aws-sdk-kms 1.48.0 → 1.52.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-kms/client.rb +487 -14
- data/lib/aws-sdk-kms.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 756b1e990fd23d65bcc85178308adc678124bbf7745a0e8c477b5cbba9c421f7
|
4
|
+
data.tar.gz: 41e7ada5c57655ad5f21ee264a2c2c2133232bc6da9a92decaf03d228ea02d68
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 05f331020d2ce6fe2a86d2e01ea819d02e6bc64aca1e1b04227c937fc21151895dd83b6580d8d4a6a46b25017cee91e2a4f78ec68754b2bcd6c8b37912e5e7ba
|
7
|
+
data.tar.gz: e6be01cb503305d81fa7de1fcb4c12ba27bd10544bdfa19fcefcef8d450cd6d7c1418bdf9b6e7af6b0b3128e8de9a500aa02198f659ce1deecef88356e7c8469
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,26 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.52.0 (2021-11-30)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
8
|
+
|
9
|
+
1.51.0 (2021-11-04)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
13
|
+
|
14
|
+
1.50.0 (2021-10-18)
|
15
|
+
------------------
|
16
|
+
|
17
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
18
|
+
|
19
|
+
1.49.0 (2021-10-04)
|
20
|
+
------------------
|
21
|
+
|
22
|
+
* Feature - Added SDK examples for ConnectCustomKeyStore, CreateCustomKeyStore, CreateKey, DeleteCustomKeyStore, DescribeCustomKeyStores, DisconnectCustomKeyStore, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GetPublicKey, ReplicateKey, Sign, UpdateCustomKeyStore and Verify APIs
|
23
|
+
|
4
24
|
1.48.0 (2021-09-01)
|
5
25
|
------------------
|
6
26
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.52.0
|
data/lib/aws-sdk-kms/client.rb
CHANGED
@@ -119,7 +119,9 @@ module Aws::KMS
|
|
119
119
|
# * EC2/ECS IMDS instance profile - When used by default, the timeouts
|
120
120
|
# are very aggressive. Construct and pass an instance of
|
121
121
|
# `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
|
122
|
-
# enable retries and extended timeouts.
|
122
|
+
# enable retries and extended timeouts. Instance profile credential
|
123
|
+
# fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
|
124
|
+
# to true.
|
123
125
|
#
|
124
126
|
# @option options [required, String] :region
|
125
127
|
# The AWS region to connect to. The configured `:region` is
|
@@ -285,6 +287,15 @@ module Aws::KMS
|
|
285
287
|
# ** Please note ** When response stubbing is enabled, no HTTP
|
286
288
|
# requests are made, and retries are disabled.
|
287
289
|
#
|
290
|
+
# @option options [Boolean] :use_dualstack_endpoint
|
291
|
+
# When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
|
292
|
+
# will be used if available.
|
293
|
+
#
|
294
|
+
# @option options [Boolean] :use_fips_endpoint
|
295
|
+
# When set to `true`, fips compatible endpoints will be used if available.
|
296
|
+
# When a `fips` region is used, the region is normalized and this config
|
297
|
+
# is set to `true`.
|
298
|
+
#
|
288
299
|
# @option options [Boolean] :validate_params (true)
|
289
300
|
# When `true`, request parameters are validated before
|
290
301
|
# sending the request.
|
@@ -488,6 +499,20 @@ module Aws::KMS
|
|
488
499
|
#
|
489
500
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
490
501
|
#
|
502
|
+
#
|
503
|
+
# @example Example: To connect a custom key store to its CloudHSM cluster
|
504
|
+
#
|
505
|
+
# # This example connects an AWS KMS custom key store to its AWS CloudHSM cluster. This operation does not return any data.
|
506
|
+
# # To verify that the custom key store is connected, use the <code>DescribeCustomKeyStores</code> operation.
|
507
|
+
#
|
508
|
+
# resp = client.connect_custom_key_store({
|
509
|
+
# custom_key_store_id: "cks-1234567890abcdef0", # The ID of the AWS KMS custom key store.
|
510
|
+
# })
|
511
|
+
#
|
512
|
+
# resp.to_h outputs the following:
|
513
|
+
# {
|
514
|
+
# }
|
515
|
+
#
|
491
516
|
# @example Request syntax with placeholder values
|
492
517
|
#
|
493
518
|
# resp = client.connect_custom_key_store({
|
@@ -724,6 +749,23 @@ module Aws::KMS
|
|
724
749
|
#
|
725
750
|
# * {Types::CreateCustomKeyStoreResponse#custom_key_store_id #custom_key_store_id} => String
|
726
751
|
#
|
752
|
+
#
|
753
|
+
# @example Example: To create an AWS CloudHSM custom key store
|
754
|
+
#
|
755
|
+
# # This example creates a custom key store that is associated with an AWS CloudHSM cluster.
|
756
|
+
#
|
757
|
+
# resp = client.create_custom_key_store({
|
758
|
+
# cloud_hsm_cluster_id: "cluster-1a23b4cdefg", # The ID of the CloudHSM cluster.
|
759
|
+
# custom_key_store_name: "ExampleKeyStore", # A friendly name for the custom key store.
|
760
|
+
# key_store_password: "kmsPswd", # The password for the kmsuser CU account in the specified cluster.
|
761
|
+
# trust_anchor_certificate: "<certificate-goes-here>", # The content of the customerCA.crt file that you created when you initialized the cluster.
|
762
|
+
# })
|
763
|
+
#
|
764
|
+
# resp.to_h outputs the following:
|
765
|
+
# {
|
766
|
+
# custom_key_store_id: "cks-1234567890abcdef0", # The ID of the new custom key store.
|
767
|
+
# }
|
768
|
+
#
|
727
769
|
# @example Request syntax with placeholder values
|
728
770
|
#
|
729
771
|
# resp = client.create_custom_key_store({
|
@@ -1410,15 +1452,10 @@ module Aws::KMS
|
|
1410
1452
|
#
|
1411
1453
|
# @example Example: To create a KMS key
|
1412
1454
|
#
|
1413
|
-
# # The following example creates a KMS key.
|
1455
|
+
# # The following example creates a symmetric KMS key for encryption and decryption. No parameters are required for this
|
1456
|
+
# # operation.
|
1414
1457
|
#
|
1415
1458
|
# resp = client.create_key({
|
1416
|
-
# tags: [
|
1417
|
-
# {
|
1418
|
-
# tag_key: "CreatedBy",
|
1419
|
-
# tag_value: "ExampleUser",
|
1420
|
-
# },
|
1421
|
-
# ], # One or more tags. Each tag consists of a tag key and a tag value.
|
1422
1459
|
# })
|
1423
1460
|
#
|
1424
1461
|
# resp.to_h outputs the following:
|
@@ -1438,8 +1475,181 @@ module Aws::KMS
|
|
1438
1475
|
# key_spec: "SYMMETRIC_DEFAULT",
|
1439
1476
|
# key_state: "Enabled",
|
1440
1477
|
# key_usage: "ENCRYPT_DECRYPT",
|
1478
|
+
# multi_region: false,
|
1479
|
+
# origin: "AWS_KMS",
|
1480
|
+
# }, # Detailed information about the KMS key that this operation creates.
|
1481
|
+
# }
|
1482
|
+
#
|
1483
|
+
# @example Example: To create an asymmetric RSA KMS key for encryption and decryption
|
1484
|
+
#
|
1485
|
+
# # This example creates a KMS key that contains an asymmetric RSA key pair for encryption and decryption. The key spec and
|
1486
|
+
# # key usage can't be changed after the key is created.
|
1487
|
+
#
|
1488
|
+
# resp = client.create_key({
|
1489
|
+
# key_spec: "RSA_4096", # Describes the type of key material in the KMS key.
|
1490
|
+
# key_usage: "ENCRYPT_DECRYPT", # The cryptographic operations for which you can use the KMS key.
|
1491
|
+
# })
|
1492
|
+
#
|
1493
|
+
# resp.to_h outputs the following:
|
1494
|
+
# {
|
1495
|
+
# key_metadata: {
|
1496
|
+
# aws_account_id: "111122223333",
|
1497
|
+
# arn: "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
|
1498
|
+
# creation_date: Time.parse("2021-04-05T14:04:55-07:00"),
|
1499
|
+
# customer_master_key_spec: "RSA_4096",
|
1500
|
+
# description: "",
|
1501
|
+
# enabled: true,
|
1502
|
+
# encryption_algorithms: [
|
1503
|
+
# "RSAES_OAEP_SHA_1",
|
1504
|
+
# "RSAES_OAEP_SHA_256",
|
1505
|
+
# ],
|
1506
|
+
# key_id: "1234abcd-12ab-34cd-56ef-1234567890ab",
|
1507
|
+
# key_manager: "CUSTOMER",
|
1508
|
+
# key_spec: "RSA_4096",
|
1509
|
+
# key_state: "Enabled",
|
1510
|
+
# key_usage: "ENCRYPT_DECRYPT",
|
1511
|
+
# multi_region: false,
|
1512
|
+
# origin: "AWS_KMS",
|
1513
|
+
# }, # Detailed information about the KMS key that this operation creates.
|
1514
|
+
# }
|
1515
|
+
#
|
1516
|
+
# @example Example: To create an asymmetric elliptic curve KMS key for signing and verification
|
1517
|
+
#
|
1518
|
+
# # This example creates a KMS key that contains an asymmetric elliptic curve (ECC) key pair for signing and verification.
|
1519
|
+
# # The key usage is required even though "SIGN_VERIFY" is the only valid value for ECC KMS keys. The key spec and key usage
|
1520
|
+
# # can't be changed after the key is created.
|
1521
|
+
#
|
1522
|
+
# resp = client.create_key({
|
1523
|
+
# key_spec: "ECC_NIST_P521", # Describes the type of key material in the KMS key.
|
1524
|
+
# key_usage: "SIGN_VERIFY", # The cryptographic operations for which you can use the KMS key.
|
1525
|
+
# })
|
1526
|
+
#
|
1527
|
+
# resp.to_h outputs the following:
|
1528
|
+
# {
|
1529
|
+
# key_metadata: {
|
1530
|
+
# aws_account_id: "111122223333",
|
1531
|
+
# arn: "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
|
1532
|
+
# creation_date: Time.parse("2019-12-02T07:48:55-07:00"),
|
1533
|
+
# customer_master_key_spec: "ECC_NIST_P521",
|
1534
|
+
# description: "",
|
1535
|
+
# enabled: true,
|
1536
|
+
# key_id: "1234abcd-12ab-34cd-56ef-1234567890ab",
|
1537
|
+
# key_manager: "CUSTOMER",
|
1538
|
+
# key_spec: "ECC_NIST_P521",
|
1539
|
+
# key_state: "Enabled",
|
1540
|
+
# key_usage: "SIGN_VERIFY",
|
1541
|
+
# multi_region: false,
|
1542
|
+
# origin: "AWS_KMS",
|
1543
|
+
# signing_algorithms: [
|
1544
|
+
# "ECDSA_SHA_512",
|
1545
|
+
# ],
|
1546
|
+
# }, # Detailed information about the KMS key that this operation creates.
|
1547
|
+
# }
|
1548
|
+
#
|
1549
|
+
# @example Example: To create a multi-Region primary KMS key
|
1550
|
+
#
|
1551
|
+
# # This example creates a multi-Region primary symmetric encryption key. Because the default values for all parameters
|
1552
|
+
# # create a symmetric encryption key, only the MultiRegion parameter is required for this KMS key.
|
1553
|
+
#
|
1554
|
+
# resp = client.create_key({
|
1555
|
+
# multi_region: true, # Indicates whether the KMS key is a multi-Region (True) or regional (False) key.
|
1556
|
+
# })
|
1557
|
+
#
|
1558
|
+
# resp.to_h outputs the following:
|
1559
|
+
# {
|
1560
|
+
# key_metadata: {
|
1561
|
+
# aws_account_id: "111122223333",
|
1562
|
+
# arn: "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef12345678990ab",
|
1563
|
+
# creation_date: Time.parse("2021-09-02T016:15:21-09:00"),
|
1564
|
+
# customer_master_key_spec: "SYMMETRIC_DEFAULT",
|
1565
|
+
# description: "",
|
1566
|
+
# enabled: true,
|
1567
|
+
# encryption_algorithms: [
|
1568
|
+
# "SYMMETRIC_DEFAULT",
|
1569
|
+
# ],
|
1570
|
+
# key_id: "mrk-1234abcd12ab34cd56ef12345678990ab",
|
1571
|
+
# key_manager: "CUSTOMER",
|
1572
|
+
# key_spec: "SYMMETRIC_DEFAULT",
|
1573
|
+
# key_state: "Enabled",
|
1574
|
+
# key_usage: "ENCRYPT_DECRYPT",
|
1575
|
+
# multi_region: true,
|
1576
|
+
# multi_region_configuration: {
|
1577
|
+
# multi_region_key_type: "PRIMARY",
|
1578
|
+
# primary_key: {
|
1579
|
+
# arn: "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef12345678990ab",
|
1580
|
+
# region: "us-west-2",
|
1581
|
+
# },
|
1582
|
+
# replica_keys: [
|
1583
|
+
# ],
|
1584
|
+
# },
|
1441
1585
|
# origin: "AWS_KMS",
|
1442
|
-
# }, #
|
1586
|
+
# }, # Detailed information about the KMS key that this operation creates.
|
1587
|
+
# }
|
1588
|
+
#
|
1589
|
+
# @example Example: To create a KMS key for imported key material
|
1590
|
+
#
|
1591
|
+
# # This example creates a KMS key with no key material. When the operation is complete, you can import your own key
|
1592
|
+
# # material into the KMS key. To create this KMS key, set the Origin parameter to EXTERNAL.
|
1593
|
+
#
|
1594
|
+
# resp = client.create_key({
|
1595
|
+
# origin: "EXTERNAL", # The source of the key material for the KMS key.
|
1596
|
+
# })
|
1597
|
+
#
|
1598
|
+
# resp.to_h outputs the following:
|
1599
|
+
# {
|
1600
|
+
# key_metadata: {
|
1601
|
+
# aws_account_id: "111122223333",
|
1602
|
+
# arn: "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
|
1603
|
+
# creation_date: Time.parse("2019-12-02T07:48:55-07:00"),
|
1604
|
+
# customer_master_key_spec: "SYMMETRIC_DEFAULT",
|
1605
|
+
# description: "",
|
1606
|
+
# enabled: false,
|
1607
|
+
# encryption_algorithms: [
|
1608
|
+
# "SYMMETRIC_DEFAULT",
|
1609
|
+
# ],
|
1610
|
+
# key_id: "1234abcd-12ab-34cd-56ef-1234567890ab",
|
1611
|
+
# key_manager: "CUSTOMER",
|
1612
|
+
# key_spec: "SYMMETRIC_DEFAULT",
|
1613
|
+
# key_state: "PendingImport",
|
1614
|
+
# key_usage: "ENCRYPT_DECRYPT",
|
1615
|
+
# multi_region: false,
|
1616
|
+
# origin: "EXTERNAL",
|
1617
|
+
# }, # Detailed information about the KMS key that this operation creates.
|
1618
|
+
# }
|
1619
|
+
#
|
1620
|
+
# @example Example: To create a KMS key in a custom key store
|
1621
|
+
#
|
1622
|
+
# # This example creates a KMS key in the specified custom key store. The operation creates the KMS key and its metadata in
|
1623
|
+
# # AWS KMS and the key material in the AWS CloudHSM cluster associated with the custom key store. This example requires the
|
1624
|
+
# # Origin and CustomKeyStoreId parameters.
|
1625
|
+
#
|
1626
|
+
# resp = client.create_key({
|
1627
|
+
# custom_key_store_id: "cks-1234567890abcdef0", # Identifies the custom key store that hosts the KMS key.
|
1628
|
+
# origin: "AWS_CLOUDHSM", # Indicates the source of the key material for the KMS key.
|
1629
|
+
# })
|
1630
|
+
#
|
1631
|
+
# resp.to_h outputs the following:
|
1632
|
+
# {
|
1633
|
+
# key_metadata: {
|
1634
|
+
# aws_account_id: "111122223333",
|
1635
|
+
# arn: "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
|
1636
|
+
# cloud_hsm_cluster_id: "cluster-1a23b4cdefg",
|
1637
|
+
# creation_date: Time.parse("2019-12-02T07:48:55-07:00"),
|
1638
|
+
# custom_key_store_id: "cks-1234567890abcdef0",
|
1639
|
+
# customer_master_key_spec: "SYMMETRIC_DEFAULT",
|
1640
|
+
# description: "",
|
1641
|
+
# enabled: true,
|
1642
|
+
# encryption_algorithms: [
|
1643
|
+
# "SYMMETRIC_DEFAULT",
|
1644
|
+
# ],
|
1645
|
+
# key_id: "1234abcd-12ab-34cd-56ef-1234567890ab",
|
1646
|
+
# key_manager: "CUSTOMER",
|
1647
|
+
# key_spec: "SYMMETRIC_DEFAULT",
|
1648
|
+
# key_state: "Enabled",
|
1649
|
+
# key_usage: "ENCRYPT_DECRYPT",
|
1650
|
+
# multi_region: false,
|
1651
|
+
# origin: "AWS_CLOUDHSM",
|
1652
|
+
# }, # Detailed information about the KMS key that this operation creates.
|
1443
1653
|
# }
|
1444
1654
|
#
|
1445
1655
|
# @example Request syntax with placeholder values
|
@@ -1850,6 +2060,21 @@ module Aws::KMS
|
|
1850
2060
|
#
|
1851
2061
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1852
2062
|
#
|
2063
|
+
#
|
2064
|
+
# @example Example: To delete a custom key store from AWS KMS
|
2065
|
+
#
|
2066
|
+
# # This example deletes a custom key store from AWS KMS. This operation does not delete the AWS CloudHSM cluster that was
|
2067
|
+
# # associated with the CloudHSM cluster. This operation doesn't return any data. To verify that the operation was
|
2068
|
+
# # successful, use the DescribeCustomKeyStores operation.
|
2069
|
+
#
|
2070
|
+
# resp = client.delete_custom_key_store({
|
2071
|
+
# custom_key_store_id: "cks-1234567890abcdef0", # The ID of the custom key store to be deleted.
|
2072
|
+
# })
|
2073
|
+
#
|
2074
|
+
# resp.to_h outputs the following:
|
2075
|
+
# {
|
2076
|
+
# }
|
2077
|
+
#
|
1853
2078
|
# @example Request syntax with placeholder values
|
1854
2079
|
#
|
1855
2080
|
# resp = client.delete_custom_key_store({
|
@@ -2029,6 +2254,44 @@ module Aws::KMS
|
|
2029
2254
|
# * {Types::DescribeCustomKeyStoresResponse#next_marker #next_marker} => String
|
2030
2255
|
# * {Types::DescribeCustomKeyStoresResponse#truncated #truncated} => Boolean
|
2031
2256
|
#
|
2257
|
+
#
|
2258
|
+
# @example Example: To get detailed information about custom key stores in the account and Region
|
2259
|
+
#
|
2260
|
+
# # This example gets detailed information about all AWS KMS custom key stores in an AWS account and Region. To get all key
|
2261
|
+
# # stores, do not enter a custom key store name or ID.
|
2262
|
+
#
|
2263
|
+
# resp = client.describe_custom_key_stores({
|
2264
|
+
# })
|
2265
|
+
#
|
2266
|
+
# resp.to_h outputs the following:
|
2267
|
+
# {
|
2268
|
+
# custom_key_stores: [
|
2269
|
+
# ], # Details about each custom key store in the account and Region.
|
2270
|
+
# }
|
2271
|
+
#
|
2272
|
+
# @example Example: To get detailed information about a custom key store associated with a CloudHSM cluster.
|
2273
|
+
#
|
2274
|
+
# # This example gets detailed information about a particular AWS KMS custom key store that is associate with an AWS
|
2275
|
+
# # CloudHSM cluster. To limit the output to a particular custom key store, provide the custom key store name or ID.
|
2276
|
+
#
|
2277
|
+
# resp = client.describe_custom_key_stores({
|
2278
|
+
# custom_key_store_name: "ExampleKeyStore", # The friendly name of the custom key store.
|
2279
|
+
# })
|
2280
|
+
#
|
2281
|
+
# resp.to_h outputs the following:
|
2282
|
+
# {
|
2283
|
+
# custom_key_stores: [
|
2284
|
+
# {
|
2285
|
+
# cloud_hsm_cluster_id: "cluster-1a23b4cdefg",
|
2286
|
+
# connection_state: "CONNECTED",
|
2287
|
+
# creation_date: Time.parse("1.499288695918E9"),
|
2288
|
+
# custom_key_store_id: "cks-1234567890abcdef0",
|
2289
|
+
# custom_key_store_name: "ExampleKeyStore",
|
2290
|
+
# trust_anchor_certificate: "<certificate appears here>",
|
2291
|
+
# },
|
2292
|
+
# ], # Detailed information about the specified custom key store.
|
2293
|
+
# }
|
2294
|
+
#
|
2032
2295
|
# @example Request syntax with placeholder values
|
2033
2296
|
#
|
2034
2297
|
# resp = client.describe_custom_key_stores({
|
@@ -2458,6 +2721,20 @@ module Aws::KMS
|
|
2458
2721
|
#
|
2459
2722
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2460
2723
|
#
|
2724
|
+
#
|
2725
|
+
# @example Example: To disconnect a custom key store from its CloudHSM cluster
|
2726
|
+
#
|
2727
|
+
# # This example disconnects an AWS KMS custom key store from its AWS CloudHSM cluster. This operation doesn't return any
|
2728
|
+
# # data. To verify that the custom key store is disconnected, use the <code>DescribeCustomKeyStores</code> operation.
|
2729
|
+
#
|
2730
|
+
# resp = client.disconnect_custom_key_store({
|
2731
|
+
# custom_key_store_id: "cks-1234567890abcdef0", # The ID of the custom key store.
|
2732
|
+
# })
|
2733
|
+
#
|
2734
|
+
# resp.to_h outputs the following:
|
2735
|
+
# {
|
2736
|
+
# }
|
2737
|
+
#
|
2461
2738
|
# @example Request syntax with placeholder values
|
2462
2739
|
#
|
2463
2740
|
# resp = client.disconnect_custom_key_store({
|
@@ -3205,6 +3482,26 @@ module Aws::KMS
|
|
3205
3482
|
# * {Types::GenerateDataKeyPairResponse#key_id #key_id} => String
|
3206
3483
|
# * {Types::GenerateDataKeyPairResponse#key_pair_spec #key_pair_spec} => String
|
3207
3484
|
#
|
3485
|
+
#
|
3486
|
+
# @example Example: To generate an RSA key pair for encryption and decryption
|
3487
|
+
#
|
3488
|
+
# # This example generates an RSA data key pair for encryption and decryption. The operation returns a plaintext public key
|
3489
|
+
# # and private key, and a copy of the private key that is encrypted under a symmetric KMS key that you specify.
|
3490
|
+
#
|
3491
|
+
# resp = client.generate_data_key_pair({
|
3492
|
+
# key_id: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", # The key ID of the symmetric KMS key that encrypts the private RSA key in the data key pair.
|
3493
|
+
# key_pair_spec: "RSA_3072", # The requested key spec of the RSA data key pair.
|
3494
|
+
# })
|
3495
|
+
#
|
3496
|
+
# resp.to_h outputs the following:
|
3497
|
+
# {
|
3498
|
+
# key_id: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", # The key ARN of the symmetric KMS key that was used to encrypt the private key.
|
3499
|
+
# key_pair_spec: "RSA_3072", # The actual key spec of the RSA data key pair.
|
3500
|
+
# private_key_ciphertext_blob: "<binary data>", # The encrypted private key of the RSA data key pair.
|
3501
|
+
# private_key_plaintext: "<binary data>", # The plaintext private key of the RSA data key pair.
|
3502
|
+
# public_key: "<binary data>", # The public key (plaintext) of the RSA data key pair.
|
3503
|
+
# }
|
3504
|
+
#
|
3208
3505
|
# @example Request syntax with placeholder values
|
3209
3506
|
#
|
3210
3507
|
# resp = client.generate_data_key_pair({
|
@@ -3371,6 +3668,25 @@ module Aws::KMS
|
|
3371
3668
|
# * {Types::GenerateDataKeyPairWithoutPlaintextResponse#key_id #key_id} => String
|
3372
3669
|
# * {Types::GenerateDataKeyPairWithoutPlaintextResponse#key_pair_spec #key_pair_spec} => String
|
3373
3670
|
#
|
3671
|
+
#
|
3672
|
+
# @example Example: To generate an asymmetric data key pair without a plaintext key
|
3673
|
+
#
|
3674
|
+
# # This example returns an asymmetric elliptic curve (ECC) data key pair. The private key is encrypted under the symmetric
|
3675
|
+
# # KMS key that you specify. This operation doesn't return a plaintext (unencrypted) private key.
|
3676
|
+
#
|
3677
|
+
# resp = client.generate_data_key_pair_without_plaintext({
|
3678
|
+
# key_id: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", # The symmetric KMS key that encrypts the private key of the ECC data key pair.
|
3679
|
+
# key_pair_spec: "ECC_NIST_P521", # The requested key spec of the ECC asymmetric data key pair.
|
3680
|
+
# })
|
3681
|
+
#
|
3682
|
+
# resp.to_h outputs the following:
|
3683
|
+
# {
|
3684
|
+
# key_id: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", # The key ARN of the symmetric KMS key that encrypted the private key in the ECC asymmetric data key pair.
|
3685
|
+
# key_pair_spec: "ECC_NIST_P521", # The actual key spec of the ECC asymmetric data key pair.
|
3686
|
+
# private_key_ciphertext_blob: "<binary data>", # The encrypted private key of the asymmetric ECC data key pair.
|
3687
|
+
# public_key: "<binary data>", # The public key (plaintext).
|
3688
|
+
# }
|
3689
|
+
#
|
3374
3690
|
# @example Request syntax with placeholder values
|
3375
3691
|
#
|
3376
3692
|
# resp = client.generate_data_key_pair_without_plaintext({
|
@@ -4053,6 +4369,29 @@ module Aws::KMS
|
|
4053
4369
|
# * {Types::GetPublicKeyResponse#encryption_algorithms #encryption_algorithms} => Array<String>
|
4054
4370
|
# * {Types::GetPublicKeyResponse#signing_algorithms #signing_algorithms} => Array<String>
|
4055
4371
|
#
|
4372
|
+
#
|
4373
|
+
# @example Example: To download the public key of an asymmetric KMS key
|
4374
|
+
#
|
4375
|
+
# # This example gets the public key of an asymmetric RSA KMS key used for encryption and decryption. The operation returns
|
4376
|
+
# # the key spec, key usage, and encryption or signing algorithms to help you use the public key correctly outside of AWS
|
4377
|
+
# # KMS.
|
4378
|
+
#
|
4379
|
+
# resp = client.get_public_key({
|
4380
|
+
# key_id: "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321", # The key ARN of the asymmetric KMS key.
|
4381
|
+
# })
|
4382
|
+
#
|
4383
|
+
# resp.to_h outputs the following:
|
4384
|
+
# {
|
4385
|
+
# customer_master_key_spec: "RSA_4096", # The key spec of the asymmetric KMS key from which the public key was downloaded.
|
4386
|
+
# encryption_algorithms: [
|
4387
|
+
# "RSAES_OAEP_SHA_1",
|
4388
|
+
# "RSAES_OAEP_SHA_256",
|
4389
|
+
# ], # The encryption algorithms supported by the asymmetric KMS key that was downloaded.
|
4390
|
+
# key_id: "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321", # The key ARN of the asymmetric KMS key from which the public key was downloaded.
|
4391
|
+
# key_usage: "ENCRYPT_DECRYPT", # The key usage of the asymmetric KMS key from which the public key was downloaded.
|
4392
|
+
# public_key: "<binary data>", # The public key (plaintext) of the asymmetric KMS key.
|
4393
|
+
# }
|
4394
|
+
#
|
4056
4395
|
# @example Request syntax with placeholder values
|
4057
4396
|
#
|
4058
4397
|
# resp = client.get_public_key({
|
@@ -5719,6 +6058,53 @@ module Aws::KMS
|
|
5719
6058
|
# * {Types::ReplicateKeyResponse#replica_policy #replica_policy} => String
|
5720
6059
|
# * {Types::ReplicateKeyResponse#replica_tags #replica_tags} => Array<Types::Tag>
|
5721
6060
|
#
|
6061
|
+
#
|
6062
|
+
# @example Example: To replicate a multi-Region key in a different AWS Region
|
6063
|
+
#
|
6064
|
+
# # This example creates a multi-Region replica key in us-west-2 of a multi-Region primary key in us-east-1.
|
6065
|
+
#
|
6066
|
+
# resp = client.replicate_key({
|
6067
|
+
# key_id: "arn:aws:kms:us-east-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab", # The key ID or key ARN of the multi-Region primary key
|
6068
|
+
# replica_region: "us-west-2", # The Region of the new replica.
|
6069
|
+
# })
|
6070
|
+
#
|
6071
|
+
# resp.to_h outputs the following:
|
6072
|
+
# {
|
6073
|
+
# replica_key_metadata: {
|
6074
|
+
# aws_account_id: "111122223333",
|
6075
|
+
# arn: "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab",
|
6076
|
+
# creation_date: Time.parse(1607472987.918),
|
6077
|
+
# customer_master_key_spec: "SYMMETRIC_DEFAULT",
|
6078
|
+
# description: "",
|
6079
|
+
# enabled: true,
|
6080
|
+
# encryption_algorithms: [
|
6081
|
+
# "SYMMETRIC_DEFAULT",
|
6082
|
+
# ],
|
6083
|
+
# key_id: "mrk-1234abcd12ab34cd56ef1234567890ab",
|
6084
|
+
# key_manager: "CUSTOMER",
|
6085
|
+
# key_state: "Enabled",
|
6086
|
+
# key_usage: "ENCRYPT_DECRYPT",
|
6087
|
+
# multi_region: true,
|
6088
|
+
# multi_region_configuration: {
|
6089
|
+
# multi_region_key_type: "REPLICA",
|
6090
|
+
# primary_key: {
|
6091
|
+
# arn: "arn:aws:kms:us-east-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab",
|
6092
|
+
# region: "us-east-1",
|
6093
|
+
# },
|
6094
|
+
# replica_keys: [
|
6095
|
+
# {
|
6096
|
+
# arn: "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab",
|
6097
|
+
# region: "us-west-2",
|
6098
|
+
# },
|
6099
|
+
# ],
|
6100
|
+
# },
|
6101
|
+
# origin: "AWS_KMS",
|
6102
|
+
# }, # An object that displays detailed information about the replica key.
|
6103
|
+
# replica_policy: "{\n \"Version\" : \"2012-10-17\",\n \"Id\" : \"key-default-1\",...}", # The key policy of the replica key. If you don't specify a key policy, the replica key gets the default key policy for a KMS key.
|
6104
|
+
# replica_tags: [
|
6105
|
+
# ], # The tags on the replica key, if any.
|
6106
|
+
# }
|
6107
|
+
#
|
5722
6108
|
# @example Request syntax with placeholder values
|
5723
6109
|
#
|
5724
6110
|
# resp = client.replicate_key({
|
@@ -6222,6 +6608,26 @@ module Aws::KMS
|
|
6222
6608
|
# * {Types::SignResponse#signature #signature} => String
|
6223
6609
|
# * {Types::SignResponse#signing_algorithm #signing_algorithm} => String
|
6224
6610
|
#
|
6611
|
+
#
|
6612
|
+
# @example Example: To digitally sign a message with an asymmetric KMS key.
|
6613
|
+
#
|
6614
|
+
# # This operation uses the private key in an asymmetric elliptic curve (ECC) KMS key to generate a digital signature for a
|
6615
|
+
# # given message.
|
6616
|
+
#
|
6617
|
+
# resp = client.sign({
|
6618
|
+
# key_id: "alias/ECC_signing_key", # The asymmetric KMS key to be used to generate the digital signature. This example uses an alias of the KMS key.
|
6619
|
+
# message: "<message to be signed>", # Message to be signed. Use Base-64 for the CLI.
|
6620
|
+
# message_type: "RAW", # Indicates whether the message is RAW or a DIGEST.
|
6621
|
+
# signing_algorithm: "ECDSA_SHA_384", # The requested signing algorithm. This must be an algorithm that the KMS key supports.
|
6622
|
+
# })
|
6623
|
+
#
|
6624
|
+
# resp.to_h outputs the following:
|
6625
|
+
# {
|
6626
|
+
# key_id: "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", # The key ARN of the asymmetric KMS key that was used to sign the message.
|
6627
|
+
# signature: "<binary data>", # The digital signature of the message.
|
6628
|
+
# signing_algorithm: "ECDSA_SHA_384", # The actual signing algorithm that was used to generate the signature.
|
6629
|
+
# }
|
6630
|
+
#
|
6225
6631
|
# @example Request syntax with placeholder values
|
6226
6632
|
#
|
6227
6633
|
# resp = client.sign({
|
@@ -6599,15 +7005,16 @@ module Aws::KMS
|
|
6599
7005
|
# ConnectCustomKeyStore. To find the connection state of a custom key
|
6600
7006
|
# store, use the DescribeCustomKeyStores operation.
|
6601
7007
|
#
|
6602
|
-
#
|
7008
|
+
# The `CustomKeyStoreId` parameter is required in all commands. Use the
|
7009
|
+
# other parameters of `UpdateCustomKeyStore` to edit your key store
|
6603
7010
|
# settings.
|
6604
7011
|
#
|
6605
|
-
# * Use the
|
7012
|
+
# * Use the `NewCustomKeyStoreName` parameter to change the friendly
|
6606
7013
|
# name of the custom key store to the value that you specify.
|
6607
7014
|
#
|
6608
7015
|
#
|
6609
7016
|
#
|
6610
|
-
# * Use the
|
7017
|
+
# * Use the `KeyStorePassword` parameter tell KMS the current password
|
6611
7018
|
# of the [ `kmsuser` crypto user (CU)][1] in the associated CloudHSM
|
6612
7019
|
# cluster. You can use this parameter to [fix connection failures][2]
|
6613
7020
|
# that occur when KMS cannot log into the associated cluster because
|
@@ -6616,7 +7023,7 @@ module Aws::KMS
|
|
6616
7023
|
#
|
6617
7024
|
#
|
6618
7025
|
#
|
6619
|
-
# * Use the
|
7026
|
+
# * Use the `CloudHsmClusterId` parameter to associate the custom key
|
6620
7027
|
# store with a different, but related, CloudHSM cluster. You can use
|
6621
7028
|
# this parameter to repair a custom key store if its CloudHSM cluster
|
6622
7029
|
# becomes corrupted or is deleted, or when you need to create or
|
@@ -6690,6 +7097,51 @@ module Aws::KMS
|
|
6690
7097
|
#
|
6691
7098
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
6692
7099
|
#
|
7100
|
+
#
|
7101
|
+
# @example Example: To edit the password of a custom key store
|
7102
|
+
#
|
7103
|
+
# # This example tells KMS the password for the kmsuser crypto user in the AWS CloudHSM cluster that is associated with the
|
7104
|
+
# # AWS KMS custom key store. (It does not change the password in the CloudHSM cluster.) This operation does not return any
|
7105
|
+
# # data.
|
7106
|
+
#
|
7107
|
+
# resp = client.update_custom_key_store({
|
7108
|
+
# custom_key_store_id: "cks-1234567890abcdef0", # The ID of the custom key store that you are updating.
|
7109
|
+
# key_store_password: "ExamplePassword", # The password for the kmsuser crypto user in the CloudHSM cluster.
|
7110
|
+
# })
|
7111
|
+
#
|
7112
|
+
# resp.to_h outputs the following:
|
7113
|
+
# {
|
7114
|
+
# }
|
7115
|
+
#
|
7116
|
+
# @example Example: To edit the friendly name of a custom key store
|
7117
|
+
#
|
7118
|
+
# # This example changes the friendly name of the AWS KMS custom key store to the name that you specify. This operation does
|
7119
|
+
# # not return any data. To verify that the operation worked, use the DescribeCustomKeyStores operation.
|
7120
|
+
#
|
7121
|
+
# resp = client.update_custom_key_store({
|
7122
|
+
# custom_key_store_id: "cks-1234567890abcdef0", # The ID of the custom key store that you are updating.
|
7123
|
+
# new_custom_key_store_name: "DevelopmentKeys", # A new friendly name for the custom key store.
|
7124
|
+
# })
|
7125
|
+
#
|
7126
|
+
# resp.to_h outputs the following:
|
7127
|
+
# {
|
7128
|
+
# }
|
7129
|
+
#
|
7130
|
+
# @example Example: To associate the custom key store with a different, but related, AWS CloudHSM cluster.
|
7131
|
+
#
|
7132
|
+
# # This example changes the cluster that is associated with a custom key store to a related cluster, such as a different
|
7133
|
+
# # backup of the same cluster. This operation does not return any data. To verify that the operation worked, use the
|
7134
|
+
# # DescribeCustomKeyStores operation.
|
7135
|
+
#
|
7136
|
+
# resp = client.update_custom_key_store({
|
7137
|
+
# cloud_hsm_cluster_id: "cluster-1a23b4cdefg", # The ID of the AWS CloudHSM cluster that you want to associate with the custom key store. This cluster must be related to the original CloudHSM cluster for this key store.
|
7138
|
+
# custom_key_store_id: "cks-1234567890abcdef0", # The ID of the custom key store that you are updating.
|
7139
|
+
# })
|
7140
|
+
#
|
7141
|
+
# resp.to_h outputs the following:
|
7142
|
+
# {
|
7143
|
+
# }
|
7144
|
+
#
|
6693
7145
|
# @example Request syntax with placeholder values
|
6694
7146
|
#
|
6695
7147
|
# resp = client.update_custom_key_store({
|
@@ -7021,6 +7473,27 @@ module Aws::KMS
|
|
7021
7473
|
# * {Types::VerifyResponse#signature_valid #signature_valid} => Boolean
|
7022
7474
|
# * {Types::VerifyResponse#signing_algorithm #signing_algorithm} => String
|
7023
7475
|
#
|
7476
|
+
#
|
7477
|
+
# @example Example: To use an asymmetric KMS key to verify a digital signature
|
7478
|
+
#
|
7479
|
+
# # This operation uses the public key in an elliptic curve (ECC) asymmetric key to verify a digital signature within AWS
|
7480
|
+
# # KMS.
|
7481
|
+
#
|
7482
|
+
# resp = client.verify({
|
7483
|
+
# key_id: "alias/ECC_signing_key", # The asymmetric KMS key to be used to verify the digital signature. This example uses an alias to identify the KMS key.
|
7484
|
+
# message: "<message to be verified>", # The message that was signed.
|
7485
|
+
# message_type: "RAW", # Indicates whether the message is RAW or a DIGEST.
|
7486
|
+
# signature: "<binary data>", # The signature to be verified.
|
7487
|
+
# signing_algorithm: "ECDSA_SHA_384", # The signing algorithm to be used to verify the signature.
|
7488
|
+
# })
|
7489
|
+
#
|
7490
|
+
# resp.to_h outputs the following:
|
7491
|
+
# {
|
7492
|
+
# key_id: "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", # The key ARN of the asymmetric KMS key that was used to verify the digital signature.
|
7493
|
+
# signature_valid: true, # Indicates whether the signature was verified (true) or failed verification (false).
|
7494
|
+
# signing_algorithm: "ECDSA_SHA_384", # The signing algorithm that was used to verify the signature.
|
7495
|
+
# }
|
7496
|
+
#
|
7024
7497
|
# @example Request syntax with placeholder values
|
7025
7498
|
#
|
7026
7499
|
# resp = client.verify({
|
@@ -7060,7 +7533,7 @@ module Aws::KMS
|
|
7060
7533
|
params: params,
|
7061
7534
|
config: config)
|
7062
7535
|
context[:gem_name] = 'aws-sdk-kms'
|
7063
|
-
context[:gem_version] = '1.
|
7536
|
+
context[:gem_version] = '1.52.0'
|
7064
7537
|
Seahorse::Client::Request.new(handlers, context)
|
7065
7538
|
end
|
7066
7539
|
|
data/lib/aws-sdk-kms.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-kms
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.52.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-11-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|
@@ -19,7 +19,7 @@ dependencies:
|
|
19
19
|
version: '3'
|
20
20
|
- - ">="
|
21
21
|
- !ruby/object:Gem::Version
|
22
|
-
version: 3.
|
22
|
+
version: 3.122.0
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -29,7 +29,7 @@ dependencies:
|
|
29
29
|
version: '3'
|
30
30
|
- - ">="
|
31
31
|
- !ruby/object:Gem::Version
|
32
|
-
version: 3.
|
32
|
+
version: 3.122.0
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
34
|
name: aws-sigv4
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|