aws-sdk-kms 1.64.0 → 1.76.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +60 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-kms/client.rb +782 -183
- data/lib/aws-sdk-kms/client_api.rb +32 -0
- data/lib/aws-sdk-kms/endpoint_provider.rb +1 -1
- data/lib/aws-sdk-kms/endpoints.rb +1 -0
- data/lib/aws-sdk-kms/errors.rb +16 -0
- data/lib/aws-sdk-kms/plugins/endpoints.rb +3 -2
- data/lib/aws-sdk-kms/types.rb +317 -69
- data/lib/aws-sdk-kms.rb +1 -1
- metadata +5 -5
data/lib/aws-sdk-kms/types.rb
CHANGED
@@ -418,7 +418,7 @@ module Aws::KMS
|
|
418
418
|
#
|
419
419
|
# * An external key store with `PUBLIC_ENDPOINT` connectivity cannot
|
420
420
|
# use the same `XksProxyUriEndpoint` value as an external key store
|
421
|
-
# with `VPC_ENDPOINT_SERVICE` connectivity in
|
421
|
+
# with `VPC_ENDPOINT_SERVICE` connectivity in this Amazon Web
|
422
422
|
# Services Region.
|
423
423
|
#
|
424
424
|
# * Each external key store with `VPC_ENDPOINT_SERVICE` connectivity
|
@@ -703,6 +703,18 @@ module Aws::KMS
|
|
703
703
|
# the same grant ID can be used interchangeably.
|
704
704
|
# @return [String]
|
705
705
|
#
|
706
|
+
# @!attribute [rw] dry_run
|
707
|
+
# Checks if your request will succeed. `DryRun` is an optional
|
708
|
+
# parameter.
|
709
|
+
#
|
710
|
+
# To learn more about how to use this parameter, see [Testing your KMS
|
711
|
+
# API calls][1] in the *Key Management Service Developer Guide*.
|
712
|
+
#
|
713
|
+
#
|
714
|
+
#
|
715
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html
|
716
|
+
# @return [Boolean]
|
717
|
+
#
|
706
718
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateGrantRequest AWS API Documentation
|
707
719
|
#
|
708
720
|
class CreateGrantRequest < Struct.new(
|
@@ -712,7 +724,8 @@ module Aws::KMS
|
|
712
724
|
:operations,
|
713
725
|
:constraints,
|
714
726
|
:grant_tokens,
|
715
|
-
:name
|
727
|
+
:name,
|
728
|
+
:dry_run)
|
716
729
|
SENSITIVE = []
|
717
730
|
include Aws::Structure
|
718
731
|
end
|
@@ -979,12 +992,13 @@ module Aws::KMS
|
|
979
992
|
# Management Service Developer Guide*.
|
980
993
|
#
|
981
994
|
# Use this parameter only when you intend to prevent the principal
|
982
|
-
# that is making the request from making a subsequent
|
983
|
-
# request on the KMS key.
|
995
|
+
# that is making the request from making a subsequent
|
996
|
+
# [PutKeyPolicy][2] request on the KMS key.
|
984
997
|
#
|
985
998
|
#
|
986
999
|
#
|
987
1000
|
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key
|
1001
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html
|
988
1002
|
# @return [Boolean]
|
989
1003
|
#
|
990
1004
|
# @!attribute [rw] tags
|
@@ -1583,11 +1597,23 @@ module Aws::KMS
|
|
1583
1597
|
#
|
1584
1598
|
#
|
1585
1599
|
#
|
1586
|
-
# [1]: https://docs.aws.amazon.com/
|
1600
|
+
# [1]: https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-concepts.html#term-attestdoc
|
1587
1601
|
# [2]: https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk
|
1588
1602
|
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html
|
1589
1603
|
# @return [Types::RecipientInfo]
|
1590
1604
|
#
|
1605
|
+
# @!attribute [rw] dry_run
|
1606
|
+
# Checks if your request will succeed. `DryRun` is an optional
|
1607
|
+
# parameter.
|
1608
|
+
#
|
1609
|
+
# To learn more about how to use this parameter, see [Testing your KMS
|
1610
|
+
# API calls][1] in the *Key Management Service Developer Guide*.
|
1611
|
+
#
|
1612
|
+
#
|
1613
|
+
#
|
1614
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html
|
1615
|
+
# @return [Boolean]
|
1616
|
+
#
|
1591
1617
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DecryptRequest AWS API Documentation
|
1592
1618
|
#
|
1593
1619
|
class DecryptRequest < Struct.new(
|
@@ -1596,7 +1622,8 @@ module Aws::KMS
|
|
1596
1622
|
:grant_tokens,
|
1597
1623
|
:key_id,
|
1598
1624
|
:encryption_algorithm,
|
1599
|
-
:recipient
|
1625
|
+
:recipient,
|
1626
|
+
:dry_run)
|
1600
1627
|
SENSITIVE = []
|
1601
1628
|
include Aws::Structure
|
1602
1629
|
end
|
@@ -1944,6 +1971,19 @@ module Aws::KMS
|
|
1944
1971
|
#
|
1945
1972
|
class DisconnectCustomKeyStoreResponse < Aws::EmptyStructure; end
|
1946
1973
|
|
1974
|
+
# The request was rejected because the DryRun parameter was specified.
|
1975
|
+
#
|
1976
|
+
# @!attribute [rw] message
|
1977
|
+
# @return [String]
|
1978
|
+
#
|
1979
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DryRunOperationException AWS API Documentation
|
1980
|
+
#
|
1981
|
+
class DryRunOperationException < Struct.new(
|
1982
|
+
:message)
|
1983
|
+
SENSITIVE = []
|
1984
|
+
include Aws::Structure
|
1985
|
+
end
|
1986
|
+
|
1947
1987
|
# @!attribute [rw] key_id
|
1948
1988
|
# Identifies the KMS key to enable.
|
1949
1989
|
#
|
@@ -2089,6 +2129,18 @@ module Aws::KMS
|
|
2089
2129
|
# The SM2PKE algorithm is only available in China Regions.
|
2090
2130
|
# @return [String]
|
2091
2131
|
#
|
2132
|
+
# @!attribute [rw] dry_run
|
2133
|
+
# Checks if your request will succeed. `DryRun` is an optional
|
2134
|
+
# parameter.
|
2135
|
+
#
|
2136
|
+
# To learn more about how to use this parameter, see [Testing your KMS
|
2137
|
+
# API calls][1] in the *Key Management Service Developer Guide*.
|
2138
|
+
#
|
2139
|
+
#
|
2140
|
+
#
|
2141
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html
|
2142
|
+
# @return [Boolean]
|
2143
|
+
#
|
2092
2144
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EncryptRequest AWS API Documentation
|
2093
2145
|
#
|
2094
2146
|
class EncryptRequest < Struct.new(
|
@@ -2096,7 +2148,8 @@ module Aws::KMS
|
|
2096
2148
|
:plaintext,
|
2097
2149
|
:encryption_context,
|
2098
2150
|
:grant_tokens,
|
2099
|
-
:encryption_algorithm
|
2151
|
+
:encryption_algorithm,
|
2152
|
+
:dry_run)
|
2100
2153
|
SENSITIVE = [:plaintext]
|
2101
2154
|
include Aws::Structure
|
2102
2155
|
end
|
@@ -2252,6 +2305,18 @@ module Aws::KMS
|
|
2252
2305
|
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html
|
2253
2306
|
# @return [Types::RecipientInfo]
|
2254
2307
|
#
|
2308
|
+
# @!attribute [rw] dry_run
|
2309
|
+
# Checks if your request will succeed. `DryRun` is an optional
|
2310
|
+
# parameter.
|
2311
|
+
#
|
2312
|
+
# To learn more about how to use this parameter, see [Testing your KMS
|
2313
|
+
# API calls][1] in the *Key Management Service Developer Guide*.
|
2314
|
+
#
|
2315
|
+
#
|
2316
|
+
#
|
2317
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html
|
2318
|
+
# @return [Boolean]
|
2319
|
+
#
|
2255
2320
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyPairRequest AWS API Documentation
|
2256
2321
|
#
|
2257
2322
|
class GenerateDataKeyPairRequest < Struct.new(
|
@@ -2259,7 +2324,8 @@ module Aws::KMS
|
|
2259
2324
|
:key_id,
|
2260
2325
|
:key_pair_spec,
|
2261
2326
|
:grant_tokens,
|
2262
|
-
:recipient
|
2327
|
+
:recipient,
|
2328
|
+
:dry_run)
|
2263
2329
|
SENSITIVE = []
|
2264
2330
|
include Aws::Structure
|
2265
2331
|
end
|
@@ -2403,13 +2469,26 @@ module Aws::KMS
|
|
2403
2469
|
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token
|
2404
2470
|
# @return [Array<String>]
|
2405
2471
|
#
|
2472
|
+
# @!attribute [rw] dry_run
|
2473
|
+
# Checks if your request will succeed. `DryRun` is an optional
|
2474
|
+
# parameter.
|
2475
|
+
#
|
2476
|
+
# To learn more about how to use this parameter, see [Testing your KMS
|
2477
|
+
# API calls][1] in the *Key Management Service Developer Guide*.
|
2478
|
+
#
|
2479
|
+
#
|
2480
|
+
#
|
2481
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html
|
2482
|
+
# @return [Boolean]
|
2483
|
+
#
|
2406
2484
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyPairWithoutPlaintextRequest AWS API Documentation
|
2407
2485
|
#
|
2408
2486
|
class GenerateDataKeyPairWithoutPlaintextRequest < Struct.new(
|
2409
2487
|
:encryption_context,
|
2410
2488
|
:key_id,
|
2411
2489
|
:key_pair_spec,
|
2412
|
-
:grant_tokens
|
2490
|
+
:grant_tokens,
|
2491
|
+
:dry_run)
|
2413
2492
|
SENSITIVE = []
|
2414
2493
|
include Aws::Structure
|
2415
2494
|
end
|
@@ -2564,6 +2643,18 @@ module Aws::KMS
|
|
2564
2643
|
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html
|
2565
2644
|
# @return [Types::RecipientInfo]
|
2566
2645
|
#
|
2646
|
+
# @!attribute [rw] dry_run
|
2647
|
+
# Checks if your request will succeed. `DryRun` is an optional
|
2648
|
+
# parameter.
|
2649
|
+
#
|
2650
|
+
# To learn more about how to use this parameter, see [Testing your KMS
|
2651
|
+
# API calls][1] in the *Key Management Service Developer Guide*.
|
2652
|
+
#
|
2653
|
+
#
|
2654
|
+
#
|
2655
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html
|
2656
|
+
# @return [Boolean]
|
2657
|
+
#
|
2567
2658
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyRequest AWS API Documentation
|
2568
2659
|
#
|
2569
2660
|
class GenerateDataKeyRequest < Struct.new(
|
@@ -2572,7 +2663,8 @@ module Aws::KMS
|
|
2572
2663
|
:number_of_bytes,
|
2573
2664
|
:key_spec,
|
2574
2665
|
:grant_tokens,
|
2575
|
-
:recipient
|
2666
|
+
:recipient,
|
2667
|
+
:dry_run)
|
2576
2668
|
SENSITIVE = []
|
2577
2669
|
include Aws::Structure
|
2578
2670
|
end
|
@@ -2707,6 +2799,18 @@ module Aws::KMS
|
|
2707
2799
|
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token
|
2708
2800
|
# @return [Array<String>]
|
2709
2801
|
#
|
2802
|
+
# @!attribute [rw] dry_run
|
2803
|
+
# Checks if your request will succeed. `DryRun` is an optional
|
2804
|
+
# parameter.
|
2805
|
+
#
|
2806
|
+
# To learn more about how to use this parameter, see [Testing your KMS
|
2807
|
+
# API calls][1] in the *Key Management Service Developer Guide*.
|
2808
|
+
#
|
2809
|
+
#
|
2810
|
+
#
|
2811
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html
|
2812
|
+
# @return [Boolean]
|
2813
|
+
#
|
2710
2814
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintextRequest AWS API Documentation
|
2711
2815
|
#
|
2712
2816
|
class GenerateDataKeyWithoutPlaintextRequest < Struct.new(
|
@@ -2714,7 +2818,8 @@ module Aws::KMS
|
|
2714
2818
|
:encryption_context,
|
2715
2819
|
:key_spec,
|
2716
2820
|
:number_of_bytes,
|
2717
|
-
:grant_tokens
|
2821
|
+
:grant_tokens,
|
2822
|
+
:dry_run)
|
2718
2823
|
SENSITIVE = []
|
2719
2824
|
include Aws::Structure
|
2720
2825
|
end
|
@@ -2786,13 +2891,26 @@ module Aws::KMS
|
|
2786
2891
|
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token
|
2787
2892
|
# @return [Array<String>]
|
2788
2893
|
#
|
2894
|
+
# @!attribute [rw] dry_run
|
2895
|
+
# Checks if your request will succeed. `DryRun` is an optional
|
2896
|
+
# parameter.
|
2897
|
+
#
|
2898
|
+
# To learn more about how to use this parameter, see [Testing your KMS
|
2899
|
+
# API calls][1] in the *Key Management Service Developer Guide*.
|
2900
|
+
#
|
2901
|
+
#
|
2902
|
+
#
|
2903
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html
|
2904
|
+
# @return [Boolean]
|
2905
|
+
#
|
2789
2906
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateMacRequest AWS API Documentation
|
2790
2907
|
#
|
2791
2908
|
class GenerateMacRequest < Struct.new(
|
2792
2909
|
:message,
|
2793
2910
|
:key_id,
|
2794
2911
|
:mac_algorithm,
|
2795
|
-
:grant_tokens
|
2912
|
+
:grant_tokens,
|
2913
|
+
:dry_run)
|
2796
2914
|
SENSITIVE = [:message]
|
2797
2915
|
include Aws::Structure
|
2798
2916
|
end
|
@@ -2994,10 +3112,14 @@ module Aws::KMS
|
|
2994
3112
|
end
|
2995
3113
|
|
2996
3114
|
# @!attribute [rw] key_id
|
2997
|
-
# The identifier of the
|
2998
|
-
#
|
3115
|
+
# The identifier of the KMS key that will be associated with the
|
3116
|
+
# imported key material. The `Origin` of the KMS key must be
|
2999
3117
|
# `EXTERNAL`.
|
3000
3118
|
#
|
3119
|
+
# All KMS key types are supported, including multi-Region keys.
|
3120
|
+
# However, you cannot import key material into a KMS key in a custom
|
3121
|
+
# key store.
|
3122
|
+
#
|
3001
3123
|
# Specify the key ID or key ARN of the KMS key.
|
3002
3124
|
#
|
3003
3125
|
# For example:
|
@@ -3012,26 +3134,54 @@ module Aws::KMS
|
|
3012
3134
|
# @return [String]
|
3013
3135
|
#
|
3014
3136
|
# @!attribute [rw] wrapping_algorithm
|
3015
|
-
# The algorithm you will use
|
3016
|
-
# the
|
3017
|
-
# see [
|
3018
|
-
#
|
3137
|
+
# The algorithm you will use with the RSA public key (`PublicKey`) in
|
3138
|
+
# the response to protect your key material during import. For more
|
3139
|
+
# information, see [Select a wrapping
|
3140
|
+
# algorithm](kms/latest/developerguide/importing-keys-get-public-key-and-token.html#select-wrapping-algorithm)
|
3141
|
+
# in the *Key Management Service Developer Guide*.
|
3142
|
+
#
|
3143
|
+
# For RSA\_AES wrapping algorithms, you encrypt your key material with
|
3144
|
+
# an AES key that you generate, then encrypt your AES key with the RSA
|
3145
|
+
# public key from KMS. For RSAES wrapping algorithms, you encrypt your
|
3146
|
+
# key material directly with the RSA public key from KMS.
|
3147
|
+
#
|
3148
|
+
# The wrapping algorithms that you can use depend on the type of key
|
3149
|
+
# material that you are importing. To import an RSA private key, you
|
3150
|
+
# must use an RSA\_AES wrapping algorithm.
|
3151
|
+
#
|
3152
|
+
# * **RSA\_AES\_KEY\_WRAP\_SHA\_256** — Supported for wrapping RSA and
|
3153
|
+
# ECC key material.
|
3019
3154
|
#
|
3020
|
-
#
|
3021
|
-
#
|
3022
|
-
# immediately. KMS will end support for `RSAES_PKCS1_V1_5` by October
|
3023
|
-
# 1, 2023 pursuant to [cryptographic key management guidance][2] from
|
3024
|
-
# the National Institute of Standards and Technology (NIST).
|
3155
|
+
# * **RSA\_AES\_KEY\_WRAP\_SHA\_1** — Supported for wrapping RSA and
|
3156
|
+
# ECC key material.
|
3025
3157
|
#
|
3158
|
+
# * **RSAES\_OAEP\_SHA\_256** — Supported for all types of key
|
3159
|
+
# material, except RSA key material (private key).
|
3026
3160
|
#
|
3161
|
+
# You cannot use the RSAES\_OAEP\_SHA\_256 wrapping algorithm with
|
3162
|
+
# the RSA\_2048 wrapping key spec to wrap ECC\_NIST\_P521 key
|
3163
|
+
# material.
|
3027
3164
|
#
|
3028
|
-
#
|
3029
|
-
#
|
3165
|
+
# * **RSAES\_OAEP\_SHA\_1** — Supported for all types of key material,
|
3166
|
+
# except RSA key material (private key).
|
3167
|
+
#
|
3168
|
+
# You cannot use the RSAES\_OAEP\_SHA\_1 wrapping algorithm with the
|
3169
|
+
# RSA\_2048 wrapping key spec to wrap ECC\_NIST\_P521 key material.
|
3170
|
+
#
|
3171
|
+
# * **RSAES\_PKCS1\_V1\_5** (Deprecated) — As of October 10, 2023, KMS
|
3172
|
+
# does not support the RSAES\_PKCS1\_V1\_5 wrapping algorithm.
|
3030
3173
|
# @return [String]
|
3031
3174
|
#
|
3032
3175
|
# @!attribute [rw] wrapping_key_spec
|
3033
|
-
# The type of
|
3034
|
-
#
|
3176
|
+
# The type of RSA public key to return in the response. You will use
|
3177
|
+
# this wrapping key with the specified wrapping algorithm to protect
|
3178
|
+
# your key material during import.
|
3179
|
+
#
|
3180
|
+
# Use the longest RSA wrapping key that is practical.
|
3181
|
+
#
|
3182
|
+
# You cannot use an RSA\_2048 public key to directly wrap an
|
3183
|
+
# ECC\_NIST\_P521 private key. Instead, use an RSA\_AES wrapping
|
3184
|
+
# algorithm or choose a longer RSA public key.
|
3035
3185
|
# @return [String]
|
3036
3186
|
#
|
3037
3187
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetParametersForImportRequest AWS API Documentation
|
@@ -3338,13 +3488,19 @@ module Aws::KMS
|
|
3338
3488
|
end
|
3339
3489
|
|
3340
3490
|
# @!attribute [rw] key_id
|
3341
|
-
# The identifier of the
|
3491
|
+
# The identifier of the KMS key that will be associated with the
|
3342
3492
|
# imported key material. This must be the same KMS key specified in
|
3343
3493
|
# the `KeyID` parameter of the corresponding GetParametersForImport
|
3344
|
-
# request. The `Origin` of the KMS key must be `EXTERNAL
|
3345
|
-
#
|
3346
|
-
#
|
3347
|
-
#
|
3494
|
+
# request. The `Origin` of the KMS key must be `EXTERNAL` and its
|
3495
|
+
# `KeyState` must be `PendingImport`.
|
3496
|
+
#
|
3497
|
+
# The KMS key can be a symmetric encryption KMS key, HMAC KMS key,
|
3498
|
+
# asymmetric encryption KMS key, or asymmetric signing KMS key,
|
3499
|
+
# including a [multi-Region
|
3500
|
+
# key](kms/latest/developerguide/multi-region-keys-overview.html) of
|
3501
|
+
# any supported type. You cannot perform this operation on a KMS key
|
3502
|
+
# in a custom key store, or on a KMS key in a different Amazon Web
|
3503
|
+
# Services account.
|
3348
3504
|
#
|
3349
3505
|
# Specify the key ID or key ARN of the KMS key.
|
3350
3506
|
#
|
@@ -3368,7 +3524,7 @@ module Aws::KMS
|
|
3368
3524
|
#
|
3369
3525
|
# @!attribute [rw] encrypted_key_material
|
3370
3526
|
# The encrypted key material to import. The key material must be
|
3371
|
-
# encrypted
|
3527
|
+
# encrypted under the public wrapping key that GetParametersForImport
|
3372
3528
|
# returned, using the wrapping algorithm that you specified in the
|
3373
3529
|
# same `GetParametersForImport` request.
|
3374
3530
|
# @return [String]
|
@@ -3394,7 +3550,8 @@ module Aws::KMS
|
|
3394
3550
|
#
|
3395
3551
|
# @!attribute [rw] expiration_model
|
3396
3552
|
# Specifies whether the key material expires. The default is
|
3397
|
-
# `KEY_MATERIAL_EXPIRES`.
|
3553
|
+
# `KEY_MATERIAL_EXPIRES`. For help with this choice, see [Setting an
|
3554
|
+
# expiration time][1] in the *Key Management Service Developer Guide*.
|
3398
3555
|
#
|
3399
3556
|
# When the value of `ExpirationModel` is `KEY_MATERIAL_EXPIRES`, you
|
3400
3557
|
# must specify a value for the `ValidTo` parameter. When value is
|
@@ -3403,8 +3560,11 @@ module Aws::KMS
|
|
3403
3560
|
#
|
3404
3561
|
# You cannot change the `ExpirationModel` or `ValidTo` values for the
|
3405
3562
|
# current import after the request completes. To change either value,
|
3406
|
-
# you must
|
3407
|
-
#
|
3563
|
+
# you must reimport the key material.
|
3564
|
+
#
|
3565
|
+
#
|
3566
|
+
#
|
3567
|
+
# [1]: https://docs.aws.amazon.com/en_us/kms/latest/developerguide/importing-keys.html#importing-keys-expiration
|
3408
3568
|
# @return [String]
|
3409
3569
|
#
|
3410
3570
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ImportKeyMaterialRequest AWS API Documentation
|
@@ -4551,12 +4711,13 @@ module Aws::KMS
|
|
4551
4711
|
# Management Service Developer Guide*.
|
4552
4712
|
#
|
4553
4713
|
# Use this parameter only when you intend to prevent the principal
|
4554
|
-
# that is making the request from making a subsequent
|
4555
|
-
# request on the KMS key.
|
4714
|
+
# that is making the request from making a subsequent
|
4715
|
+
# [PutKeyPolicy][2] request on the KMS key.
|
4556
4716
|
#
|
4557
4717
|
#
|
4558
4718
|
#
|
4559
4719
|
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key
|
4720
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html
|
4560
4721
|
# @return [Boolean]
|
4561
4722
|
#
|
4562
4723
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicyRequest AWS API Documentation
|
@@ -4723,6 +4884,18 @@ module Aws::KMS
|
|
4723
4884
|
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token
|
4724
4885
|
# @return [Array<String>]
|
4725
4886
|
#
|
4887
|
+
# @!attribute [rw] dry_run
|
4888
|
+
# Checks if your request will succeed. `DryRun` is an optional
|
4889
|
+
# parameter.
|
4890
|
+
#
|
4891
|
+
# To learn more about how to use this parameter, see [Testing your KMS
|
4892
|
+
# API calls][1] in the *Key Management Service Developer Guide*.
|
4893
|
+
#
|
4894
|
+
#
|
4895
|
+
#
|
4896
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html
|
4897
|
+
# @return [Boolean]
|
4898
|
+
#
|
4726
4899
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReEncryptRequest AWS API Documentation
|
4727
4900
|
#
|
4728
4901
|
class ReEncryptRequest < Struct.new(
|
@@ -4733,7 +4906,8 @@ module Aws::KMS
|
|
4733
4906
|
:destination_encryption_context,
|
4734
4907
|
:source_encryption_algorithm,
|
4735
4908
|
:destination_encryption_algorithm,
|
4736
|
-
:grant_tokens
|
4909
|
+
:grant_tokens,
|
4910
|
+
:dry_run)
|
4737
4911
|
SENSITIVE = []
|
4738
4912
|
include Aws::Structure
|
4739
4913
|
end
|
@@ -4935,12 +5109,13 @@ module Aws::KMS
|
|
4935
5109
|
# Management Service Developer Guide*.
|
4936
5110
|
#
|
4937
5111
|
# Use this parameter only when you intend to prevent the principal
|
4938
|
-
# that is making the request from making a subsequent
|
4939
|
-
# request on the KMS key.
|
5112
|
+
# that is making the request from making a subsequent
|
5113
|
+
# [PutKeyPolicy][2] request on the KMS key.
|
4940
5114
|
#
|
4941
5115
|
#
|
4942
5116
|
#
|
4943
5117
|
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key
|
5118
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html
|
4944
5119
|
# @return [Boolean]
|
4945
5120
|
#
|
4946
5121
|
# @!attribute [rw] description
|
@@ -5075,12 +5250,25 @@ module Aws::KMS
|
|
5075
5250
|
# ^
|
5076
5251
|
# @return [String]
|
5077
5252
|
#
|
5253
|
+
# @!attribute [rw] dry_run
|
5254
|
+
# Checks if your request will succeed. `DryRun` is an optional
|
5255
|
+
# parameter.
|
5256
|
+
#
|
5257
|
+
# To learn more about how to use this parameter, see [Testing your KMS
|
5258
|
+
# API calls][1] in the *Key Management Service Developer Guide*.
|
5259
|
+
#
|
5260
|
+
#
|
5261
|
+
#
|
5262
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html
|
5263
|
+
# @return [Boolean]
|
5264
|
+
#
|
5078
5265
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RetireGrantRequest AWS API Documentation
|
5079
5266
|
#
|
5080
5267
|
class RetireGrantRequest < Struct.new(
|
5081
5268
|
:grant_token,
|
5082
5269
|
:key_id,
|
5083
|
-
:grant_id
|
5270
|
+
:grant_id,
|
5271
|
+
:dry_run)
|
5084
5272
|
SENSITIVE = []
|
5085
5273
|
include Aws::Structure
|
5086
5274
|
end
|
@@ -5110,11 +5298,24 @@ module Aws::KMS
|
|
5110
5298
|
# CreateGrant, ListGrants, or ListRetirableGrants.
|
5111
5299
|
# @return [String]
|
5112
5300
|
#
|
5301
|
+
# @!attribute [rw] dry_run
|
5302
|
+
# Checks if your request will succeed. `DryRun` is an optional
|
5303
|
+
# parameter.
|
5304
|
+
#
|
5305
|
+
# To learn more about how to use this parameter, see [Testing your KMS
|
5306
|
+
# API calls][1] in the *Key Management Service Developer Guide*.
|
5307
|
+
#
|
5308
|
+
#
|
5309
|
+
#
|
5310
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html
|
5311
|
+
# @return [Boolean]
|
5312
|
+
#
|
5113
5313
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RevokeGrantRequest AWS API Documentation
|
5114
5314
|
#
|
5115
5315
|
class RevokeGrantRequest < Struct.new(
|
5116
5316
|
:key_id,
|
5117
|
-
:grant_id
|
5317
|
+
:grant_id,
|
5318
|
+
:dry_run)
|
5118
5319
|
SENSITIVE = []
|
5119
5320
|
include Aws::Structure
|
5120
5321
|
end
|
@@ -5145,6 +5346,13 @@ module Aws::KMS
|
|
5145
5346
|
#
|
5146
5347
|
# This value is optional. If you include a value, it must be between 7
|
5147
5348
|
# and 30, inclusive. If you do not include a value, it defaults to 30.
|
5349
|
+
# You can use the [ `kms:ScheduleKeyDeletionPendingWindowInDays` ][1]
|
5350
|
+
# condition key to further constrain the values that principals can
|
5351
|
+
# specify in the `PendingWindowInDays` parameter.
|
5352
|
+
#
|
5353
|
+
#
|
5354
|
+
#
|
5355
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-schedule-key-deletion-pending-window-in-days
|
5148
5356
|
# @return [Integer]
|
5149
5357
|
#
|
5150
5358
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ScheduleKeyDeletionRequest AWS API Documentation
|
@@ -5306,6 +5514,18 @@ module Aws::KMS
|
|
5306
5514
|
# algorithms for compatibility with existing applications.
|
5307
5515
|
# @return [String]
|
5308
5516
|
#
|
5517
|
+
# @!attribute [rw] dry_run
|
5518
|
+
# Checks if your request will succeed. `DryRun` is an optional
|
5519
|
+
# parameter.
|
5520
|
+
#
|
5521
|
+
# To learn more about how to use this parameter, see [Testing your KMS
|
5522
|
+
# API calls][1] in the *Key Management Service Developer Guide*.
|
5523
|
+
#
|
5524
|
+
#
|
5525
|
+
#
|
5526
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html
|
5527
|
+
# @return [Boolean]
|
5528
|
+
#
|
5309
5529
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/SignRequest AWS API Documentation
|
5310
5530
|
#
|
5311
5531
|
class SignRequest < Struct.new(
|
@@ -5313,7 +5533,8 @@ module Aws::KMS
|
|
5313
5533
|
:message,
|
5314
5534
|
:message_type,
|
5315
5535
|
:grant_tokens,
|
5316
|
-
:signing_algorithm
|
5536
|
+
:signing_algorithm,
|
5537
|
+
:dry_run)
|
5317
5538
|
SENSITIVE = [:message]
|
5318
5539
|
include Aws::Structure
|
5319
5540
|
end
|
@@ -5335,7 +5556,7 @@ module Aws::KMS
|
|
5335
5556
|
#
|
5336
5557
|
# * When used with the `ECDSA_SHA_256`, `ECDSA_SHA_384`, or
|
5337
5558
|
# `ECDSA_SHA_512` signing algorithms, this value is a DER-encoded
|
5338
|
-
# object as defined by
|
5559
|
+
# object as defined by ANSI X9.62–2005 and [RFC 3279 Section
|
5339
5560
|
# 2.2.3][2]. This is the most commonly used signature format and is
|
5340
5561
|
# appropriate for most uses.
|
5341
5562
|
#
|
@@ -5810,6 +6031,18 @@ module Aws::KMS
|
|
5810
6031
|
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token
|
5811
6032
|
# @return [Array<String>]
|
5812
6033
|
#
|
6034
|
+
# @!attribute [rw] dry_run
|
6035
|
+
# Checks if your request will succeed. `DryRun` is an optional
|
6036
|
+
# parameter.
|
6037
|
+
#
|
6038
|
+
# To learn more about how to use this parameter, see [Testing your KMS
|
6039
|
+
# API calls][1] in the *Key Management Service Developer Guide*.
|
6040
|
+
#
|
6041
|
+
#
|
6042
|
+
#
|
6043
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html
|
6044
|
+
# @return [Boolean]
|
6045
|
+
#
|
5813
6046
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/VerifyMacRequest AWS API Documentation
|
5814
6047
|
#
|
5815
6048
|
class VerifyMacRequest < Struct.new(
|
@@ -5817,7 +6050,8 @@ module Aws::KMS
|
|
5817
6050
|
:key_id,
|
5818
6051
|
:mac_algorithm,
|
5819
6052
|
:mac,
|
5820
|
-
:grant_tokens
|
6053
|
+
:grant_tokens,
|
6054
|
+
:dry_run)
|
5821
6055
|
SENSITIVE = [:message]
|
5822
6056
|
include Aws::Structure
|
5823
6057
|
end
|
@@ -5954,6 +6188,18 @@ module Aws::KMS
|
|
5954
6188
|
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token
|
5955
6189
|
# @return [Array<String>]
|
5956
6190
|
#
|
6191
|
+
# @!attribute [rw] dry_run
|
6192
|
+
# Checks if your request will succeed. `DryRun` is an optional
|
6193
|
+
# parameter.
|
6194
|
+
#
|
6195
|
+
# To learn more about how to use this parameter, see [Testing your KMS
|
6196
|
+
# API calls][1] in the *Key Management Service Developer Guide*.
|
6197
|
+
#
|
6198
|
+
#
|
6199
|
+
#
|
6200
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html
|
6201
|
+
# @return [Boolean]
|
6202
|
+
#
|
5957
6203
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/VerifyRequest AWS API Documentation
|
5958
6204
|
#
|
5959
6205
|
class VerifyRequest < Struct.new(
|
@@ -5962,7 +6208,8 @@ module Aws::KMS
|
|
5962
6208
|
:message_type,
|
5963
6209
|
:signature,
|
5964
6210
|
:signing_algorithm,
|
5965
|
-
:grant_tokens
|
6211
|
+
:grant_tokens,
|
6212
|
+
:dry_run)
|
5966
6213
|
SENSITIVE = [:message]
|
5967
6214
|
include Aws::Structure
|
5968
6215
|
end
|
@@ -5999,9 +6246,9 @@ module Aws::KMS
|
|
5999
6246
|
end
|
6000
6247
|
|
6001
6248
|
# The request was rejected because the (`XksKeyId`) is already
|
6002
|
-
# associated with
|
6003
|
-
# an external key store must be associated with a different
|
6004
|
-
# key.
|
6249
|
+
# associated with another KMS key in this external key store. Each KMS
|
6250
|
+
# key in an external key store must be associated with a different
|
6251
|
+
# external key.
|
6005
6252
|
#
|
6006
6253
|
# @!attribute [rw] message
|
6007
6254
|
# @return [String]
|
@@ -6180,9 +6427,9 @@ module Aws::KMS
|
|
6180
6427
|
include Aws::Structure
|
6181
6428
|
end
|
6182
6429
|
|
6183
|
-
# The request was rejected because the
|
6184
|
-
#
|
6185
|
-
#
|
6430
|
+
# The request was rejected because the external key store proxy is not
|
6431
|
+
# configured correctly. To identify the cause, see the error message
|
6432
|
+
# that accompanies the exception.
|
6186
6433
|
#
|
6187
6434
|
# @!attribute [rw] message
|
6188
6435
|
# @return [String]
|
@@ -6211,11 +6458,10 @@ module Aws::KMS
|
|
6211
6458
|
include Aws::Structure
|
6212
6459
|
end
|
6213
6460
|
|
6214
|
-
# The request was rejected because the
|
6215
|
-
#
|
6216
|
-
#
|
6217
|
-
#
|
6218
|
-
# address.
|
6461
|
+
# The request was rejected because the `XksProxyUriEndpoint` is already
|
6462
|
+
# associated with another external key store in this Amazon Web Services
|
6463
|
+
# Region. To identify the cause, see the error message that accompanies
|
6464
|
+
# the exception.
|
6219
6465
|
#
|
6220
6466
|
# @!attribute [rw] message
|
6221
6467
|
# @return [String]
|
@@ -6230,9 +6476,9 @@ module Aws::KMS
|
|
6230
6476
|
|
6231
6477
|
# The request was rejected because the concatenation of the
|
6232
6478
|
# `XksProxyUriEndpoint` and `XksProxyUriPath` is already associated with
|
6233
|
-
#
|
6234
|
-
#
|
6235
|
-
#
|
6479
|
+
# another external key store in this Amazon Web Services Region. Each
|
6480
|
+
# external key store in a Region must use a unique external key store
|
6481
|
+
# proxy API address.
|
6236
6482
|
#
|
6237
6483
|
# @!attribute [rw] message
|
6238
6484
|
# @return [String]
|
@@ -6265,10 +6511,9 @@ module Aws::KMS
|
|
6265
6511
|
end
|
6266
6512
|
|
6267
6513
|
# The request was rejected because the specified Amazon VPC endpoint
|
6268
|
-
# service is already associated with
|
6269
|
-
# Web Services
|
6270
|
-
#
|
6271
|
-
# endpoint service.
|
6514
|
+
# service is already associated with another external key store in this
|
6515
|
+
# Amazon Web Services Region. Each external key store in a Region must
|
6516
|
+
# use a different Amazon VPC endpoint service.
|
6272
6517
|
#
|
6273
6518
|
# @!attribute [rw] message
|
6274
6519
|
# @return [String]
|
@@ -6283,10 +6528,13 @@ module Aws::KMS
|
|
6283
6528
|
|
6284
6529
|
# The request was rejected because the Amazon VPC endpoint service
|
6285
6530
|
# configuration does not fulfill the requirements for an external key
|
6286
|
-
# store
|
6287
|
-
# requirements]
|
6288
|
-
#
|
6289
|
-
#
|
6531
|
+
# store. To identify the cause, see the error message that accompanies
|
6532
|
+
# the exception and [review the requirements][1] for Amazon VPC endpoint
|
6533
|
+
# service connectivity for an external key store.
|
6534
|
+
#
|
6535
|
+
#
|
6536
|
+
#
|
6537
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements
|
6290
6538
|
#
|
6291
6539
|
# @!attribute [rw] message
|
6292
6540
|
# @return [String]
|