aws-sdk-kms 1.47.0 → 1.51.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-kms/client.rb +484 -13
- data/lib/aws-sdk-kms.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 758dda257f829098532b4f1b4b8d2a622ef171834a54b363c0b5350958fab19e
|
4
|
+
data.tar.gz: 859eb2f63d776b53138b41cbfab6c6f8b91f35d6afd6af9755ab49b15a95b958
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 55bd7dfedda1a4e70318b8c51a8fa1b6c74c6be56cc53e04b9d1e6ac8436e2d5736ea7cb0b1da7c63c035e006388ec64729c57386deb2044f40fb12157888962
|
7
|
+
data.tar.gz: 00a50e7107fb72f6a970a8884e05bca5dc5d7edfe14fa0e57c783705e29042fc8db970a7f0860feaf86275f49485d1a25fe7181bcd9468171dc162e677b74812
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,26 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.51.0 (2021-11-04)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
8
|
+
|
9
|
+
1.50.0 (2021-10-18)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
13
|
+
|
14
|
+
1.49.0 (2021-10-04)
|
15
|
+
------------------
|
16
|
+
|
17
|
+
* Feature - Added SDK examples for ConnectCustomKeyStore, CreateCustomKeyStore, CreateKey, DeleteCustomKeyStore, DescribeCustomKeyStores, DisconnectCustomKeyStore, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GetPublicKey, ReplicateKey, Sign, UpdateCustomKeyStore and Verify APIs
|
18
|
+
|
19
|
+
1.48.0 (2021-09-01)
|
20
|
+
------------------
|
21
|
+
|
22
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
23
|
+
|
4
24
|
1.47.0 (2021-08-30)
|
5
25
|
------------------
|
6
26
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.51.0
|
data/lib/aws-sdk-kms/client.rb
CHANGED
@@ -285,6 +285,15 @@ module Aws::KMS
|
|
285
285
|
# ** Please note ** When response stubbing is enabled, no HTTP
|
286
286
|
# requests are made, and retries are disabled.
|
287
287
|
#
|
288
|
+
# @option options [Boolean] :use_dualstack_endpoint
|
289
|
+
# When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
|
290
|
+
# will be used if available.
|
291
|
+
#
|
292
|
+
# @option options [Boolean] :use_fips_endpoint
|
293
|
+
# When set to `true`, fips compatible endpoints will be used if available.
|
294
|
+
# When a `fips` region is used, the region is normalized and this config
|
295
|
+
# is set to `true`.
|
296
|
+
#
|
288
297
|
# @option options [Boolean] :validate_params (true)
|
289
298
|
# When `true`, request parameters are validated before
|
290
299
|
# sending the request.
|
@@ -488,6 +497,20 @@ module Aws::KMS
|
|
488
497
|
#
|
489
498
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
490
499
|
#
|
500
|
+
#
|
501
|
+
# @example Example: To connect a custom key store to its CloudHSM cluster
|
502
|
+
#
|
503
|
+
# # This example connects an AWS KMS custom key store to its AWS CloudHSM cluster. This operation does not return any data.
|
504
|
+
# # To verify that the custom key store is connected, use the <code>DescribeCustomKeyStores</code> operation.
|
505
|
+
#
|
506
|
+
# resp = client.connect_custom_key_store({
|
507
|
+
# custom_key_store_id: "cks-1234567890abcdef0", # The ID of the AWS KMS custom key store.
|
508
|
+
# })
|
509
|
+
#
|
510
|
+
# resp.to_h outputs the following:
|
511
|
+
# {
|
512
|
+
# }
|
513
|
+
#
|
491
514
|
# @example Request syntax with placeholder values
|
492
515
|
#
|
493
516
|
# resp = client.connect_custom_key_store({
|
@@ -724,6 +747,23 @@ module Aws::KMS
|
|
724
747
|
#
|
725
748
|
# * {Types::CreateCustomKeyStoreResponse#custom_key_store_id #custom_key_store_id} => String
|
726
749
|
#
|
750
|
+
#
|
751
|
+
# @example Example: To create an AWS CloudHSM custom key store
|
752
|
+
#
|
753
|
+
# # This example creates a custom key store that is associated with an AWS CloudHSM cluster.
|
754
|
+
#
|
755
|
+
# resp = client.create_custom_key_store({
|
756
|
+
# cloud_hsm_cluster_id: "cluster-1a23b4cdefg", # The ID of the CloudHSM cluster.
|
757
|
+
# custom_key_store_name: "ExampleKeyStore", # A friendly name for the custom key store.
|
758
|
+
# key_store_password: "kmsPswd", # The password for the kmsuser CU account in the specified cluster.
|
759
|
+
# trust_anchor_certificate: "<certificate-goes-here>", # The content of the customerCA.crt file that you created when you initialized the cluster.
|
760
|
+
# })
|
761
|
+
#
|
762
|
+
# resp.to_h outputs the following:
|
763
|
+
# {
|
764
|
+
# custom_key_store_id: "cks-1234567890abcdef0", # The ID of the new custom key store.
|
765
|
+
# }
|
766
|
+
#
|
727
767
|
# @example Request syntax with placeholder values
|
728
768
|
#
|
729
769
|
# resp = client.create_custom_key_store({
|
@@ -1410,15 +1450,10 @@ module Aws::KMS
|
|
1410
1450
|
#
|
1411
1451
|
# @example Example: To create a KMS key
|
1412
1452
|
#
|
1413
|
-
# # The following example creates a KMS key.
|
1453
|
+
# # The following example creates a symmetric KMS key for encryption and decryption. No parameters are required for this
|
1454
|
+
# # operation.
|
1414
1455
|
#
|
1415
1456
|
# resp = client.create_key({
|
1416
|
-
# tags: [
|
1417
|
-
# {
|
1418
|
-
# tag_key: "CreatedBy",
|
1419
|
-
# tag_value: "ExampleUser",
|
1420
|
-
# },
|
1421
|
-
# ], # One or more tags. Each tag consists of a tag key and a tag value.
|
1422
1457
|
# })
|
1423
1458
|
#
|
1424
1459
|
# resp.to_h outputs the following:
|
@@ -1438,8 +1473,181 @@ module Aws::KMS
|
|
1438
1473
|
# key_spec: "SYMMETRIC_DEFAULT",
|
1439
1474
|
# key_state: "Enabled",
|
1440
1475
|
# key_usage: "ENCRYPT_DECRYPT",
|
1476
|
+
# multi_region: false,
|
1477
|
+
# origin: "AWS_KMS",
|
1478
|
+
# }, # Detailed information about the KMS key that this operation creates.
|
1479
|
+
# }
|
1480
|
+
#
|
1481
|
+
# @example Example: To create an asymmetric RSA KMS key for encryption and decryption
|
1482
|
+
#
|
1483
|
+
# # This example creates a KMS key that contains an asymmetric RSA key pair for encryption and decryption. The key spec and
|
1484
|
+
# # key usage can't be changed after the key is created.
|
1485
|
+
#
|
1486
|
+
# resp = client.create_key({
|
1487
|
+
# key_spec: "RSA_4096", # Describes the type of key material in the KMS key.
|
1488
|
+
# key_usage: "ENCRYPT_DECRYPT", # The cryptographic operations for which you can use the KMS key.
|
1489
|
+
# })
|
1490
|
+
#
|
1491
|
+
# resp.to_h outputs the following:
|
1492
|
+
# {
|
1493
|
+
# key_metadata: {
|
1494
|
+
# aws_account_id: "111122223333",
|
1495
|
+
# arn: "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
|
1496
|
+
# creation_date: Time.parse("2021-04-05T14:04:55-07:00"),
|
1497
|
+
# customer_master_key_spec: "RSA_4096",
|
1498
|
+
# description: "",
|
1499
|
+
# enabled: true,
|
1500
|
+
# encryption_algorithms: [
|
1501
|
+
# "RSAES_OAEP_SHA_1",
|
1502
|
+
# "RSAES_OAEP_SHA_256",
|
1503
|
+
# ],
|
1504
|
+
# key_id: "1234abcd-12ab-34cd-56ef-1234567890ab",
|
1505
|
+
# key_manager: "CUSTOMER",
|
1506
|
+
# key_spec: "RSA_4096",
|
1507
|
+
# key_state: "Enabled",
|
1508
|
+
# key_usage: "ENCRYPT_DECRYPT",
|
1509
|
+
# multi_region: false,
|
1510
|
+
# origin: "AWS_KMS",
|
1511
|
+
# }, # Detailed information about the KMS key that this operation creates.
|
1512
|
+
# }
|
1513
|
+
#
|
1514
|
+
# @example Example: To create an asymmetric elliptic curve KMS key for signing and verification
|
1515
|
+
#
|
1516
|
+
# # This example creates a KMS key that contains an asymmetric elliptic curve (ECC) key pair for signing and verification.
|
1517
|
+
# # The key usage is required even though "SIGN_VERIFY" is the only valid value for ECC KMS keys. The key spec and key usage
|
1518
|
+
# # can't be changed after the key is created.
|
1519
|
+
#
|
1520
|
+
# resp = client.create_key({
|
1521
|
+
# key_spec: "ECC_NIST_P521", # Describes the type of key material in the KMS key.
|
1522
|
+
# key_usage: "SIGN_VERIFY", # The cryptographic operations for which you can use the KMS key.
|
1523
|
+
# })
|
1524
|
+
#
|
1525
|
+
# resp.to_h outputs the following:
|
1526
|
+
# {
|
1527
|
+
# key_metadata: {
|
1528
|
+
# aws_account_id: "111122223333",
|
1529
|
+
# arn: "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
|
1530
|
+
# creation_date: Time.parse("2019-12-02T07:48:55-07:00"),
|
1531
|
+
# customer_master_key_spec: "ECC_NIST_P521",
|
1532
|
+
# description: "",
|
1533
|
+
# enabled: true,
|
1534
|
+
# key_id: "1234abcd-12ab-34cd-56ef-1234567890ab",
|
1535
|
+
# key_manager: "CUSTOMER",
|
1536
|
+
# key_spec: "ECC_NIST_P521",
|
1537
|
+
# key_state: "Enabled",
|
1538
|
+
# key_usage: "SIGN_VERIFY",
|
1539
|
+
# multi_region: false,
|
1540
|
+
# origin: "AWS_KMS",
|
1541
|
+
# signing_algorithms: [
|
1542
|
+
# "ECDSA_SHA_512",
|
1543
|
+
# ],
|
1544
|
+
# }, # Detailed information about the KMS key that this operation creates.
|
1545
|
+
# }
|
1546
|
+
#
|
1547
|
+
# @example Example: To create a multi-Region primary KMS key
|
1548
|
+
#
|
1549
|
+
# # This example creates a multi-Region primary symmetric encryption key. Because the default values for all parameters
|
1550
|
+
# # create a symmetric encryption key, only the MultiRegion parameter is required for this KMS key.
|
1551
|
+
#
|
1552
|
+
# resp = client.create_key({
|
1553
|
+
# multi_region: true, # Indicates whether the KMS key is a multi-Region (True) or regional (False) key.
|
1554
|
+
# })
|
1555
|
+
#
|
1556
|
+
# resp.to_h outputs the following:
|
1557
|
+
# {
|
1558
|
+
# key_metadata: {
|
1559
|
+
# aws_account_id: "111122223333",
|
1560
|
+
# arn: "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef12345678990ab",
|
1561
|
+
# creation_date: Time.parse("2021-09-02T016:15:21-09:00"),
|
1562
|
+
# customer_master_key_spec: "SYMMETRIC_DEFAULT",
|
1563
|
+
# description: "",
|
1564
|
+
# enabled: true,
|
1565
|
+
# encryption_algorithms: [
|
1566
|
+
# "SYMMETRIC_DEFAULT",
|
1567
|
+
# ],
|
1568
|
+
# key_id: "mrk-1234abcd12ab34cd56ef12345678990ab",
|
1569
|
+
# key_manager: "CUSTOMER",
|
1570
|
+
# key_spec: "SYMMETRIC_DEFAULT",
|
1571
|
+
# key_state: "Enabled",
|
1572
|
+
# key_usage: "ENCRYPT_DECRYPT",
|
1573
|
+
# multi_region: true,
|
1574
|
+
# multi_region_configuration: {
|
1575
|
+
# multi_region_key_type: "PRIMARY",
|
1576
|
+
# primary_key: {
|
1577
|
+
# arn: "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef12345678990ab",
|
1578
|
+
# region: "us-west-2",
|
1579
|
+
# },
|
1580
|
+
# replica_keys: [
|
1581
|
+
# ],
|
1582
|
+
# },
|
1441
1583
|
# origin: "AWS_KMS",
|
1442
|
-
# }, #
|
1584
|
+
# }, # Detailed information about the KMS key that this operation creates.
|
1585
|
+
# }
|
1586
|
+
#
|
1587
|
+
# @example Example: To create a KMS key for imported key material
|
1588
|
+
#
|
1589
|
+
# # This example creates a KMS key with no key material. When the operation is complete, you can import your own key
|
1590
|
+
# # material into the KMS key. To create this KMS key, set the Origin parameter to EXTERNAL.
|
1591
|
+
#
|
1592
|
+
# resp = client.create_key({
|
1593
|
+
# origin: "EXTERNAL", # The source of the key material for the KMS key.
|
1594
|
+
# })
|
1595
|
+
#
|
1596
|
+
# resp.to_h outputs the following:
|
1597
|
+
# {
|
1598
|
+
# key_metadata: {
|
1599
|
+
# aws_account_id: "111122223333",
|
1600
|
+
# arn: "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
|
1601
|
+
# creation_date: Time.parse("2019-12-02T07:48:55-07:00"),
|
1602
|
+
# customer_master_key_spec: "SYMMETRIC_DEFAULT",
|
1603
|
+
# description: "",
|
1604
|
+
# enabled: false,
|
1605
|
+
# encryption_algorithms: [
|
1606
|
+
# "SYMMETRIC_DEFAULT",
|
1607
|
+
# ],
|
1608
|
+
# key_id: "1234abcd-12ab-34cd-56ef-1234567890ab",
|
1609
|
+
# key_manager: "CUSTOMER",
|
1610
|
+
# key_spec: "SYMMETRIC_DEFAULT",
|
1611
|
+
# key_state: "PendingImport",
|
1612
|
+
# key_usage: "ENCRYPT_DECRYPT",
|
1613
|
+
# multi_region: false,
|
1614
|
+
# origin: "EXTERNAL",
|
1615
|
+
# }, # Detailed information about the KMS key that this operation creates.
|
1616
|
+
# }
|
1617
|
+
#
|
1618
|
+
# @example Example: To create a KMS key in a custom key store
|
1619
|
+
#
|
1620
|
+
# # This example creates a KMS key in the specified custom key store. The operation creates the KMS key and its metadata in
|
1621
|
+
# # AWS KMS and the key material in the AWS CloudHSM cluster associated with the custom key store. This example requires the
|
1622
|
+
# # Origin and CustomKeyStoreId parameters.
|
1623
|
+
#
|
1624
|
+
# resp = client.create_key({
|
1625
|
+
# custom_key_store_id: "cks-1234567890abcdef0", # Identifies the custom key store that hosts the KMS key.
|
1626
|
+
# origin: "AWS_CLOUDHSM", # Indicates the source of the key material for the KMS key.
|
1627
|
+
# })
|
1628
|
+
#
|
1629
|
+
# resp.to_h outputs the following:
|
1630
|
+
# {
|
1631
|
+
# key_metadata: {
|
1632
|
+
# aws_account_id: "111122223333",
|
1633
|
+
# arn: "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
|
1634
|
+
# cloud_hsm_cluster_id: "cluster-1a23b4cdefg",
|
1635
|
+
# creation_date: Time.parse("2019-12-02T07:48:55-07:00"),
|
1636
|
+
# custom_key_store_id: "cks-1234567890abcdef0",
|
1637
|
+
# customer_master_key_spec: "SYMMETRIC_DEFAULT",
|
1638
|
+
# description: "",
|
1639
|
+
# enabled: true,
|
1640
|
+
# encryption_algorithms: [
|
1641
|
+
# "SYMMETRIC_DEFAULT",
|
1642
|
+
# ],
|
1643
|
+
# key_id: "1234abcd-12ab-34cd-56ef-1234567890ab",
|
1644
|
+
# key_manager: "CUSTOMER",
|
1645
|
+
# key_spec: "SYMMETRIC_DEFAULT",
|
1646
|
+
# key_state: "Enabled",
|
1647
|
+
# key_usage: "ENCRYPT_DECRYPT",
|
1648
|
+
# multi_region: false,
|
1649
|
+
# origin: "AWS_CLOUDHSM",
|
1650
|
+
# }, # Detailed information about the KMS key that this operation creates.
|
1443
1651
|
# }
|
1444
1652
|
#
|
1445
1653
|
# @example Request syntax with placeholder values
|
@@ -1850,6 +2058,21 @@ module Aws::KMS
|
|
1850
2058
|
#
|
1851
2059
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1852
2060
|
#
|
2061
|
+
#
|
2062
|
+
# @example Example: To delete a custom key store from AWS KMS
|
2063
|
+
#
|
2064
|
+
# # This example deletes a custom key store from AWS KMS. This operation does not delete the AWS CloudHSM cluster that was
|
2065
|
+
# # associated with the CloudHSM cluster. This operation doesn't return any data. To verify that the operation was
|
2066
|
+
# # successful, use the DescribeCustomKeyStores operation.
|
2067
|
+
#
|
2068
|
+
# resp = client.delete_custom_key_store({
|
2069
|
+
# custom_key_store_id: "cks-1234567890abcdef0", # The ID of the custom key store to be deleted.
|
2070
|
+
# })
|
2071
|
+
#
|
2072
|
+
# resp.to_h outputs the following:
|
2073
|
+
# {
|
2074
|
+
# }
|
2075
|
+
#
|
1853
2076
|
# @example Request syntax with placeholder values
|
1854
2077
|
#
|
1855
2078
|
# resp = client.delete_custom_key_store({
|
@@ -2029,6 +2252,44 @@ module Aws::KMS
|
|
2029
2252
|
# * {Types::DescribeCustomKeyStoresResponse#next_marker #next_marker} => String
|
2030
2253
|
# * {Types::DescribeCustomKeyStoresResponse#truncated #truncated} => Boolean
|
2031
2254
|
#
|
2255
|
+
#
|
2256
|
+
# @example Example: To get detailed information about custom key stores in the account and Region
|
2257
|
+
#
|
2258
|
+
# # This example gets detailed information about all AWS KMS custom key stores in an AWS account and Region. To get all key
|
2259
|
+
# # stores, do not enter a custom key store name or ID.
|
2260
|
+
#
|
2261
|
+
# resp = client.describe_custom_key_stores({
|
2262
|
+
# })
|
2263
|
+
#
|
2264
|
+
# resp.to_h outputs the following:
|
2265
|
+
# {
|
2266
|
+
# custom_key_stores: [
|
2267
|
+
# ], # Details about each custom key store in the account and Region.
|
2268
|
+
# }
|
2269
|
+
#
|
2270
|
+
# @example Example: To get detailed information about a custom key store associated with a CloudHSM cluster.
|
2271
|
+
#
|
2272
|
+
# # This example gets detailed information about a particular AWS KMS custom key store that is associate with an AWS
|
2273
|
+
# # CloudHSM cluster. To limit the output to a particular custom key store, provide the custom key store name or ID.
|
2274
|
+
#
|
2275
|
+
# resp = client.describe_custom_key_stores({
|
2276
|
+
# custom_key_store_name: "ExampleKeyStore", # The friendly name of the custom key store.
|
2277
|
+
# })
|
2278
|
+
#
|
2279
|
+
# resp.to_h outputs the following:
|
2280
|
+
# {
|
2281
|
+
# custom_key_stores: [
|
2282
|
+
# {
|
2283
|
+
# cloud_hsm_cluster_id: "cluster-1a23b4cdefg",
|
2284
|
+
# connection_state: "CONNECTED",
|
2285
|
+
# creation_date: Time.parse("1.499288695918E9"),
|
2286
|
+
# custom_key_store_id: "cks-1234567890abcdef0",
|
2287
|
+
# custom_key_store_name: "ExampleKeyStore",
|
2288
|
+
# trust_anchor_certificate: "<certificate appears here>",
|
2289
|
+
# },
|
2290
|
+
# ], # Detailed information about the specified custom key store.
|
2291
|
+
# }
|
2292
|
+
#
|
2032
2293
|
# @example Request syntax with placeholder values
|
2033
2294
|
#
|
2034
2295
|
# resp = client.describe_custom_key_stores({
|
@@ -2458,6 +2719,20 @@ module Aws::KMS
|
|
2458
2719
|
#
|
2459
2720
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2460
2721
|
#
|
2722
|
+
#
|
2723
|
+
# @example Example: To disconnect a custom key store from its CloudHSM cluster
|
2724
|
+
#
|
2725
|
+
# # This example disconnects an AWS KMS custom key store from its AWS CloudHSM cluster. This operation doesn't return any
|
2726
|
+
# # data. To verify that the custom key store is disconnected, use the <code>DescribeCustomKeyStores</code> operation.
|
2727
|
+
#
|
2728
|
+
# resp = client.disconnect_custom_key_store({
|
2729
|
+
# custom_key_store_id: "cks-1234567890abcdef0", # The ID of the custom key store.
|
2730
|
+
# })
|
2731
|
+
#
|
2732
|
+
# resp.to_h outputs the following:
|
2733
|
+
# {
|
2734
|
+
# }
|
2735
|
+
#
|
2461
2736
|
# @example Request syntax with placeholder values
|
2462
2737
|
#
|
2463
2738
|
# resp = client.disconnect_custom_key_store({
|
@@ -3205,6 +3480,26 @@ module Aws::KMS
|
|
3205
3480
|
# * {Types::GenerateDataKeyPairResponse#key_id #key_id} => String
|
3206
3481
|
# * {Types::GenerateDataKeyPairResponse#key_pair_spec #key_pair_spec} => String
|
3207
3482
|
#
|
3483
|
+
#
|
3484
|
+
# @example Example: To generate an RSA key pair for encryption and decryption
|
3485
|
+
#
|
3486
|
+
# # This example generates an RSA data key pair for encryption and decryption. The operation returns a plaintext public key
|
3487
|
+
# # and private key, and a copy of the private key that is encrypted under a symmetric KMS key that you specify.
|
3488
|
+
#
|
3489
|
+
# resp = client.generate_data_key_pair({
|
3490
|
+
# key_id: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", # The key ID of the symmetric KMS key that encrypts the private RSA key in the data key pair.
|
3491
|
+
# key_pair_spec: "RSA_3072", # The requested key spec of the RSA data key pair.
|
3492
|
+
# })
|
3493
|
+
#
|
3494
|
+
# resp.to_h outputs the following:
|
3495
|
+
# {
|
3496
|
+
# key_id: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", # The key ARN of the symmetric KMS key that was used to encrypt the private key.
|
3497
|
+
# key_pair_spec: "RSA_3072", # The actual key spec of the RSA data key pair.
|
3498
|
+
# private_key_ciphertext_blob: "<binary data>", # The encrypted private key of the RSA data key pair.
|
3499
|
+
# private_key_plaintext: "<binary data>", # The plaintext private key of the RSA data key pair.
|
3500
|
+
# public_key: "<binary data>", # The public key (plaintext) of the RSA data key pair.
|
3501
|
+
# }
|
3502
|
+
#
|
3208
3503
|
# @example Request syntax with placeholder values
|
3209
3504
|
#
|
3210
3505
|
# resp = client.generate_data_key_pair({
|
@@ -3371,6 +3666,25 @@ module Aws::KMS
|
|
3371
3666
|
# * {Types::GenerateDataKeyPairWithoutPlaintextResponse#key_id #key_id} => String
|
3372
3667
|
# * {Types::GenerateDataKeyPairWithoutPlaintextResponse#key_pair_spec #key_pair_spec} => String
|
3373
3668
|
#
|
3669
|
+
#
|
3670
|
+
# @example Example: To generate an asymmetric data key pair without a plaintext key
|
3671
|
+
#
|
3672
|
+
# # This example returns an asymmetric elliptic curve (ECC) data key pair. The private key is encrypted under the symmetric
|
3673
|
+
# # KMS key that you specify. This operation doesn't return a plaintext (unencrypted) private key.
|
3674
|
+
#
|
3675
|
+
# resp = client.generate_data_key_pair_without_plaintext({
|
3676
|
+
# key_id: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", # The symmetric KMS key that encrypts the private key of the ECC data key pair.
|
3677
|
+
# key_pair_spec: "ECC_NIST_P521", # The requested key spec of the ECC asymmetric data key pair.
|
3678
|
+
# })
|
3679
|
+
#
|
3680
|
+
# resp.to_h outputs the following:
|
3681
|
+
# {
|
3682
|
+
# key_id: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", # The key ARN of the symmetric KMS key that encrypted the private key in the ECC asymmetric data key pair.
|
3683
|
+
# key_pair_spec: "ECC_NIST_P521", # The actual key spec of the ECC asymmetric data key pair.
|
3684
|
+
# private_key_ciphertext_blob: "<binary data>", # The encrypted private key of the asymmetric ECC data key pair.
|
3685
|
+
# public_key: "<binary data>", # The public key (plaintext).
|
3686
|
+
# }
|
3687
|
+
#
|
3374
3688
|
# @example Request syntax with placeholder values
|
3375
3689
|
#
|
3376
3690
|
# resp = client.generate_data_key_pair_without_plaintext({
|
@@ -4053,6 +4367,29 @@ module Aws::KMS
|
|
4053
4367
|
# * {Types::GetPublicKeyResponse#encryption_algorithms #encryption_algorithms} => Array<String>
|
4054
4368
|
# * {Types::GetPublicKeyResponse#signing_algorithms #signing_algorithms} => Array<String>
|
4055
4369
|
#
|
4370
|
+
#
|
4371
|
+
# @example Example: To download the public key of an asymmetric KMS key
|
4372
|
+
#
|
4373
|
+
# # This example gets the public key of an asymmetric RSA KMS key used for encryption and decryption. The operation returns
|
4374
|
+
# # the key spec, key usage, and encryption or signing algorithms to help you use the public key correctly outside of AWS
|
4375
|
+
# # KMS.
|
4376
|
+
#
|
4377
|
+
# resp = client.get_public_key({
|
4378
|
+
# key_id: "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321", # The key ARN of the asymmetric KMS key.
|
4379
|
+
# })
|
4380
|
+
#
|
4381
|
+
# resp.to_h outputs the following:
|
4382
|
+
# {
|
4383
|
+
# customer_master_key_spec: "RSA_4096", # The key spec of the asymmetric KMS key from which the public key was downloaded.
|
4384
|
+
# encryption_algorithms: [
|
4385
|
+
# "RSAES_OAEP_SHA_1",
|
4386
|
+
# "RSAES_OAEP_SHA_256",
|
4387
|
+
# ], # The encryption algorithms supported by the asymmetric KMS key that was downloaded.
|
4388
|
+
# key_id: "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321", # The key ARN of the asymmetric KMS key from which the public key was downloaded.
|
4389
|
+
# key_usage: "ENCRYPT_DECRYPT", # The key usage of the asymmetric KMS key from which the public key was downloaded.
|
4390
|
+
# public_key: "<binary data>", # The public key (plaintext) of the asymmetric KMS key.
|
4391
|
+
# }
|
4392
|
+
#
|
4056
4393
|
# @example Request syntax with placeholder values
|
4057
4394
|
#
|
4058
4395
|
# resp = client.get_public_key({
|
@@ -5719,6 +6056,53 @@ module Aws::KMS
|
|
5719
6056
|
# * {Types::ReplicateKeyResponse#replica_policy #replica_policy} => String
|
5720
6057
|
# * {Types::ReplicateKeyResponse#replica_tags #replica_tags} => Array<Types::Tag>
|
5721
6058
|
#
|
6059
|
+
#
|
6060
|
+
# @example Example: To replicate a multi-Region key in a different AWS Region
|
6061
|
+
#
|
6062
|
+
# # This example creates a multi-Region replica key in us-west-2 of a multi-Region primary key in us-east-1.
|
6063
|
+
#
|
6064
|
+
# resp = client.replicate_key({
|
6065
|
+
# key_id: "arn:aws:kms:us-east-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab", # The key ID or key ARN of the multi-Region primary key
|
6066
|
+
# replica_region: "us-west-2", # The Region of the new replica.
|
6067
|
+
# })
|
6068
|
+
#
|
6069
|
+
# resp.to_h outputs the following:
|
6070
|
+
# {
|
6071
|
+
# replica_key_metadata: {
|
6072
|
+
# aws_account_id: "111122223333",
|
6073
|
+
# arn: "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab",
|
6074
|
+
# creation_date: Time.parse(1607472987.918),
|
6075
|
+
# customer_master_key_spec: "SYMMETRIC_DEFAULT",
|
6076
|
+
# description: "",
|
6077
|
+
# enabled: true,
|
6078
|
+
# encryption_algorithms: [
|
6079
|
+
# "SYMMETRIC_DEFAULT",
|
6080
|
+
# ],
|
6081
|
+
# key_id: "mrk-1234abcd12ab34cd56ef1234567890ab",
|
6082
|
+
# key_manager: "CUSTOMER",
|
6083
|
+
# key_state: "Enabled",
|
6084
|
+
# key_usage: "ENCRYPT_DECRYPT",
|
6085
|
+
# multi_region: true,
|
6086
|
+
# multi_region_configuration: {
|
6087
|
+
# multi_region_key_type: "REPLICA",
|
6088
|
+
# primary_key: {
|
6089
|
+
# arn: "arn:aws:kms:us-east-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab",
|
6090
|
+
# region: "us-east-1",
|
6091
|
+
# },
|
6092
|
+
# replica_keys: [
|
6093
|
+
# {
|
6094
|
+
# arn: "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab",
|
6095
|
+
# region: "us-west-2",
|
6096
|
+
# },
|
6097
|
+
# ],
|
6098
|
+
# },
|
6099
|
+
# origin: "AWS_KMS",
|
6100
|
+
# }, # An object that displays detailed information about the replica key.
|
6101
|
+
# replica_policy: "{\n \"Version\" : \"2012-10-17\",\n \"Id\" : \"key-default-1\",...}", # The key policy of the replica key. If you don't specify a key policy, the replica key gets the default key policy for a KMS key.
|
6102
|
+
# replica_tags: [
|
6103
|
+
# ], # The tags on the replica key, if any.
|
6104
|
+
# }
|
6105
|
+
#
|
5722
6106
|
# @example Request syntax with placeholder values
|
5723
6107
|
#
|
5724
6108
|
# resp = client.replicate_key({
|
@@ -6222,6 +6606,26 @@ module Aws::KMS
|
|
6222
6606
|
# * {Types::SignResponse#signature #signature} => String
|
6223
6607
|
# * {Types::SignResponse#signing_algorithm #signing_algorithm} => String
|
6224
6608
|
#
|
6609
|
+
#
|
6610
|
+
# @example Example: To digitally sign a message with an asymmetric KMS key.
|
6611
|
+
#
|
6612
|
+
# # This operation uses the private key in an asymmetric elliptic curve (ECC) KMS key to generate a digital signature for a
|
6613
|
+
# # given message.
|
6614
|
+
#
|
6615
|
+
# resp = client.sign({
|
6616
|
+
# key_id: "alias/ECC_signing_key", # The asymmetric KMS key to be used to generate the digital signature. This example uses an alias of the KMS key.
|
6617
|
+
# message: "<message to be signed>", # Message to be signed. Use Base-64 for the CLI.
|
6618
|
+
# message_type: "RAW", # Indicates whether the message is RAW or a DIGEST.
|
6619
|
+
# signing_algorithm: "ECDSA_SHA_384", # The requested signing algorithm. This must be an algorithm that the KMS key supports.
|
6620
|
+
# })
|
6621
|
+
#
|
6622
|
+
# resp.to_h outputs the following:
|
6623
|
+
# {
|
6624
|
+
# key_id: "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", # The key ARN of the asymmetric KMS key that was used to sign the message.
|
6625
|
+
# signature: "<binary data>", # The digital signature of the message.
|
6626
|
+
# signing_algorithm: "ECDSA_SHA_384", # The actual signing algorithm that was used to generate the signature.
|
6627
|
+
# }
|
6628
|
+
#
|
6225
6629
|
# @example Request syntax with placeholder values
|
6226
6630
|
#
|
6227
6631
|
# resp = client.sign({
|
@@ -6599,15 +7003,16 @@ module Aws::KMS
|
|
6599
7003
|
# ConnectCustomKeyStore. To find the connection state of a custom key
|
6600
7004
|
# store, use the DescribeCustomKeyStores operation.
|
6601
7005
|
#
|
6602
|
-
#
|
7006
|
+
# The `CustomKeyStoreId` parameter is required in all commands. Use the
|
7007
|
+
# other parameters of `UpdateCustomKeyStore` to edit your key store
|
6603
7008
|
# settings.
|
6604
7009
|
#
|
6605
|
-
# * Use the
|
7010
|
+
# * Use the `NewCustomKeyStoreName` parameter to change the friendly
|
6606
7011
|
# name of the custom key store to the value that you specify.
|
6607
7012
|
#
|
6608
7013
|
#
|
6609
7014
|
#
|
6610
|
-
# * Use the
|
7015
|
+
# * Use the `KeyStorePassword` parameter tell KMS the current password
|
6611
7016
|
# of the [ `kmsuser` crypto user (CU)][1] in the associated CloudHSM
|
6612
7017
|
# cluster. You can use this parameter to [fix connection failures][2]
|
6613
7018
|
# that occur when KMS cannot log into the associated cluster because
|
@@ -6616,7 +7021,7 @@ module Aws::KMS
|
|
6616
7021
|
#
|
6617
7022
|
#
|
6618
7023
|
#
|
6619
|
-
# * Use the
|
7024
|
+
# * Use the `CloudHsmClusterId` parameter to associate the custom key
|
6620
7025
|
# store with a different, but related, CloudHSM cluster. You can use
|
6621
7026
|
# this parameter to repair a custom key store if its CloudHSM cluster
|
6622
7027
|
# becomes corrupted or is deleted, or when you need to create or
|
@@ -6690,6 +7095,51 @@ module Aws::KMS
|
|
6690
7095
|
#
|
6691
7096
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
6692
7097
|
#
|
7098
|
+
#
|
7099
|
+
# @example Example: To edit the password of a custom key store
|
7100
|
+
#
|
7101
|
+
# # This example tells KMS the password for the kmsuser crypto user in the AWS CloudHSM cluster that is associated with the
|
7102
|
+
# # AWS KMS custom key store. (It does not change the password in the CloudHSM cluster.) This operation does not return any
|
7103
|
+
# # data.
|
7104
|
+
#
|
7105
|
+
# resp = client.update_custom_key_store({
|
7106
|
+
# custom_key_store_id: "cks-1234567890abcdef0", # The ID of the custom key store that you are updating.
|
7107
|
+
# key_store_password: "ExamplePassword", # The password for the kmsuser crypto user in the CloudHSM cluster.
|
7108
|
+
# })
|
7109
|
+
#
|
7110
|
+
# resp.to_h outputs the following:
|
7111
|
+
# {
|
7112
|
+
# }
|
7113
|
+
#
|
7114
|
+
# @example Example: To edit the friendly name of a custom key store
|
7115
|
+
#
|
7116
|
+
# # This example changes the friendly name of the AWS KMS custom key store to the name that you specify. This operation does
|
7117
|
+
# # not return any data. To verify that the operation worked, use the DescribeCustomKeyStores operation.
|
7118
|
+
#
|
7119
|
+
# resp = client.update_custom_key_store({
|
7120
|
+
# custom_key_store_id: "cks-1234567890abcdef0", # The ID of the custom key store that you are updating.
|
7121
|
+
# new_custom_key_store_name: "DevelopmentKeys", # A new friendly name for the custom key store.
|
7122
|
+
# })
|
7123
|
+
#
|
7124
|
+
# resp.to_h outputs the following:
|
7125
|
+
# {
|
7126
|
+
# }
|
7127
|
+
#
|
7128
|
+
# @example Example: To associate the custom key store with a different, but related, AWS CloudHSM cluster.
|
7129
|
+
#
|
7130
|
+
# # This example changes the cluster that is associated with a custom key store to a related cluster, such as a different
|
7131
|
+
# # backup of the same cluster. This operation does not return any data. To verify that the operation worked, use the
|
7132
|
+
# # DescribeCustomKeyStores operation.
|
7133
|
+
#
|
7134
|
+
# resp = client.update_custom_key_store({
|
7135
|
+
# cloud_hsm_cluster_id: "cluster-1a23b4cdefg", # The ID of the AWS CloudHSM cluster that you want to associate with the custom key store. This cluster must be related to the original CloudHSM cluster for this key store.
|
7136
|
+
# custom_key_store_id: "cks-1234567890abcdef0", # The ID of the custom key store that you are updating.
|
7137
|
+
# })
|
7138
|
+
#
|
7139
|
+
# resp.to_h outputs the following:
|
7140
|
+
# {
|
7141
|
+
# }
|
7142
|
+
#
|
6693
7143
|
# @example Request syntax with placeholder values
|
6694
7144
|
#
|
6695
7145
|
# resp = client.update_custom_key_store({
|
@@ -7021,6 +7471,27 @@ module Aws::KMS
|
|
7021
7471
|
# * {Types::VerifyResponse#signature_valid #signature_valid} => Boolean
|
7022
7472
|
# * {Types::VerifyResponse#signing_algorithm #signing_algorithm} => String
|
7023
7473
|
#
|
7474
|
+
#
|
7475
|
+
# @example Example: To use an asymmetric KMS key to verify a digital signature
|
7476
|
+
#
|
7477
|
+
# # This operation uses the public key in an elliptic curve (ECC) asymmetric key to verify a digital signature within AWS
|
7478
|
+
# # KMS.
|
7479
|
+
#
|
7480
|
+
# resp = client.verify({
|
7481
|
+
# key_id: "alias/ECC_signing_key", # The asymmetric KMS key to be used to verify the digital signature. This example uses an alias to identify the KMS key.
|
7482
|
+
# message: "<message to be verified>", # The message that was signed.
|
7483
|
+
# message_type: "RAW", # Indicates whether the message is RAW or a DIGEST.
|
7484
|
+
# signature: "<binary data>", # The signature to be verified.
|
7485
|
+
# signing_algorithm: "ECDSA_SHA_384", # The signing algorithm to be used to verify the signature.
|
7486
|
+
# })
|
7487
|
+
#
|
7488
|
+
# resp.to_h outputs the following:
|
7489
|
+
# {
|
7490
|
+
# key_id: "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", # The key ARN of the asymmetric KMS key that was used to verify the digital signature.
|
7491
|
+
# signature_valid: true, # Indicates whether the signature was verified (true) or failed verification (false).
|
7492
|
+
# signing_algorithm: "ECDSA_SHA_384", # The signing algorithm that was used to verify the signature.
|
7493
|
+
# }
|
7494
|
+
#
|
7024
7495
|
# @example Request syntax with placeholder values
|
7025
7496
|
#
|
7026
7497
|
# resp = client.verify({
|
@@ -7060,7 +7531,7 @@ module Aws::KMS
|
|
7060
7531
|
params: params,
|
7061
7532
|
config: config)
|
7062
7533
|
context[:gem_name] = 'aws-sdk-kms'
|
7063
|
-
context[:gem_version] = '1.
|
7534
|
+
context[:gem_version] = '1.51.0'
|
7064
7535
|
Seahorse::Client::Request.new(handlers, context)
|
7065
7536
|
end
|
7066
7537
|
|
data/lib/aws-sdk-kms.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-kms
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.51.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-11-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|
@@ -19,7 +19,7 @@ dependencies:
|
|
19
19
|
version: '3'
|
20
20
|
- - ">="
|
21
21
|
- !ruby/object:Gem::Version
|
22
|
-
version: 3.
|
22
|
+
version: 3.122.0
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -29,7 +29,7 @@ dependencies:
|
|
29
29
|
version: '3'
|
30
30
|
- - ">="
|
31
31
|
- !ruby/object:Gem::Version
|
32
|
-
version: 3.
|
32
|
+
version: 3.122.0
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
34
|
name: aws-sigv4
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|
@@ -76,7 +76,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
76
76
|
requirements:
|
77
77
|
- - ">="
|
78
78
|
- !ruby/object:Gem::Version
|
79
|
-
version: '
|
79
|
+
version: '2.3'
|
80
80
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
81
81
|
requirements:
|
82
82
|
- - ">="
|