aws-sdk-kms 1.79.0 → 1.91.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +60 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-kms/client.rb +428 -83
- data/lib/aws-sdk-kms/client_api.rb +42 -0
- data/lib/aws-sdk-kms/endpoints.rb +63 -208
- data/lib/aws-sdk-kms/plugins/endpoints.rb +12 -1
- data/lib/aws-sdk-kms/types.rb +231 -19
- data/lib/aws-sdk-kms.rb +1 -1
- data/sig/client.rbs +30 -5
- data/sig/resource.rbs +2 -0
- data/sig/types.rbs +28 -7
- metadata +6 -6
@@ -40,11 +40,20 @@ module Aws::KMS
|
|
40
40
|
context[:auth_scheme] =
|
41
41
|
Aws::Endpoints.resolve_auth_scheme(context, endpoint)
|
42
42
|
|
43
|
-
@handler.call(context)
|
43
|
+
with_metrics(context) { @handler.call(context) }
|
44
44
|
end
|
45
45
|
|
46
46
|
private
|
47
47
|
|
48
|
+
def with_metrics(context, &block)
|
49
|
+
metrics = []
|
50
|
+
metrics << 'ENDPOINT_OVERRIDE' unless context.config.regional_endpoint
|
51
|
+
if context[:auth_scheme] && context[:auth_scheme]['name'] == 'sigv4a'
|
52
|
+
metrics << 'SIGV4A_SIGNING'
|
53
|
+
end
|
54
|
+
Aws::Plugins::UserAgent.metric(*metrics, &block)
|
55
|
+
end
|
56
|
+
|
48
57
|
def apply_endpoint_headers(context, headers)
|
49
58
|
headers.each do |key, values|
|
50
59
|
value = values
|
@@ -78,6 +87,8 @@ module Aws::KMS
|
|
78
87
|
Aws::KMS::Endpoints::DeleteCustomKeyStore.build(context)
|
79
88
|
when :delete_imported_key_material
|
80
89
|
Aws::KMS::Endpoints::DeleteImportedKeyMaterial.build(context)
|
90
|
+
when :derive_shared_secret
|
91
|
+
Aws::KMS::Endpoints::DeriveSharedSecret.build(context)
|
81
92
|
when :describe_custom_key_stores
|
82
93
|
Aws::KMS::Endpoints::DescribeCustomKeyStores.build(context)
|
83
94
|
when :describe_key
|
data/lib/aws-sdk-kms/types.rb
CHANGED
@@ -841,14 +841,17 @@ module Aws::KMS
|
|
841
841
|
#
|
842
842
|
# * For HMAC KMS keys (symmetric), specify `GENERATE_VERIFY_MAC`.
|
843
843
|
#
|
844
|
-
# * For asymmetric KMS keys with RSA key
|
844
|
+
# * For asymmetric KMS keys with RSA key pairs, specify
|
845
845
|
# `ENCRYPT_DECRYPT` or `SIGN_VERIFY`.
|
846
846
|
#
|
847
|
-
# * For asymmetric KMS keys with
|
847
|
+
# * For asymmetric KMS keys with NIST-recommended elliptic curve key
|
848
|
+
# pairs, specify `SIGN_VERIFY` or `KEY_AGREEMENT`.
|
849
|
+
#
|
850
|
+
# * For asymmetric KMS keys with `ECC_SECG_P256K1` key pairs specify
|
848
851
|
# `SIGN_VERIFY`.
|
849
852
|
#
|
850
|
-
# * For asymmetric KMS keys with SM2 key
|
851
|
-
#
|
853
|
+
# * For asymmetric KMS keys with SM2 key pairs (China Regions only),
|
854
|
+
# specify `ENCRYPT_DECRYPT`, `SIGN_VERIFY`, or `KEY_AGREEMENT`.
|
852
855
|
#
|
853
856
|
#
|
854
857
|
#
|
@@ -904,7 +907,8 @@ module Aws::KMS
|
|
904
907
|
#
|
905
908
|
# * `HMAC_512`
|
906
909
|
#
|
907
|
-
# * Asymmetric RSA key pairs
|
910
|
+
# * Asymmetric RSA key pairs (encryption and decryption -or- signing
|
911
|
+
# and verification)
|
908
912
|
#
|
909
913
|
# * `RSA_2048`
|
910
914
|
#
|
@@ -912,7 +916,8 @@ module Aws::KMS
|
|
912
916
|
#
|
913
917
|
# * `RSA_4096`
|
914
918
|
#
|
915
|
-
# * Asymmetric NIST-recommended elliptic curve key pairs
|
919
|
+
# * Asymmetric NIST-recommended elliptic curve key pairs (signing and
|
920
|
+
# verification -or- deriving shared secrets)
|
916
921
|
#
|
917
922
|
# * `ECC_NIST_P256` (secp256r1)
|
918
923
|
#
|
@@ -920,16 +925,18 @@ module Aws::KMS
|
|
920
925
|
#
|
921
926
|
# * `ECC_NIST_P521` (secp521r1)
|
922
927
|
#
|
923
|
-
# * Other asymmetric elliptic curve key pairs
|
928
|
+
# * Other asymmetric elliptic curve key pairs (signing and
|
929
|
+
# verification)
|
924
930
|
#
|
925
931
|
# * `ECC_SECG_P256K1` (secp256k1), commonly used for
|
926
932
|
# cryptocurrencies.
|
927
933
|
#
|
928
934
|
# ^
|
929
935
|
#
|
930
|
-
# * SM2 key pairs (
|
936
|
+
# * SM2 key pairs (encryption and decryption -or- signing and
|
937
|
+
# verification -or- deriving shared secrets)
|
931
938
|
#
|
932
|
-
# * `SM2`
|
939
|
+
# * `SM2` (China Regions only)
|
933
940
|
#
|
934
941
|
# ^
|
935
942
|
#
|
@@ -1761,6 +1768,195 @@ module Aws::KMS
|
|
1761
1768
|
include Aws::Structure
|
1762
1769
|
end
|
1763
1770
|
|
1771
|
+
# @!attribute [rw] key_id
|
1772
|
+
# Identifies an asymmetric NIST-recommended ECC or SM2 (China Regions
|
1773
|
+
# only) KMS key. KMS uses the private key in the specified key pair to
|
1774
|
+
# derive the shared secret. The key usage of the KMS key must be
|
1775
|
+
# `KEY_AGREEMENT`. To find the `KeyUsage` of a KMS key, use the
|
1776
|
+
# DescribeKey operation.
|
1777
|
+
#
|
1778
|
+
# To specify a KMS key, use its key ID, key ARN, alias name, or alias
|
1779
|
+
# ARN. When using an alias name, prefix it with `"alias/"`. To specify
|
1780
|
+
# a KMS key in a different Amazon Web Services account, you must use
|
1781
|
+
# the key ARN or alias ARN.
|
1782
|
+
#
|
1783
|
+
# For example:
|
1784
|
+
#
|
1785
|
+
# * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
|
1786
|
+
#
|
1787
|
+
# * Key ARN:
|
1788
|
+
# `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
|
1789
|
+
#
|
1790
|
+
# * Alias name: `alias/ExampleAlias`
|
1791
|
+
#
|
1792
|
+
# * Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`
|
1793
|
+
#
|
1794
|
+
# To get the key ID and key ARN for a KMS key, use ListKeys or
|
1795
|
+
# DescribeKey. To get the alias name and alias ARN, use ListAliases.
|
1796
|
+
# @return [String]
|
1797
|
+
#
|
1798
|
+
# @!attribute [rw] key_agreement_algorithm
|
1799
|
+
# Specifies the key agreement algorithm used to derive the shared
|
1800
|
+
# secret. The only valid value is `ECDH`.
|
1801
|
+
# @return [String]
|
1802
|
+
#
|
1803
|
+
# @!attribute [rw] public_key
|
1804
|
+
# Specifies the public key in your peer's NIST-recommended elliptic
|
1805
|
+
# curve (ECC) or SM2 (China Regions only) key pair.
|
1806
|
+
#
|
1807
|
+
# The public key must be a DER-encoded X.509 public key, also known as
|
1808
|
+
# `SubjectPublicKeyInfo` (SPKI), as defined in [RFC 5280][1].
|
1809
|
+
#
|
1810
|
+
# GetPublicKey returns the public key of an asymmetric KMS key pair in
|
1811
|
+
# the required DER-encoded format.
|
1812
|
+
#
|
1813
|
+
# <note markdown="1"> If you use [Amazon Web Services CLI version 1][2], you must provide
|
1814
|
+
# the DER-encoded X.509 public key in a file. Otherwise, the Amazon
|
1815
|
+
# Web Services CLI Base64-encodes the public key a second time,
|
1816
|
+
# resulting in a `ValidationException`.
|
1817
|
+
#
|
1818
|
+
# </note>
|
1819
|
+
#
|
1820
|
+
# You can specify the public key as binary data in a file using fileb
|
1821
|
+
# (`fileb://<path-to-file>`) or in-line using a Base64 encoded string.
|
1822
|
+
#
|
1823
|
+
#
|
1824
|
+
#
|
1825
|
+
# [1]: https://tools.ietf.org/html/rfc5280
|
1826
|
+
# [2]: https://docs.aws.amazon.com/cli/v1/userguide/cli-chap-welcome.html
|
1827
|
+
# @return [String]
|
1828
|
+
#
|
1829
|
+
# @!attribute [rw] grant_tokens
|
1830
|
+
# A list of grant tokens.
|
1831
|
+
#
|
1832
|
+
# Use a grant token when your permission to call this operation comes
|
1833
|
+
# from a new grant that has not yet achieved *eventual consistency*.
|
1834
|
+
# For more information, see [Grant token][1] and [Using a grant
|
1835
|
+
# token][2] in the *Key Management Service Developer Guide*.
|
1836
|
+
#
|
1837
|
+
#
|
1838
|
+
#
|
1839
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token
|
1840
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token
|
1841
|
+
# @return [Array<String>]
|
1842
|
+
#
|
1843
|
+
# @!attribute [rw] dry_run
|
1844
|
+
# Checks if your request will succeed. `DryRun` is an optional
|
1845
|
+
# parameter.
|
1846
|
+
#
|
1847
|
+
# To learn more about how to use this parameter, see [Testing your KMS
|
1848
|
+
# API calls][1] in the *Key Management Service Developer Guide*.
|
1849
|
+
#
|
1850
|
+
#
|
1851
|
+
#
|
1852
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html
|
1853
|
+
# @return [Boolean]
|
1854
|
+
#
|
1855
|
+
# @!attribute [rw] recipient
|
1856
|
+
# A signed [attestation document][1] from an Amazon Web Services Nitro
|
1857
|
+
# enclave and the encryption algorithm to use with the enclave's
|
1858
|
+
# public key. The only valid encryption algorithm is
|
1859
|
+
# `RSAES_OAEP_SHA_256`.
|
1860
|
+
#
|
1861
|
+
# This parameter only supports attestation documents for Amazon Web
|
1862
|
+
# Services Nitro Enclaves. To call DeriveSharedSecret for an Amazon
|
1863
|
+
# Web Services Nitro Enclaves, use the [Amazon Web Services Nitro
|
1864
|
+
# Enclaves SDK][2] to generate the attestation document and then use
|
1865
|
+
# the Recipient parameter from any Amazon Web Services SDK to provide
|
1866
|
+
# the attestation document for the enclave.
|
1867
|
+
#
|
1868
|
+
# When you use this parameter, instead of returning a plaintext copy
|
1869
|
+
# of the shared secret, KMS encrypts the plaintext shared secret under
|
1870
|
+
# the public key in the attestation document, and returns the
|
1871
|
+
# resulting ciphertext in the `CiphertextForRecipient` field in the
|
1872
|
+
# response. This ciphertext can be decrypted only with the private key
|
1873
|
+
# in the enclave. The `CiphertextBlob` field in the response contains
|
1874
|
+
# the encrypted shared secret derived from the KMS key specified by
|
1875
|
+
# the `KeyId` parameter and public key specified by the `PublicKey`
|
1876
|
+
# parameter. The `SharedSecret` field in the response is null or
|
1877
|
+
# empty.
|
1878
|
+
#
|
1879
|
+
# For information about the interaction between KMS and Amazon Web
|
1880
|
+
# Services Nitro Enclaves, see [How Amazon Web Services Nitro Enclaves
|
1881
|
+
# uses KMS][3] in the *Key Management Service Developer Guide*.
|
1882
|
+
#
|
1883
|
+
#
|
1884
|
+
#
|
1885
|
+
# [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc
|
1886
|
+
# [2]: https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk
|
1887
|
+
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html
|
1888
|
+
# @return [Types::RecipientInfo]
|
1889
|
+
#
|
1890
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeriveSharedSecretRequest AWS API Documentation
|
1891
|
+
#
|
1892
|
+
class DeriveSharedSecretRequest < Struct.new(
|
1893
|
+
:key_id,
|
1894
|
+
:key_agreement_algorithm,
|
1895
|
+
:public_key,
|
1896
|
+
:grant_tokens,
|
1897
|
+
:dry_run,
|
1898
|
+
:recipient)
|
1899
|
+
SENSITIVE = []
|
1900
|
+
include Aws::Structure
|
1901
|
+
end
|
1902
|
+
|
1903
|
+
# @!attribute [rw] key_id
|
1904
|
+
# Identifies the KMS key used to derive the shared secret.
|
1905
|
+
# @return [String]
|
1906
|
+
#
|
1907
|
+
# @!attribute [rw] shared_secret
|
1908
|
+
# The raw secret derived from the specified key agreement algorithm,
|
1909
|
+
# private key in the asymmetric KMS key, and your peer's public key.
|
1910
|
+
#
|
1911
|
+
# If the response includes the `CiphertextForRecipient` field, the
|
1912
|
+
# `SharedSecret` field is null or empty.
|
1913
|
+
# @return [String]
|
1914
|
+
#
|
1915
|
+
# @!attribute [rw] ciphertext_for_recipient
|
1916
|
+
# The plaintext shared secret encrypted with the public key in the
|
1917
|
+
# attestation document.
|
1918
|
+
#
|
1919
|
+
# This field is included in the response only when the `Recipient`
|
1920
|
+
# parameter in the request includes a valid attestation document from
|
1921
|
+
# an Amazon Web Services Nitro enclave. For information about the
|
1922
|
+
# interaction between KMS and Amazon Web Services Nitro Enclaves, see
|
1923
|
+
# [How Amazon Web Services Nitro Enclaves uses KMS][1] in the *Key
|
1924
|
+
# Management Service Developer Guide*.
|
1925
|
+
#
|
1926
|
+
#
|
1927
|
+
#
|
1928
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html
|
1929
|
+
# @return [String]
|
1930
|
+
#
|
1931
|
+
# @!attribute [rw] key_agreement_algorithm
|
1932
|
+
# Identifies the key agreement algorithm used to derive the shared
|
1933
|
+
# secret.
|
1934
|
+
# @return [String]
|
1935
|
+
#
|
1936
|
+
# @!attribute [rw] key_origin
|
1937
|
+
# The source of the key material for the specified KMS key.
|
1938
|
+
#
|
1939
|
+
# When this value is `AWS_KMS`, KMS created the key material. When
|
1940
|
+
# this value is `EXTERNAL`, the key material was imported or the KMS
|
1941
|
+
# key doesn't have any key material.
|
1942
|
+
#
|
1943
|
+
# The only valid values for DeriveSharedSecret are `AWS_KMS` and
|
1944
|
+
# `EXTERNAL`. DeriveSharedSecret does not support KMS keys with a
|
1945
|
+
# `KeyOrigin` value of `AWS_CLOUDHSM` or `EXTERNAL_KEY_STORE`.
|
1946
|
+
# @return [String]
|
1947
|
+
#
|
1948
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeriveSharedSecretResponse AWS API Documentation
|
1949
|
+
#
|
1950
|
+
class DeriveSharedSecretResponse < Struct.new(
|
1951
|
+
:key_id,
|
1952
|
+
:shared_secret,
|
1953
|
+
:ciphertext_for_recipient,
|
1954
|
+
:key_agreement_algorithm,
|
1955
|
+
:key_origin)
|
1956
|
+
SENSITIVE = [:shared_secret]
|
1957
|
+
include Aws::Structure
|
1958
|
+
end
|
1959
|
+
|
1764
1960
|
# @!attribute [rw] custom_key_store_id
|
1765
1961
|
# Gets only information about the specified custom key store. Enter
|
1766
1962
|
# the key store ID.
|
@@ -2317,8 +2513,11 @@ module Aws::KMS
|
|
2317
2513
|
# `RSAES_OAEP_SHA_256`.
|
2318
2514
|
#
|
2319
2515
|
# This parameter only supports attestation documents for Amazon Web
|
2320
|
-
# Services Nitro Enclaves. To
|
2321
|
-
# Web Services Nitro Enclaves
|
2516
|
+
# Services Nitro Enclaves. To call DeriveSharedSecret for an Amazon
|
2517
|
+
# Web Services Nitro Enclaves, use the [Amazon Web Services Nitro
|
2518
|
+
# Enclaves SDK][2] to generate the attestation document and then use
|
2519
|
+
# the Recipient parameter from any Amazon Web Services SDK to provide
|
2520
|
+
# the attestation document for the enclave.
|
2322
2521
|
#
|
2323
2522
|
# When you use this parameter, instead of returning a plaintext copy
|
2324
2523
|
# of the private data key, KMS encrypts the plaintext private data key
|
@@ -3388,12 +3587,12 @@ module Aws::KMS
|
|
3388
3587
|
# @return [String]
|
3389
3588
|
#
|
3390
3589
|
# @!attribute [rw] key_usage
|
3391
|
-
# The permitted use of the public key. Valid values
|
3392
|
-
# `ENCRYPT_DECRYPT`
|
3590
|
+
# The permitted use of the public key. Valid values for asymmetric key
|
3591
|
+
# pairs are `ENCRYPT_DECRYPT`, `SIGN_VERIFY`, and `KEY_AGREEMENT`.
|
3393
3592
|
#
|
3394
|
-
# This information is critical.
|
3395
|
-
# usage encrypts data outside of KMS, the ciphertext
|
3396
|
-
# decrypted.
|
3593
|
+
# This information is critical. For example, if a public key with
|
3594
|
+
# `SIGN_VERIFY` key usage encrypts data outside of KMS, the ciphertext
|
3595
|
+
# cannot be decrypted.
|
3397
3596
|
# @return [String]
|
3398
3597
|
#
|
3399
3598
|
# @!attribute [rw] encryption_algorithms
|
@@ -3414,6 +3613,12 @@ module Aws::KMS
|
|
3414
3613
|
# public key is `SIGN_VERIFY`.
|
3415
3614
|
# @return [Array<String>]
|
3416
3615
|
#
|
3616
|
+
# @!attribute [rw] key_agreement_algorithms
|
3617
|
+
# The key agreement algorithm used to derive a shared secret. This
|
3618
|
+
# field is present only when the KMS key has a `KeyUsage` value of
|
3619
|
+
# `KEY_AGREEMENT`.
|
3620
|
+
# @return [Array<String>]
|
3621
|
+
#
|
3417
3622
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetPublicKeyResponse AWS API Documentation
|
3418
3623
|
#
|
3419
3624
|
class GetPublicKeyResponse < Struct.new(
|
@@ -3423,7 +3628,8 @@ module Aws::KMS
|
|
3423
3628
|
:key_spec,
|
3424
3629
|
:key_usage,
|
3425
3630
|
:encryption_algorithms,
|
3426
|
-
:signing_algorithms
|
3631
|
+
:signing_algorithms,
|
3632
|
+
:key_agreement_algorithms)
|
3427
3633
|
SENSITIVE = []
|
3428
3634
|
include Aws::Structure
|
3429
3635
|
end
|
@@ -3811,8 +4017,9 @@ module Aws::KMS
|
|
3811
4017
|
# the `KeyUsage` must be `ENCRYPT_DECRYPT`. For signing and verifying
|
3812
4018
|
# messages, the `KeyUsage` must be `SIGN_VERIFY`. For generating and
|
3813
4019
|
# verifying message authentication codes (MACs), the `KeyUsage` must be
|
3814
|
-
# `GENERATE_VERIFY_MAC`.
|
3815
|
-
#
|
4020
|
+
# `GENERATE_VERIFY_MAC`. For deriving key agreement secrets, the
|
4021
|
+
# `KeyUsage` must be `KEY_AGREEMENT`. To find the `KeyUsage` of a KMS
|
4022
|
+
# key, use the DescribeKey operation.
|
3816
4023
|
#
|
3817
4024
|
# To find the encryption or signing algorithms supported for a
|
3818
4025
|
# particular KMS key, use the DescribeKey operation.
|
@@ -4091,6 +4298,10 @@ module Aws::KMS
|
|
4091
4298
|
# `SIGN_VERIFY`.
|
4092
4299
|
# @return [Array<String>]
|
4093
4300
|
#
|
4301
|
+
# @!attribute [rw] key_agreement_algorithms
|
4302
|
+
# The key agreement algorithm used to derive a shared secret.
|
4303
|
+
# @return [Array<String>]
|
4304
|
+
#
|
4094
4305
|
# @!attribute [rw] multi_region
|
4095
4306
|
# Indicates whether the KMS key is a multi-Region (`True`) or regional
|
4096
4307
|
# (`False`) key. This value is `True` for multi-Region primary and
|
@@ -4184,6 +4395,7 @@ module Aws::KMS
|
|
4184
4395
|
:key_spec,
|
4185
4396
|
:encryption_algorithms,
|
4186
4397
|
:signing_algorithms,
|
4398
|
+
:key_agreement_algorithms,
|
4187
4399
|
:multi_region,
|
4188
4400
|
:multi_region_configuration,
|
4189
4401
|
:pending_deletion_window_in_days,
|
data/lib/aws-sdk-kms.rb
CHANGED
data/sig/client.rbs
CHANGED
@@ -48,8 +48,10 @@ module Aws
|
|
48
48
|
?sdk_ua_app_id: String,
|
49
49
|
?secret_access_key: String,
|
50
50
|
?session_token: String,
|
51
|
+
?sigv4a_signing_region_set: Array[String],
|
51
52
|
?simple_json: bool,
|
52
53
|
?stub_responses: untyped,
|
54
|
+
?telemetry_provider: Aws::Telemetry::TelemetryProviderBase,
|
53
55
|
?token_provider: untyped,
|
54
56
|
?use_dualstack_endpoint: bool,
|
55
57
|
?use_fips_endpoint: bool,
|
@@ -131,7 +133,7 @@ module Aws
|
|
131
133
|
key_id: ::String,
|
132
134
|
grantee_principal: ::String,
|
133
135
|
?retiring_principal: ::String,
|
134
|
-
operations: Array[("Decrypt" | "Encrypt" | "GenerateDataKey" | "GenerateDataKeyWithoutPlaintext" | "ReEncryptFrom" | "ReEncryptTo" | "Sign" | "Verify" | "GetPublicKey" | "CreateGrant" | "RetireGrant" | "DescribeKey" | "GenerateDataKeyPair" | "GenerateDataKeyPairWithoutPlaintext" | "GenerateMac" | "VerifyMac")],
|
136
|
+
operations: Array[("Decrypt" | "Encrypt" | "GenerateDataKey" | "GenerateDataKeyWithoutPlaintext" | "ReEncryptFrom" | "ReEncryptTo" | "Sign" | "Verify" | "GetPublicKey" | "CreateGrant" | "RetireGrant" | "DescribeKey" | "GenerateDataKeyPair" | "GenerateDataKeyPairWithoutPlaintext" | "GenerateMac" | "VerifyMac" | "DeriveSharedSecret")],
|
135
137
|
?constraints: {
|
136
138
|
encryption_context_subset: Hash[::String, ::String]?,
|
137
139
|
encryption_context_equals: Hash[::String, ::String]?
|
@@ -150,7 +152,7 @@ module Aws
|
|
150
152
|
def create_key: (
|
151
153
|
?policy: ::String,
|
152
154
|
?description: ::String,
|
153
|
-
?key_usage: ("SIGN_VERIFY" | "ENCRYPT_DECRYPT" | "GENERATE_VERIFY_MAC"),
|
155
|
+
?key_usage: ("SIGN_VERIFY" | "ENCRYPT_DECRYPT" | "GENERATE_VERIFY_MAC" | "KEY_AGREEMENT"),
|
154
156
|
?customer_master_key_spec: ("RSA_2048" | "RSA_3072" | "RSA_4096" | "ECC_NIST_P256" | "ECC_NIST_P384" | "ECC_NIST_P521" | "ECC_SECG_P256K1" | "SYMMETRIC_DEFAULT" | "HMAC_224" | "HMAC_256" | "HMAC_384" | "HMAC_512" | "SM2"),
|
155
157
|
?key_spec: ("RSA_2048" | "RSA_3072" | "RSA_4096" | "ECC_NIST_P256" | "ECC_NIST_P384" | "ECC_NIST_P521" | "ECC_SECG_P256K1" | "SYMMETRIC_DEFAULT" | "HMAC_224" | "HMAC_256" | "HMAC_384" | "HMAC_512" | "SM2"),
|
156
158
|
?origin: ("AWS_KMS" | "EXTERNAL" | "AWS_CLOUDHSM" | "EXTERNAL_KEY_STORE"),
|
@@ -210,6 +212,28 @@ module Aws
|
|
210
212
|
) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
|
211
213
|
| (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
|
212
214
|
|
215
|
+
interface _DeriveSharedSecretResponseSuccess
|
216
|
+
include ::Seahorse::Client::_ResponseSuccess[Types::DeriveSharedSecretResponse]
|
217
|
+
def key_id: () -> ::String
|
218
|
+
def shared_secret: () -> ::String
|
219
|
+
def ciphertext_for_recipient: () -> ::String
|
220
|
+
def key_agreement_algorithm: () -> ("ECDH")
|
221
|
+
def key_origin: () -> ("AWS_KMS" | "EXTERNAL" | "AWS_CLOUDHSM" | "EXTERNAL_KEY_STORE")
|
222
|
+
end
|
223
|
+
# https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/KMS/Client.html#derive_shared_secret-instance_method
|
224
|
+
def derive_shared_secret: (
|
225
|
+
key_id: ::String,
|
226
|
+
key_agreement_algorithm: ("ECDH"),
|
227
|
+
public_key: ::String,
|
228
|
+
?grant_tokens: Array[::String],
|
229
|
+
?dry_run: bool,
|
230
|
+
?recipient: {
|
231
|
+
key_encryption_algorithm: ("RSAES_OAEP_SHA_256")?,
|
232
|
+
attestation_document: ::String?
|
233
|
+
}
|
234
|
+
) -> _DeriveSharedSecretResponseSuccess
|
235
|
+
| (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _DeriveSharedSecretResponseSuccess
|
236
|
+
|
213
237
|
interface _DescribeCustomKeyStoresResponseSuccess
|
214
238
|
include ::Seahorse::Client::_ResponseSuccess[Types::DescribeCustomKeyStoresResponse]
|
215
239
|
def custom_key_stores: () -> ::Array[Types::CustomKeyStoresListEntry]
|
@@ -433,8 +457,8 @@ module Aws
|
|
433
457
|
# https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/KMS/Client.html#get_parameters_for_import-instance_method
|
434
458
|
def get_parameters_for_import: (
|
435
459
|
key_id: ::String,
|
436
|
-
wrapping_algorithm: ("RSAES_PKCS1_V1_5" | "RSAES_OAEP_SHA_1" | "RSAES_OAEP_SHA_256" | "RSA_AES_KEY_WRAP_SHA_1" | "RSA_AES_KEY_WRAP_SHA_256"),
|
437
|
-
wrapping_key_spec: ("RSA_2048" | "RSA_3072" | "RSA_4096")
|
460
|
+
wrapping_algorithm: ("RSAES_PKCS1_V1_5" | "RSAES_OAEP_SHA_1" | "RSAES_OAEP_SHA_256" | "RSA_AES_KEY_WRAP_SHA_1" | "RSA_AES_KEY_WRAP_SHA_256" | "SM2PKE"),
|
461
|
+
wrapping_key_spec: ("RSA_2048" | "RSA_3072" | "RSA_4096" | "SM2")
|
438
462
|
) -> _GetParametersForImportResponseSuccess
|
439
463
|
| (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetParametersForImportResponseSuccess
|
440
464
|
|
@@ -444,9 +468,10 @@ module Aws
|
|
444
468
|
def public_key: () -> ::String
|
445
469
|
def customer_master_key_spec: () -> ("RSA_2048" | "RSA_3072" | "RSA_4096" | "ECC_NIST_P256" | "ECC_NIST_P384" | "ECC_NIST_P521" | "ECC_SECG_P256K1" | "SYMMETRIC_DEFAULT" | "HMAC_224" | "HMAC_256" | "HMAC_384" | "HMAC_512" | "SM2")
|
446
470
|
def key_spec: () -> ("RSA_2048" | "RSA_3072" | "RSA_4096" | "ECC_NIST_P256" | "ECC_NIST_P384" | "ECC_NIST_P521" | "ECC_SECG_P256K1" | "SYMMETRIC_DEFAULT" | "HMAC_224" | "HMAC_256" | "HMAC_384" | "HMAC_512" | "SM2")
|
447
|
-
def key_usage: () -> ("SIGN_VERIFY" | "ENCRYPT_DECRYPT" | "GENERATE_VERIFY_MAC")
|
471
|
+
def key_usage: () -> ("SIGN_VERIFY" | "ENCRYPT_DECRYPT" | "GENERATE_VERIFY_MAC" | "KEY_AGREEMENT")
|
448
472
|
def encryption_algorithms: () -> ::Array[("SYMMETRIC_DEFAULT" | "RSAES_OAEP_SHA_1" | "RSAES_OAEP_SHA_256" | "SM2PKE")]
|
449
473
|
def signing_algorithms: () -> ::Array[("RSASSA_PSS_SHA_256" | "RSASSA_PSS_SHA_384" | "RSASSA_PSS_SHA_512" | "RSASSA_PKCS1_V1_5_SHA_256" | "RSASSA_PKCS1_V1_5_SHA_384" | "RSASSA_PKCS1_V1_5_SHA_512" | "ECDSA_SHA_256" | "ECDSA_SHA_384" | "ECDSA_SHA_512" | "SM2DSA")]
|
474
|
+
def key_agreement_algorithms: () -> ::Array[("ECDH")]
|
450
475
|
end
|
451
476
|
# https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/KMS/Client.html#get_public_key-instance_method
|
452
477
|
def get_public_key: (
|
data/sig/resource.rbs
CHANGED
@@ -48,8 +48,10 @@ module Aws
|
|
48
48
|
?sdk_ua_app_id: String,
|
49
49
|
?secret_access_key: String,
|
50
50
|
?session_token: String,
|
51
|
+
?sigv4a_signing_region_set: Array[String],
|
51
52
|
?simple_json: bool,
|
52
53
|
?stub_responses: untyped,
|
54
|
+
?telemetry_provider: Aws::Telemetry::TelemetryProviderBase,
|
53
55
|
?token_provider: untyped,
|
54
56
|
?use_dualstack_endpoint: bool,
|
55
57
|
?use_fips_endpoint: bool,
|
data/sig/types.rbs
CHANGED
@@ -99,7 +99,7 @@ module Aws::KMS
|
|
99
99
|
attr_accessor key_id: ::String
|
100
100
|
attr_accessor grantee_principal: ::String
|
101
101
|
attr_accessor retiring_principal: ::String
|
102
|
-
attr_accessor operations: ::Array[("Decrypt" | "Encrypt" | "GenerateDataKey" | "GenerateDataKeyWithoutPlaintext" | "ReEncryptFrom" | "ReEncryptTo" | "Sign" | "Verify" | "GetPublicKey" | "CreateGrant" | "RetireGrant" | "DescribeKey" | "GenerateDataKeyPair" | "GenerateDataKeyPairWithoutPlaintext" | "GenerateMac" | "VerifyMac")]
|
102
|
+
attr_accessor operations: ::Array[("Decrypt" | "Encrypt" | "GenerateDataKey" | "GenerateDataKeyWithoutPlaintext" | "ReEncryptFrom" | "ReEncryptTo" | "Sign" | "Verify" | "GetPublicKey" | "CreateGrant" | "RetireGrant" | "DescribeKey" | "GenerateDataKeyPair" | "GenerateDataKeyPairWithoutPlaintext" | "GenerateMac" | "VerifyMac" | "DeriveSharedSecret")]
|
103
103
|
attr_accessor constraints: Types::GrantConstraints
|
104
104
|
attr_accessor grant_tokens: ::Array[::String]
|
105
105
|
attr_accessor name: ::String
|
@@ -116,7 +116,7 @@ module Aws::KMS
|
|
116
116
|
class CreateKeyRequest
|
117
117
|
attr_accessor policy: ::String
|
118
118
|
attr_accessor description: ::String
|
119
|
-
attr_accessor key_usage: ("SIGN_VERIFY" | "ENCRYPT_DECRYPT" | "GENERATE_VERIFY_MAC")
|
119
|
+
attr_accessor key_usage: ("SIGN_VERIFY" | "ENCRYPT_DECRYPT" | "GENERATE_VERIFY_MAC" | "KEY_AGREEMENT")
|
120
120
|
attr_accessor customer_master_key_spec: ("RSA_2048" | "RSA_3072" | "RSA_4096" | "ECC_NIST_P256" | "ECC_NIST_P384" | "ECC_NIST_P521" | "ECC_SECG_P256K1" | "SYMMETRIC_DEFAULT" | "HMAC_224" | "HMAC_256" | "HMAC_384" | "HMAC_512" | "SM2")
|
121
121
|
attr_accessor key_spec: ("RSA_2048" | "RSA_3072" | "RSA_4096" | "ECC_NIST_P256" | "ECC_NIST_P384" | "ECC_NIST_P521" | "ECC_SECG_P256K1" | "SYMMETRIC_DEFAULT" | "HMAC_224" | "HMAC_256" | "HMAC_384" | "HMAC_512" | "SM2")
|
122
122
|
attr_accessor origin: ("AWS_KMS" | "EXTERNAL" | "AWS_CLOUDHSM" | "EXTERNAL_KEY_STORE")
|
@@ -208,6 +208,25 @@ module Aws::KMS
|
|
208
208
|
SENSITIVE: []
|
209
209
|
end
|
210
210
|
|
211
|
+
class DeriveSharedSecretRequest
|
212
|
+
attr_accessor key_id: ::String
|
213
|
+
attr_accessor key_agreement_algorithm: ("ECDH")
|
214
|
+
attr_accessor public_key: ::String
|
215
|
+
attr_accessor grant_tokens: ::Array[::String]
|
216
|
+
attr_accessor dry_run: bool
|
217
|
+
attr_accessor recipient: Types::RecipientInfo
|
218
|
+
SENSITIVE: []
|
219
|
+
end
|
220
|
+
|
221
|
+
class DeriveSharedSecretResponse
|
222
|
+
attr_accessor key_id: ::String
|
223
|
+
attr_accessor shared_secret: ::String
|
224
|
+
attr_accessor ciphertext_for_recipient: ::String
|
225
|
+
attr_accessor key_agreement_algorithm: ("ECDH")
|
226
|
+
attr_accessor key_origin: ("AWS_KMS" | "EXTERNAL" | "AWS_CLOUDHSM" | "EXTERNAL_KEY_STORE")
|
227
|
+
SENSITIVE: [:shared_secret]
|
228
|
+
end
|
229
|
+
|
211
230
|
class DescribeCustomKeyStoresRequest
|
212
231
|
attr_accessor custom_key_store_id: ::String
|
213
232
|
attr_accessor custom_key_store_name: ::String
|
@@ -424,8 +443,8 @@ module Aws::KMS
|
|
424
443
|
|
425
444
|
class GetParametersForImportRequest
|
426
445
|
attr_accessor key_id: ::String
|
427
|
-
attr_accessor wrapping_algorithm: ("RSAES_PKCS1_V1_5" | "RSAES_OAEP_SHA_1" | "RSAES_OAEP_SHA_256" | "RSA_AES_KEY_WRAP_SHA_1" | "RSA_AES_KEY_WRAP_SHA_256")
|
428
|
-
attr_accessor wrapping_key_spec: ("RSA_2048" | "RSA_3072" | "RSA_4096")
|
446
|
+
attr_accessor wrapping_algorithm: ("RSAES_PKCS1_V1_5" | "RSAES_OAEP_SHA_1" | "RSAES_OAEP_SHA_256" | "RSA_AES_KEY_WRAP_SHA_1" | "RSA_AES_KEY_WRAP_SHA_256" | "SM2PKE")
|
447
|
+
attr_accessor wrapping_key_spec: ("RSA_2048" | "RSA_3072" | "RSA_4096" | "SM2")
|
429
448
|
SENSITIVE: []
|
430
449
|
end
|
431
450
|
|
@@ -448,9 +467,10 @@ module Aws::KMS
|
|
448
467
|
attr_accessor public_key: ::String
|
449
468
|
attr_accessor customer_master_key_spec: ("RSA_2048" | "RSA_3072" | "RSA_4096" | "ECC_NIST_P256" | "ECC_NIST_P384" | "ECC_NIST_P521" | "ECC_SECG_P256K1" | "SYMMETRIC_DEFAULT" | "HMAC_224" | "HMAC_256" | "HMAC_384" | "HMAC_512" | "SM2")
|
450
469
|
attr_accessor key_spec: ("RSA_2048" | "RSA_3072" | "RSA_4096" | "ECC_NIST_P256" | "ECC_NIST_P384" | "ECC_NIST_P521" | "ECC_SECG_P256K1" | "SYMMETRIC_DEFAULT" | "HMAC_224" | "HMAC_256" | "HMAC_384" | "HMAC_512" | "SM2")
|
451
|
-
attr_accessor key_usage: ("SIGN_VERIFY" | "ENCRYPT_DECRYPT" | "GENERATE_VERIFY_MAC")
|
470
|
+
attr_accessor key_usage: ("SIGN_VERIFY" | "ENCRYPT_DECRYPT" | "GENERATE_VERIFY_MAC" | "KEY_AGREEMENT")
|
452
471
|
attr_accessor encryption_algorithms: ::Array[("SYMMETRIC_DEFAULT" | "RSAES_OAEP_SHA_1" | "RSAES_OAEP_SHA_256" | "SM2PKE")]
|
453
472
|
attr_accessor signing_algorithms: ::Array[("RSASSA_PSS_SHA_256" | "RSASSA_PSS_SHA_384" | "RSASSA_PSS_SHA_512" | "RSASSA_PKCS1_V1_5_SHA_256" | "RSASSA_PKCS1_V1_5_SHA_384" | "RSASSA_PKCS1_V1_5_SHA_512" | "ECDSA_SHA_256" | "ECDSA_SHA_384" | "ECDSA_SHA_512" | "SM2DSA")]
|
473
|
+
attr_accessor key_agreement_algorithms: ::Array[("ECDH")]
|
454
474
|
SENSITIVE: []
|
455
475
|
end
|
456
476
|
|
@@ -468,7 +488,7 @@ module Aws::KMS
|
|
468
488
|
attr_accessor grantee_principal: ::String
|
469
489
|
attr_accessor retiring_principal: ::String
|
470
490
|
attr_accessor issuing_account: ::String
|
471
|
-
attr_accessor operations: ::Array[("Decrypt" | "Encrypt" | "GenerateDataKey" | "GenerateDataKeyWithoutPlaintext" | "ReEncryptFrom" | "ReEncryptTo" | "Sign" | "Verify" | "GetPublicKey" | "CreateGrant" | "RetireGrant" | "DescribeKey" | "GenerateDataKeyPair" | "GenerateDataKeyPairWithoutPlaintext" | "GenerateMac" | "VerifyMac")]
|
491
|
+
attr_accessor operations: ::Array[("Decrypt" | "Encrypt" | "GenerateDataKey" | "GenerateDataKeyWithoutPlaintext" | "ReEncryptFrom" | "ReEncryptTo" | "Sign" | "Verify" | "GetPublicKey" | "CreateGrant" | "RetireGrant" | "DescribeKey" | "GenerateDataKeyPair" | "GenerateDataKeyPairWithoutPlaintext" | "GenerateMac" | "VerifyMac" | "DeriveSharedSecret")]
|
472
492
|
attr_accessor constraints: Types::GrantConstraints
|
473
493
|
SENSITIVE: []
|
474
494
|
end
|
@@ -573,7 +593,7 @@ module Aws::KMS
|
|
573
593
|
attr_accessor creation_date: ::Time
|
574
594
|
attr_accessor enabled: bool
|
575
595
|
attr_accessor description: ::String
|
576
|
-
attr_accessor key_usage: ("SIGN_VERIFY" | "ENCRYPT_DECRYPT" | "GENERATE_VERIFY_MAC")
|
596
|
+
attr_accessor key_usage: ("SIGN_VERIFY" | "ENCRYPT_DECRYPT" | "GENERATE_VERIFY_MAC" | "KEY_AGREEMENT")
|
577
597
|
attr_accessor key_state: ("Creating" | "Enabled" | "Disabled" | "PendingDeletion" | "PendingImport" | "PendingReplicaDeletion" | "Unavailable" | "Updating")
|
578
598
|
attr_accessor deletion_date: ::Time
|
579
599
|
attr_accessor valid_to: ::Time
|
@@ -586,6 +606,7 @@ module Aws::KMS
|
|
586
606
|
attr_accessor key_spec: ("RSA_2048" | "RSA_3072" | "RSA_4096" | "ECC_NIST_P256" | "ECC_NIST_P384" | "ECC_NIST_P521" | "ECC_SECG_P256K1" | "SYMMETRIC_DEFAULT" | "HMAC_224" | "HMAC_256" | "HMAC_384" | "HMAC_512" | "SM2")
|
587
607
|
attr_accessor encryption_algorithms: ::Array[("SYMMETRIC_DEFAULT" | "RSAES_OAEP_SHA_1" | "RSAES_OAEP_SHA_256" | "SM2PKE")]
|
588
608
|
attr_accessor signing_algorithms: ::Array[("RSASSA_PSS_SHA_256" | "RSASSA_PSS_SHA_384" | "RSASSA_PSS_SHA_512" | "RSASSA_PKCS1_V1_5_SHA_256" | "RSASSA_PKCS1_V1_5_SHA_384" | "RSASSA_PKCS1_V1_5_SHA_512" | "ECDSA_SHA_256" | "ECDSA_SHA_384" | "ECDSA_SHA_512" | "SM2DSA")]
|
609
|
+
attr_accessor key_agreement_algorithms: ::Array[("ECDH")]
|
589
610
|
attr_accessor multi_region: bool
|
590
611
|
attr_accessor multi_region_configuration: Types::MultiRegionConfiguration
|
591
612
|
attr_accessor pending_deletion_window_in_days: ::Integer
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-kms
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.91.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-09-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|
@@ -19,7 +19,7 @@ dependencies:
|
|
19
19
|
version: '3'
|
20
20
|
- - ">="
|
21
21
|
- !ruby/object:Gem::Version
|
22
|
-
version: 3.
|
22
|
+
version: 3.205.0
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -29,21 +29,21 @@ dependencies:
|
|
29
29
|
version: '3'
|
30
30
|
- - ">="
|
31
31
|
- !ruby/object:Gem::Version
|
32
|
-
version: 3.
|
32
|
+
version: 3.205.0
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
34
|
name: aws-sigv4
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|
36
36
|
requirements:
|
37
37
|
- - "~>"
|
38
38
|
- !ruby/object:Gem::Version
|
39
|
-
version: '1.
|
39
|
+
version: '1.5'
|
40
40
|
type: :runtime
|
41
41
|
prerelease: false
|
42
42
|
version_requirements: !ruby/object:Gem::Requirement
|
43
43
|
requirements:
|
44
44
|
- - "~>"
|
45
45
|
- !ruby/object:Gem::Version
|
46
|
-
version: '1.
|
46
|
+
version: '1.5'
|
47
47
|
description: Official AWS Ruby gem for AWS Key Management Service (KMS). This gem
|
48
48
|
is part of the AWS SDK for Ruby.
|
49
49
|
email:
|