::Structure
1722
1790
  end
1723
1791
 
@@ -1738,7 +1806,12 @@ module Aws::KMS
1738
1806
  # @return [String]
1739
1807
  #
1740
1808
  # @!attribute [rw] key_id
1741
- # The identifier of the CMK that encrypted the private key.
1809
+ # The Amazon Resource Name ([key ARN][1]) of the CMK that encrypted
1810
+ # the private key.
1811
+ #
1812
+ #
1813
+ #
1814
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
1742
1815
  # @return [String]
1743
1816
  #
1744
1817
  # @!attribute [rw] key_pair_spec
@@ -1753,6 +1826,7 @@ module Aws::KMS
1753
1826
  :public_key,
1754
1827
  :key_id,
1755
1828
  :key_pair_spec)
1829
+ SENSITIVE = [:private_key_plaintext]
1756
1830
  include Aws::Structure
1757
1831
  end
1758
1832
 
@@ -1790,7 +1864,8 @@ module Aws::KMS
1790
1864
  # @!attribute [rw] key_id
1791
1865
  # Specifies the CMK that encrypts the private key in the data key
1792
1866
  # pair. You must specify a symmetric CMK. You cannot use an asymmetric
1793
- # CMK. To get the type of your CMK, use the DescribeKey operation.
1867
+ # CMK or a CMK in a custom key store. To get the type and origin of
1868
+ # your CMK, use the DescribeKey operation.
1794
1869
  #
1795
1870
  # To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
1796
1871
  # name, or alias ARN. When using an alias name, prefix it with
@@ -1838,6 +1913,7 @@ module Aws::KMS
1838
1913
  :key_id,
1839
1914
  :key_pair_spec,
1840
1915
  :grant_tokens)
1916
+ SENSITIVE = []
1841
1917
  include Aws::Structure
1842
1918
  end
1843
1919
 
@@ -1852,27 +1928,12 @@ module Aws::KMS
1852
1928
  # @return [String]
1853
1929
  #
1854
1930
  # @!attribute [rw] key_id
1855
- # Specifies the CMK that encrypted the private key in the data key
1856
- # pair. You must specify a symmetric CMK. You cannot use an asymmetric
1857
- # CMK. To get the type of your CMK, use the DescribeKey operation.
1931
+ # The Amazon Resource Name ([key ARN][1]) of the CMK that encrypted
1932
+ # the private key.
1858
1933
  #
1859
- # To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
1860
- # name, or alias ARN. When using an alias name, prefix it with
1861
- # `"alias/"`.
1862
1934
  #
1863
- # For example:
1864
- #
1865
- # * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
1866
- #
1867
- # * Key ARN:
1868
- # `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
1869
1935
  #
1870
- # * Alias name: `alias/ExampleAlias`
1871
- #
1872
- # * Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`
1873
- #
1874
- # To get the key ID and key ARN for a CMK, use ListKeys or
1875
- # DescribeKey. To get the alias name and alias ARN, use ListAliases.
1936
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
1876
1937
  # @return [String]
1877
1938
  #
1878
1939
  # @!attribute [rw] key_pair_spec
@@ -1886,6 +1947,7 @@ module Aws::KMS
1886
1947
  :public_key,
1887
1948
  :key_id,
1888
1949
  :key_pair_spec)
1950
+ SENSITIVE = []
1889
1951
  include Aws::Structure
1890
1952
  end
1891
1953
 
@@ -1982,6 +2044,7 @@ module Aws::KMS
1982
2044
  :number_of_bytes,
1983
2045
  :key_spec,
1984
2046
  :grant_tokens)
2047
+ SENSITIVE = []
1985
2048
  include Aws::Structure
1986
2049
  end
1987
2050
 
@@ -1999,7 +2062,12 @@ module Aws::KMS
1999
2062
  # @return [String]
2000
2063
  #
2001
2064
  # @!attribute [rw] key_id
2002
- # The identifier of the CMK that encrypted the data key.
2065
+ # The Amazon Resource Name ([key ARN][1]) of the CMK that encrypted
2066
+ # the data key.
2067
+ #
2068
+ #
2069
+ #
2070
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
2003
2071
  # @return [String]
2004
2072
  #
2005
2073
  # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyResponse AWS API Documentation
@@ -2008,6 +2076,7 @@ module Aws::KMS
2008
2076
  :ciphertext_blob,
2009
2077
  :plaintext,
2010
2078
  :key_id)
2079
+ SENSITIVE = [:plaintext]
2011
2080
  include Aws::Structure
2012
2081
  end
2013
2082
 
@@ -2098,6 +2167,7 @@ module Aws::KMS
2098
2167
  :key_spec,
2099
2168
  :number_of_bytes,
2100
2169
  :grant_tokens)
2170
+ SENSITIVE = []
2101
2171
  include Aws::Structure
2102
2172
  end
2103
2173
 
@@ -2107,7 +2177,12 @@ module Aws::KMS
2107
2177
  # @return [String]
2108
2178
  #
2109
2179
  # @!attribute [rw] key_id
2110
- # The identifier of the CMK that encrypted the data key.
2180
+ # The Amazon Resource Name ([key ARN][1]) of the CMK that encrypted
2181
+ # the data key.
2182
+ #
2183
+ #
2184
+ #
2185
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
2111
2186
  # @return [String]
2112
2187
  #
2113
2188
  # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintextResponse AWS API Documentation
@@ -2115,6 +2190,7 @@ module Aws::KMS
2115
2190
  class GenerateDataKeyWithoutPlaintextResponse < Struct.new(
2116
2191
  :ciphertext_blob,
2117
2192
  :key_id)
2193
+ SENSITIVE = []
2118
2194
  include Aws::Structure
2119
2195
  end
2120
2196
 
@@ -2145,6 +2221,7 @@ module Aws::KMS
2145
2221
  class GenerateRandomRequest < Struct.new(
2146
2222
  :number_of_bytes,
2147
2223
  :custom_key_store_id)
2224
+ SENSITIVE = []
2148
2225
  include Aws::Structure
2149
2226
  end
2150
2227
 
@@ -2157,6 +2234,7 @@ module Aws::KMS
2157
2234
  #
2158
2235
  class GenerateRandomResponse < Struct.new(
2159
2236
  :plaintext)
2237
+ SENSITIVE = [:plaintext]
2160
2238
  include Aws::Structure
2161
2239
  end
2162
2240
 
@@ -2194,6 +2272,7 @@ module Aws::KMS
2194
2272
  class GetKeyPolicyRequest < Struct.new(
2195
2273
  :key_id,
2196
2274
  :policy_name)
2275
+ SENSITIVE = []
2197
2276
  include Aws::Structure
2198
2277
  end
2199
2278
 
@@ -2205,6 +2284,7 @@ module Aws::KMS
2205
2284
  #
2206
2285
  class GetKeyPolicyResponse < Struct.new(
2207
2286
  :policy)
2287
+ SENSITIVE = []
2208
2288
  include Aws::Structure
2209
2289
  end
2210
2290
 
@@ -2236,6 +2316,7 @@ module Aws::KMS
2236
2316
  #
2237
2317
  class GetKeyRotationStatusRequest < Struct.new(
2238
2318
  :key_id)
2319
+ SENSITIVE = []
2239
2320
  include Aws::Structure
2240
2321
  end
2241
2322
 
@@ -2247,6 +2328,7 @@ module Aws::KMS
2247
2328
  #
2248
2329
  class GetKeyRotationStatusResponse < Struct.new(
2249
2330
  :key_rotation_enabled)
2331
+ SENSITIVE = []
2250
2332
  include Aws::Structure
2251
2333
  end
2252
2334
 
@@ -2298,13 +2380,18 @@ module Aws::KMS
2298
2380
  :key_id,
2299
2381
  :wrapping_algorithm,
2300
2382
  :wrapping_key_spec)
2383
+ SENSITIVE = []
2301
2384
  include Aws::Structure
2302
2385
  end
2303
2386
 
2304
2387
  # @!attribute [rw] key_id
2305
- # The identifier of the CMK to use in a subsequent ImportKeyMaterial
2306
- # request. This is the same CMK specified in the
2307
- # `GetParametersForImport` request.
2388
+ # The Amazon Resource Name ([key ARN][1]) of the CMK to use in a
2389
+ # subsequent ImportKeyMaterial request. This is the same CMK specified
2390
+ # in the `GetParametersForImport` request.
2391
+ #
2392
+ #
2393
+ #
2394
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
2308
2395
  # @return [String]
2309
2396
  #
2310
2397
  # @!attribute [rw] import_token
@@ -2330,6 +2417,7 @@ module Aws::KMS
2330
2417
  :import_token,
2331
2418
  :public_key,
2332
2419
  :parameters_valid_to)
2420
+ SENSITIVE = [:public_key]
2333
2421
  include Aws::Structure
2334
2422
  end
2335
2423
 
@@ -2380,12 +2468,17 @@ module Aws::KMS
2380
2468
  class GetPublicKeyRequest < Struct.new(
2381
2469
  :key_id,
2382
2470
  :grant_tokens)
2471
+ SENSITIVE = []
2383
2472
  include Aws::Structure
2384
2473
  end
2385
2474
 
2386
2475
  # @!attribute [rw] key_id
2387
- # The identifier of the asymmetric CMK from which the public key was
2388
- # downloaded.
2476
+ # The Amazon Resource Name ([key ARN][1]) of the asymmetric CMK from
2477
+ # which the public key was downloaded.
2478
+ #
2479
+ #
2480
+ #
2481
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
2389
2482
  # @return [String]
2390
2483
  #
2391
2484
  # @!attribute [rw] public_key
@@ -2443,29 +2536,20 @@ module Aws::KMS
2443
2536
  :key_usage,
2444
2537
  :encryption_algorithms,
2445
2538
  :signing_algorithms)
2539
+ SENSITIVE = []
2446
2540
  include Aws::Structure
2447
2541
  end
2448
2542
 
2449
- # Use this structure to allow cryptographic operations in the grant only
2450
- # when the operation request includes the specified [encryption
2451
- # context][1].
2452
- #
2453
- # AWS KMS applies the grant constraints only when the grant allows a
2454
- # cryptographic operation that accepts an encryption context as input,
2455
- # such as the following.
2543
+ # Use this structure to allow [cryptographic operations][1] in the grant
2544
+ # only when the operation request includes the specified [encryption
2545
+ # context][2].
2456
2546
  #
2457
- # * Encrypt
2458
- #
2459
- # * Decrypt
2460
- #
2461
- # * GenerateDataKey
2462
- #
2463
- # * GenerateDataKeyWithoutPlaintext
2464
- #
2465
- # * ReEncrypt
2466
- #
2467
- # AWS KMS does not apply the grant constraints to other operations, such
2468
- # as DescribeKey or ScheduleKeyDeletion.
2547
+ # AWS KMS applies the grant constraints only to cryptographic operations
2548
+ # that support an encryption context, that is, all cryptographic
2549
+ # operations with a [symmetric CMK][3]. Grant constraints are not
2550
+ # applied to operations that do not support an encryption context, such
2551
+ # as cryptographic operations with asymmetric CMKs and management
2552
+ # operations, such as DescribeKey or ScheduleKeyDeletion.
2469
2553
  #
2470
2554
  # In a cryptographic operation, the encryption context in the decryption
2471
2555
  # operation must be an exact, case-sensitive match for the keys and
@@ -2479,13 +2563,15 @@ module Aws::KMS
2479
2563
  # differ only by case. To require a fully case-sensitive encryption
2480
2564
  # context, use the `kms:EncryptionContext:` and
2481
2565
  # `kms:EncryptionContextKeys` conditions in an IAM or key policy. For
2482
- # details, see [kms:EncryptionContext:][2] in the <i> <i>AWS Key
2566
+ # details, see [kms:EncryptionContext:][4] in the <i> <i>AWS Key
2483
2567
  # Management Service Developer Guide</i> </i>.
2484
2568
  #
2485
2569
  #
2486
2570
  #
2487
- # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
2488
- # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-context
2571
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
2572
+ # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
2573
+ # [3]: https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#symmetric-cmks
2574
+ # [4]: https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-context
2489
2575
  #
2490
2576
  # @note When making an API call, you may pass GrantConstraints
2491
2577
  # data as a hash:
@@ -2501,17 +2587,25 @@ module Aws::KMS
2501
2587
  #
2502
2588
  # @!attribute [rw] encryption_context_subset
2503
2589
  # A list of key-value pairs that must be included in the encryption
2504
- # context of the cryptographic operation request. The grant allows the
2505
- # cryptographic operation only when the encryption context in the
2506
- # request includes the key-value pairs specified in this constraint,
2507
- # although it can include additional key-value pairs.
2590
+ # context of the [cryptographic operation][1] request. The grant
2591
+ # allows the cryptographic operation only when the encryption context
2592
+ # in the request includes the key-value pairs specified in this
2593
+ # constraint, although it can include additional key-value pairs.
2594
+ #
2595
+ #
2596
+ #
2597
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
2508
2598
  # @return [Hash<String,String>]
2509
2599
  #
2510
2600
  # @!attribute [rw] encryption_context_equals
2511
2601
  # A list of key-value pairs that must match the encryption context in
2512
- # the cryptographic operation request. The grant allows the operation
2513
- # only when the encryption context in the request is the same as the
2514
- # encryption context specified in this constraint.
2602
+ # the [cryptographic operation][1] request. The grant allows the
2603
+ # operation only when the encryption context in the request is the
2604
+ # same as the encryption context specified in this constraint.
2605
+ #
2606
+ #
2607
+ #
2608
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
2515
2609
  # @return [Hash<String,String>]
2516
2610
  #
2517
2611
  # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GrantConstraints AWS API Documentation
@@ -2519,10 +2613,11 @@ module Aws::KMS
2519
2613
  class GrantConstraints < Struct.new(
2520
2614
  :encryption_context_subset,
2521
2615
  :encryption_context_equals)
2616
+ SENSITIVE = []
2522
2617
  include Aws::Structure
2523
2618
  end
2524
2619
 
2525
- # Contains information about an entry in a list of grants.
2620
+ # Contains information about a grant.
2526
2621
  #
2527
2622
  # @!attribute [rw] key_id
2528
2623
  # The unique identifier for the customer master key (CMK) to which the
@@ -2544,7 +2639,18 @@ module Aws::KMS
2544
2639
  # @return [Time]
2545
2640
  #
2546
2641
  # @!attribute [rw] grantee_principal
2547
- # The principal that receives the grant's permissions.
2642
+ # The identity that gets the permissions in the grant.
2643
+ #
2644
+ # The `GranteePrincipal` field in the `ListGrants` response usually
2645
+ # contains the user or role designated as the grantee principal in the
2646
+ # grant. However, when the grantee principal in the grant is an AWS
2647
+ # service, the `GranteePrincipal` field contains the [service
2648
+ # principal][1], which might represent several different grantee
2649
+ # principals.
2650
+ #
2651
+ #
2652
+ #
2653
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services
2548
2654
  # @return [String]
2549
2655
  #
2550
2656
  # @!attribute [rw] retiring_principal
@@ -2576,6 +2682,7 @@ module Aws::KMS
2576
2682
  :issuing_account,
2577
2683
  :operations,
2578
2684
  :constraints)
2685
+ SENSITIVE = []
2579
2686
  include Aws::Structure
2580
2687
  end
2581
2688
 
@@ -2647,6 +2754,7 @@ module Aws::KMS
2647
2754
  :encrypted_key_material,
2648
2755
  :valid_to,
2649
2756
  :expiration_model)
2757
+ SENSITIVE = []
2650
2758
  include Aws::Structure
2651
2759
  end
2652
2760
 
@@ -2666,6 +2774,7 @@ module Aws::KMS
2666
2774
  #
2667
2775
  class IncorrectKeyException < Struct.new(
2668
2776
  :message)
2777
+ SENSITIVE = []
2669
2778
  include Aws::Structure
2670
2779
  end
2671
2780
 
@@ -2680,6 +2789,7 @@ module Aws::KMS
2680
2789
  #
2681
2790
  class IncorrectKeyMaterialException < Struct.new(
2682
2791
  :message)
2792
+ SENSITIVE = []
2683
2793
  include Aws::Structure
2684
2794
  end
2685
2795
 
@@ -2701,6 +2811,7 @@ module Aws::KMS
2701
2811
  #
2702
2812
  class IncorrectTrustAnchorException < Struct.new(
2703
2813
  :message)
2814
+ SENSITIVE = []
2704
2815
  include Aws::Structure
2705
2816
  end
2706
2817
 
@@ -2714,6 +2825,7 @@ module Aws::KMS
2714
2825
  #
2715
2826
  class InvalidAliasNameException < Struct.new(
2716
2827
  :message)
2828
+ SENSITIVE = []
2717
2829
  include Aws::Structure
2718
2830
  end
2719
2831
 
@@ -2727,6 +2839,7 @@ module Aws::KMS
2727
2839
  #
2728
2840
  class InvalidArnException < Struct.new(
2729
2841
  :message)
2842
+ SENSITIVE = []
2730
2843
  include Aws::Structure
2731
2844
  end
2732
2845
 
@@ -2745,6 +2858,7 @@ module Aws::KMS
2745
2858
  #
2746
2859
  class InvalidCiphertextException < Struct.new(
2747
2860
  :message)
2861
+ SENSITIVE = []
2748
2862
  include Aws::Structure
2749
2863
  end
2750
2864
 
@@ -2757,6 +2871,7 @@ module Aws::KMS
2757
2871
  #
2758
2872
  class InvalidGrantIdException < Struct.new(
2759
2873
  :message)
2874
+ SENSITIVE = []
2760
2875
  include Aws::Structure
2761
2876
  end
2762
2877
 
@@ -2770,6 +2885,7 @@ module Aws::KMS
2770
2885
  #
2771
2886
  class InvalidGrantTokenException < Struct.new(
2772
2887
  :message)
2888
+ SENSITIVE = []
2773
2889
  include Aws::Structure
2774
2890
  end
2775
2891
 
@@ -2783,6 +2899,7 @@ module Aws::KMS
2783
2899
  #
2784
2900
  class InvalidImportTokenException < Struct.new(
2785
2901
  :message)
2902
+ SENSITIVE = []
2786
2903
  include Aws::Structure
2787
2904
  end
2788
2905
 
@@ -2810,6 +2927,7 @@ module Aws::KMS
2810
2927
  #
2811
2928
  class InvalidKeyUsageException < Struct.new(
2812
2929
  :message)
2930
+ SENSITIVE = []
2813
2931
  include Aws::Structure
2814
2932
  end
2815
2933
 
@@ -2823,6 +2941,7 @@ module Aws::KMS
2823
2941
  #
2824
2942
  class InvalidMarkerException < Struct.new(
2825
2943
  :message)
2944
+ SENSITIVE = []
2826
2945
  include Aws::Structure
2827
2946
  end
2828
2947
 
@@ -2836,6 +2955,7 @@ module Aws::KMS
2836
2955
  #
2837
2956
  class KMSInternalException < Struct.new(
2838
2957
  :message)
2958
+ SENSITIVE = []
2839
2959
  include Aws::Structure
2840
2960
  end
2841
2961
 
@@ -2851,6 +2971,7 @@ module Aws::KMS
2851
2971
  #
2852
2972
  class KMSInvalidSignatureException < Struct.new(
2853
2973
  :message)
2974
+ SENSITIVE = []
2854
2975
  include Aws::Structure
2855
2976
  end
2856
2977
 
@@ -2872,6 +2993,7 @@ module Aws::KMS
2872
2993
  #
2873
2994
  class KMSInvalidStateException < Struct.new(
2874
2995
  :message)
2996
+ SENSITIVE = []
2875
2997
  include Aws::Structure
2876
2998
  end
2877
2999
 
@@ -2890,6 +3012,7 @@ module Aws::KMS
2890
3012
  class KeyListEntry < Struct.new(
2891
3013
  :key_id,
2892
3014
  :key_arn)
3015
+ SENSITIVE = []
2893
3016
  include Aws::Structure
2894
3017
  end
2895
3018
 
@@ -2930,15 +3053,19 @@ module Aws::KMS
2930
3053
  # @return [String]
2931
3054
  #
2932
3055
  # @!attribute [rw] key_usage
2933
- # The cryptographic operations for which you can use the CMK.
3056
+ # The [cryptographic operations][1] for which you can use the CMK.
3057
+ #
3058
+ #
3059
+ #
3060
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
2934
3061
  # @return [String]
2935
3062
  #
2936
3063
  # @!attribute [rw] key_state
2937
- # The state of the CMK.
3064
+ # The current status of the CMK.
2938
3065
  #
2939
3066
  # For more information about how key state affects the use of a CMK,
2940
- # see [How Key State Affects the Use of a Customer Master Key][1] in
2941
- # the *AWS Key Management Service Developer Guide*.
3067
+ # see [Key state: Effect on your CMK][1] in the *AWS Key Management
3068
+ # Service Developer Guide*.
2942
3069
  #
2943
3070
  #
2944
3071
  #
@@ -3011,16 +3138,16 @@ module Aws::KMS
3011
3138
  # @return [String]
3012
3139
  #
3013
3140
  # @!attribute [rw] encryption_algorithms
3014
- # A list of encryption algorithms that the CMK supports. You cannot
3015
- # use the CMK with other encryption algorithms within AWS KMS.
3141
+ # The encryption algorithms that the CMK supports. You cannot use the
3142
+ # CMK with other encryption algorithms within AWS KMS.
3016
3143
  #
3017
3144
  # This field appears only when the `KeyUsage` of the CMK is
3018
3145
  # `ENCRYPT_DECRYPT`.
3019
3146
  # @return [Array<String>]
3020
3147
  #
3021
3148
  # @!attribute [rw] signing_algorithms
3022
- # A list of signing algorithms that the CMK supports. You cannot use
3023
- # the CMK with other signing algorithms within AWS KMS.
3149
+ # The signing algorithms that the CMK supports. You cannot use the CMK
3150
+ # with other signing algorithms within AWS KMS.
3024
3151
  #
3025
3152
  # This field appears only when the `KeyUsage` of the CMK is
3026
3153
  # `SIGN_VERIFY`.
@@ -3047,6 +3174,7 @@ module Aws::KMS
3047
3174
  :customer_master_key_spec,
3048
3175
  :encryption_algorithms,
3049
3176
  :signing_algorithms)
3177
+ SENSITIVE = []
3050
3178
  include Aws::Structure
3051
3179
  end
3052
3180
 
@@ -3060,6 +3188,7 @@ module Aws::KMS
3060
3188
  #
3061
3189
  class KeyUnavailableException < Struct.new(
3062
3190
  :message)
3191
+ SENSITIVE = []
3063
3192
  include Aws::Structure
3064
3193
  end
3065
3194
 
@@ -3078,6 +3207,7 @@ module Aws::KMS
3078
3207
  #
3079
3208
  class LimitExceededException < Struct.new(
3080
3209
  :message)
3210
+ SENSITIVE = []
3081
3211
  include Aws::Structure
3082
3212
  end
3083
3213
 
@@ -3122,6 +3252,7 @@ module Aws::KMS
3122
3252
  :key_id,
3123
3253
  :limit,
3124
3254
  :marker)
3255
+ SENSITIVE = []
3125
3256
  include Aws::Structure
3126
3257
  end
3127
3258
 
@@ -3147,6 +3278,7 @@ module Aws::KMS
3147
3278
  :aliases,
3148
3279
  :next_marker,
3149
3280
  :truncated)
3281
+ SENSITIVE = []
3150
3282
  include Aws::Structure
3151
3283
  end
3152
3284
 
@@ -3198,6 +3330,7 @@ module Aws::KMS
3198
3330
  :limit,
3199
3331
  :marker,
3200
3332
  :key_id)
3333
+ SENSITIVE = []
3201
3334
  include Aws::Structure
3202
3335
  end
3203
3336
 
@@ -3223,6 +3356,7 @@ module Aws::KMS
3223
3356
  :grants,
3224
3357
  :next_marker,
3225
3358
  :truncated)
3359
+ SENSITIVE = []
3226
3360
  include Aws::Structure
3227
3361
  end
3228
3362
 
@@ -3275,6 +3409,7 @@ module Aws::KMS
3275
3409
  :key_id,
3276
3410
  :limit,
3277
3411
  :marker)
3412
+ SENSITIVE = []
3278
3413
  include Aws::Structure
3279
3414
  end
3280
3415
 
@@ -3300,6 +3435,7 @@ module Aws::KMS
3300
3435
  :policy_names,
3301
3436
  :next_marker,
3302
3437
  :truncated)
3438
+ SENSITIVE = []
3303
3439
  include Aws::Structure
3304
3440
  end
3305
3441
 
@@ -3332,6 +3468,7 @@ module Aws::KMS
3332
3468
  class ListKeysRequest < Struct.new(
3333
3469
  :limit,
3334
3470
  :marker)
3471
+ SENSITIVE = []
3335
3472
  include Aws::Structure
3336
3473
  end
3337
3474
 
@@ -3357,6 +3494,7 @@ module Aws::KMS
3357
3494
  :keys,
3358
3495
  :next_marker,
3359
3496
  :truncated)
3497
+ SENSITIVE = []
3360
3498
  include Aws::Structure
3361
3499
  end
3362
3500
 
@@ -3409,6 +3547,7 @@ module Aws::KMS
3409
3547
  :key_id,
3410
3548
  :limit,
3411
3549
  :marker)
3550
+ SENSITIVE = []
3412
3551
  include Aws::Structure
3413
3552
  end
3414
3553
 
@@ -3436,6 +3575,7 @@ module Aws::KMS
3436
3575
  :tags,
3437
3576
  :next_marker,
3438
3577
  :truncated)
3578
+ SENSITIVE = []
3439
3579
  include Aws::Structure
3440
3580
  end
3441
3581
 
@@ -3486,6 +3626,7 @@ module Aws::KMS
3486
3626
  :limit,
3487
3627
  :marker,
3488
3628
  :retiring_principal)
3629
+ SENSITIVE = []
3489
3630
  include Aws::Structure
3490
3631
  end
3491
3632
 
@@ -3499,6 +3640,7 @@ module Aws::KMS
3499
3640
  #
3500
3641
  class MalformedPolicyDocumentException < Struct.new(
3501
3642
  :message)
3643
+ SENSITIVE = []
3502
3644
  include Aws::Structure
3503
3645
  end
3504
3646
 
@@ -3512,6 +3654,7 @@ module Aws::KMS
3512
3654
  #
3513
3655
  class NotFoundException < Struct.new(
3514
3656
  :message)
3657
+ SENSITIVE = []
3515
3658
  include Aws::Structure
3516
3659
  end
3517
3660
 
@@ -3608,6 +3751,7 @@ module Aws::KMS
3608
3751
  :policy_name,
3609
3752
  :policy,
3610
3753
  :bypass_policy_lockout_safety_check)
3754
+ SENSITIVE = []
3611
3755
  include Aws::Structure
3612
3756
  end
3613
3757
 
@@ -3781,6 +3925,7 @@ module Aws::KMS
3781
3925
  :source_encryption_algorithm,
3782
3926
  :destination_encryption_algorithm,
3783
3927
  :grant_tokens)
3928
+ SENSITIVE = []
3784
3929
  include Aws::Structure
3785
3930
  end
3786
3931
 
@@ -3794,7 +3939,12 @@ module Aws::KMS
3794
3939
  # @return [String]
3795
3940
  #
3796
3941
  # @!attribute [rw] key_id
3797
- # Unique identifier of the CMK used to reencrypt the data.
3942
+ # The Amazon Resource Name ([key ARN][1]) of the CMK that was used to
3943
+ # reencrypt the data.
3944
+ #
3945
+ #
3946
+ #
3947
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
3798
3948
  # @return [String]
3799
3949
  #
3800
3950
  # @!attribute [rw] source_encryption_algorithm
@@ -3814,6 +3964,7 @@ module Aws::KMS
3814
3964
  :key_id,
3815
3965
  :source_encryption_algorithm,
3816
3966
  :destination_encryption_algorithm)
3967
+ SENSITIVE = []
3817
3968
  include Aws::Structure
3818
3969
  end
3819
3970
 
@@ -3853,6 +4004,7 @@ module Aws::KMS
3853
4004
  :grant_token,
3854
4005
  :key_id,
3855
4006
  :grant_id)
4007
+ SENSITIVE = []
3856
4008
  include Aws::Structure
3857
4009
  end
3858
4010
 
@@ -3891,6 +4043,7 @@ module Aws::KMS
3891
4043
  class RevokeGrantRequest < Struct.new(
3892
4044
  :key_id,
3893
4045
  :grant_id)
4046
+ SENSITIVE = []
3894
4047
  include Aws::Structure
3895
4048
  end
3896
4049
 
@@ -3931,12 +4084,17 @@ module Aws::KMS
3931
4084
  class ScheduleKeyDeletionRequest < Struct.new(
3932
4085
  :key_id,
3933
4086
  :pending_window_in_days)
4087
+ SENSITIVE = []
3934
4088
  include Aws::Structure
3935
4089
  end
3936
4090
 
3937
4091
  # @!attribute [rw] key_id
3938
- # The unique identifier of the customer master key (CMK) for which
3939
- # deletion is scheduled.
4092
+ # The Amazon Resource Name ([key ARN][1]) of the CMK whose deletion is
4093
+ # scheduled.
4094
+ #
4095
+ #
4096
+ #
4097
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
3940
4098
  # @return [String]
3941
4099
  #
3942
4100
  # @!attribute [rw] deletion_date
@@ -3949,6 +4107,7 @@ module Aws::KMS
3949
4107
  class ScheduleKeyDeletionResponse < Struct.new(
3950
4108
  :key_id,
3951
4109
  :deletion_date)
4110
+ SENSITIVE = []
3952
4111
  include Aws::Structure
3953
4112
  end
3954
4113
 
@@ -4029,12 +4188,17 @@ module Aws::KMS
4029
4188
  :message_type,
4030
4189
  :grant_tokens,
4031
4190
  :signing_algorithm)
4191
+ SENSITIVE = [:message]
4032
4192
  include Aws::Structure
4033
4193
  end
4034
4194
 
4035
4195
  # @!attribute [rw] key_id
4036
- # The Amazon Resource Name (ARN) of the asymmetric CMK that was used
4037
- # to sign the message.
4196
+ # The Amazon Resource Name ([key ARN][1]) of the asymmetric CMK that
4197
+ # was used to sign the message.
4198
+ #
4199
+ #
4200
+ #
4201
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
4038
4202
  # @return [String]
4039
4203
  #
4040
4204
  # @!attribute [rw] signature
@@ -4068,6 +4232,7 @@ module Aws::KMS
4068
4232
  :key_id,
4069
4233
  :signature,
4070
4234
  :signing_algorithm)
4235
+ SENSITIVE = []
4071
4236
  include Aws::Structure
4072
4237
  end
4073
4238
 
@@ -4104,6 +4269,7 @@ module Aws::KMS
4104
4269
  class Tag < Struct.new(
4105
4270
  :tag_key,
4106
4271
  :tag_value)
4272
+ SENSITIVE = []
4107
4273
  include Aws::Structure
4108
4274
  end
4109
4275
 
@@ -4116,6 +4282,7 @@ module Aws::KMS
4116
4282
  #
4117
4283
  class TagException < Struct.new(
4118
4284
  :message)
4285
+ SENSITIVE = []
4119
4286
  include Aws::Structure
4120
4287
  end
4121
4288
 
@@ -4157,6 +4324,7 @@ module Aws::KMS
4157
4324
  class TagResourceRequest < Struct.new(
4158
4325
  :key_id,
4159
4326
  :tags)
4327
+ SENSITIVE = []
4160
4328
  include Aws::Structure
4161
4329
  end
4162
4330
 
@@ -4170,6 +4338,7 @@ module Aws::KMS
4170
4338
  #
4171
4339
  class UnsupportedOperationException < Struct.new(
4172
4340
  :message)
4341
+ SENSITIVE = []
4173
4342
  include Aws::Structure
4174
4343
  end
4175
4344
 
@@ -4206,6 +4375,7 @@ module Aws::KMS
4206
4375
  class UntagResourceRequest < Struct.new(
4207
4376
  :key_id,
4208
4377
  :tag_keys)
4378
+ SENSITIVE = []
4209
4379
  include Aws::Structure
4210
4380
  end
4211
4381
 
@@ -4254,6 +4424,7 @@ module Aws::KMS
4254
4424
  class UpdateAliasRequest < Struct.new(
4255
4425
  :alias_name,
4256
4426
  :target_key_id)
4427
+ SENSITIVE = []
4257
4428
  include Aws::Structure
4258
4429
  end
4259
4430
 
@@ -4313,6 +4484,7 @@ module Aws::KMS
4313
4484
  :new_custom_key_store_name,
4314
4485
  :key_store_password,
4315
4486
  :cloud_hsm_cluster_id)
4487
+ SENSITIVE = [:key_store_password]
4316
4488
  include Aws::Structure
4317
4489
  end
4318
4490
 
@@ -4353,6 +4525,7 @@ module Aws::KMS
4353
4525
  class UpdateKeyDescriptionRequest < Struct.new(
4354
4526
  :key_id,
4355
4527
  :description)
4528
+ SENSITIVE = []
4356
4529
  include Aws::Structure
4357
4530
  end
4358
4531
 
@@ -4444,12 +4617,17 @@ module Aws::KMS
4444
4617
  :signature,
4445
4618
  :signing_algorithm,
4446
4619
  :grant_tokens)
4620
+ SENSITIVE = [:message]
4447
4621
  include Aws::Structure
4448
4622
  end
4449
4623
 
4450
4624
  # @!attribute [rw] key_id
4451
- # The unique identifier for the asymmetric CMK that was used to verify
4452
- # the signature.
4625
+ # The Amazon Resource Name ([key ARN][1]) of the asymmetric CMK that
4626
+ # was used to verify the signature.
4627
+ #
4628
+ #
4629
+ #
4630
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
4453
4631
  # @return [String]
4454
4632
  #
4455
4633
  # @!attribute [rw] signature_valid
@@ -4470,6 +4648,7 @@ module Aws::KMS
4470
4648
  :key_id,
4471
4649
  :signature_valid,
4472
4650
  :signing_algorithm)
4651
+ SENSITIVE = []
4473
4652
  include Aws::Structure
4474
4653
  end
4475
4654