aws-sdk-kms 1.79.0 → 1.91.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -40,11 +40,20 @@ module Aws::KMS
40
40
  context[:auth_scheme] =
41
41
  Aws::Endpoints.resolve_auth_scheme(context, endpoint)
42
42
 
43
- @handler.call(context)
43
+ with_metrics(context) { @handler.call(context) }
44
44
  end
45
45
 
46
46
  private
47
47
 
48
+ def with_metrics(context, &block)
49
+ metrics = []
50
+ metrics << 'ENDPOINT_OVERRIDE' unless context.config.regional_endpoint
51
+ if context[:auth_scheme] && context[:auth_scheme]['name'] == 'sigv4a'
52
+ metrics << 'SIGV4A_SIGNING'
53
+ end
54
+ Aws::Plugins::UserAgent.metric(*metrics, &block)
55
+ end
56
+
48
57
  def apply_endpoint_headers(context, headers)
49
58
  headers.each do |key, values|
50
59
  value = values
@@ -78,6 +87,8 @@ module Aws::KMS
78
87
  Aws::KMS::Endpoints::DeleteCustomKeyStore.build(context)
79
88
  when :delete_imported_key_material
80
89
  Aws::KMS::Endpoints::DeleteImportedKeyMaterial.build(context)
90
+ when :derive_shared_secret
91
+ Aws::KMS::Endpoints::DeriveSharedSecret.build(context)
81
92
  when :describe_custom_key_stores
82
93
  Aws::KMS::Endpoints::DescribeCustomKeyStores.build(context)
83
94
  when :describe_key
@@ -841,14 +841,17 @@ module Aws::KMS
841
841
  #
842
842
  # * For HMAC KMS keys (symmetric), specify `GENERATE_VERIFY_MAC`.
843
843
  #
844
- # * For asymmetric KMS keys with RSA key material, specify
844
+ # * For asymmetric KMS keys with RSA key pairs, specify
845
845
  # `ENCRYPT_DECRYPT` or `SIGN_VERIFY`.
846
846
  #
847
- # * For asymmetric KMS keys with ECC key material, specify
847
+ # * For asymmetric KMS keys with NIST-recommended elliptic curve key
848
+ # pairs, specify `SIGN_VERIFY` or `KEY_AGREEMENT`.
849
+ #
850
+ # * For asymmetric KMS keys with `ECC_SECG_P256K1` key pairs specify
848
851
  # `SIGN_VERIFY`.
849
852
  #
850
- # * For asymmetric KMS keys with SM2 key material (China Regions
851
- # only), specify `ENCRYPT_DECRYPT` or `SIGN_VERIFY`.
853
+ # * For asymmetric KMS keys with SM2 key pairs (China Regions only),
854
+ # specify `ENCRYPT_DECRYPT`, `SIGN_VERIFY`, or `KEY_AGREEMENT`.
852
855
  #
853
856
  #
854
857
  #
@@ -904,7 +907,8 @@ module Aws::KMS
904
907
  #
905
908
  # * `HMAC_512`
906
909
  #
907
- # * Asymmetric RSA key pairs
910
+ # * Asymmetric RSA key pairs (encryption and decryption -or- signing
911
+ # and verification)
908
912
  #
909
913
  # * `RSA_2048`
910
914
  #
@@ -912,7 +916,8 @@ module Aws::KMS
912
916
  #
913
917
  # * `RSA_4096`
914
918
  #
915
- # * Asymmetric NIST-recommended elliptic curve key pairs
919
+ # * Asymmetric NIST-recommended elliptic curve key pairs (signing and
920
+ # verification -or- deriving shared secrets)
916
921
  #
917
922
  # * `ECC_NIST_P256` (secp256r1)
918
923
  #
@@ -920,16 +925,18 @@ module Aws::KMS
920
925
  #
921
926
  # * `ECC_NIST_P521` (secp521r1)
922
927
  #
923
- # * Other asymmetric elliptic curve key pairs
928
+ # * Other asymmetric elliptic curve key pairs (signing and
929
+ # verification)
924
930
  #
925
931
  # * `ECC_SECG_P256K1` (secp256k1), commonly used for
926
932
  # cryptocurrencies.
927
933
  #
928
934
  # ^
929
935
  #
930
- # * SM2 key pairs (China Regions only)
936
+ # * SM2 key pairs (encryption and decryption -or- signing and
937
+ # verification -or- deriving shared secrets)
931
938
  #
932
- # * `SM2`
939
+ # * `SM2` (China Regions only)
933
940
  #
934
941
  # ^
935
942
  #
@@ -1761,6 +1768,195 @@ module Aws::KMS
1761
1768
  include Aws::Structure
1762
1769
  end
1763
1770
 
1771
+ # @!attribute [rw] key_id
1772
+ # Identifies an asymmetric NIST-recommended ECC or SM2 (China Regions
1773
+ # only) KMS key. KMS uses the private key in the specified key pair to
1774
+ # derive the shared secret. The key usage of the KMS key must be
1775
+ # `KEY_AGREEMENT`. To find the `KeyUsage` of a KMS key, use the
1776
+ # DescribeKey operation.
1777
+ #
1778
+ # To specify a KMS key, use its key ID, key ARN, alias name, or alias
1779
+ # ARN. When using an alias name, prefix it with `"alias/"`. To specify
1780
+ # a KMS key in a different Amazon Web Services account, you must use
1781
+ # the key ARN or alias ARN.
1782
+ #
1783
+ # For example:
1784
+ #
1785
+ # * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
1786
+ #
1787
+ # * Key ARN:
1788
+ # `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
1789
+ #
1790
+ # * Alias name: `alias/ExampleAlias`
1791
+ #
1792
+ # * Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`
1793
+ #
1794
+ # To get the key ID and key ARN for a KMS key, use ListKeys or
1795
+ # DescribeKey. To get the alias name and alias ARN, use ListAliases.
1796
+ # @return [String]
1797
+ #
1798
+ # @!attribute [rw] key_agreement_algorithm
1799
+ # Specifies the key agreement algorithm used to derive the shared
1800
+ # secret. The only valid value is `ECDH`.
1801
+ # @return [String]
1802
+ #
1803
+ # @!attribute [rw] public_key
1804
+ # Specifies the public key in your peer's NIST-recommended elliptic
1805
+ # curve (ECC) or SM2 (China Regions only) key pair.
1806
+ #
1807
+ # The public key must be a DER-encoded X.509 public key, also known as
1808
+ # `SubjectPublicKeyInfo` (SPKI), as defined in [RFC 5280][1].
1809
+ #
1810
+ # GetPublicKey returns the public key of an asymmetric KMS key pair in
1811
+ # the required DER-encoded format.
1812
+ #
1813
+ # <note markdown="1"> If you use [Amazon Web Services CLI version 1][2], you must provide
1814
+ # the DER-encoded X.509 public key in a file. Otherwise, the Amazon
1815
+ # Web Services CLI Base64-encodes the public key a second time,
1816
+ # resulting in a `ValidationException`.
1817
+ #
1818
+ # </note>
1819
+ #
1820
+ # You can specify the public key as binary data in a file using fileb
1821
+ # (`fileb://<path-to-file>`) or in-line using a Base64 encoded string.
1822
+ #
1823
+ #
1824
+ #
1825
+ # [1]: https://tools.ietf.org/html/rfc5280
1826
+ # [2]: https://docs.aws.amazon.com/cli/v1/userguide/cli-chap-welcome.html
1827
+ # @return [String]
1828
+ #
1829
+ # @!attribute [rw] grant_tokens
1830
+ # A list of grant tokens.
1831
+ #
1832
+ # Use a grant token when your permission to call this operation comes
1833
+ # from a new grant that has not yet achieved *eventual consistency*.
1834
+ # For more information, see [Grant token][1] and [Using a grant
1835
+ # token][2] in the *Key Management Service Developer Guide*.
1836
+ #
1837
+ #
1838
+ #
1839
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token
1840
+ # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token
1841
+ # @return [Array<String>]
1842
+ #
1843
+ # @!attribute [rw] dry_run
1844
+ # Checks if your request will succeed. `DryRun` is an optional
1845
+ # parameter.
1846
+ #
1847
+ # To learn more about how to use this parameter, see [Testing your KMS
1848
+ # API calls][1] in the *Key Management Service Developer Guide*.
1849
+ #
1850
+ #
1851
+ #
1852
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html
1853
+ # @return [Boolean]
1854
+ #
1855
+ # @!attribute [rw] recipient
1856
+ # A signed [attestation document][1] from an Amazon Web Services Nitro
1857
+ # enclave and the encryption algorithm to use with the enclave's
1858
+ # public key. The only valid encryption algorithm is
1859
+ # `RSAES_OAEP_SHA_256`.
1860
+ #
1861
+ # This parameter only supports attestation documents for Amazon Web
1862
+ # Services Nitro Enclaves. To call DeriveSharedSecret for an Amazon
1863
+ # Web Services Nitro Enclaves, use the [Amazon Web Services Nitro
1864
+ # Enclaves SDK][2] to generate the attestation document and then use
1865
+ # the Recipient parameter from any Amazon Web Services SDK to provide
1866
+ # the attestation document for the enclave.
1867
+ #
1868
+ # When you use this parameter, instead of returning a plaintext copy
1869
+ # of the shared secret, KMS encrypts the plaintext shared secret under
1870
+ # the public key in the attestation document, and returns the
1871
+ # resulting ciphertext in the `CiphertextForRecipient` field in the
1872
+ # response. This ciphertext can be decrypted only with the private key
1873
+ # in the enclave. The `CiphertextBlob` field in the response contains
1874
+ # the encrypted shared secret derived from the KMS key specified by
1875
+ # the `KeyId` parameter and public key specified by the `PublicKey`
1876
+ # parameter. The `SharedSecret` field in the response is null or
1877
+ # empty.
1878
+ #
1879
+ # For information about the interaction between KMS and Amazon Web
1880
+ # Services Nitro Enclaves, see [How Amazon Web Services Nitro Enclaves
1881
+ # uses KMS][3] in the *Key Management Service Developer Guide*.
1882
+ #
1883
+ #
1884
+ #
1885
+ # [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc
1886
+ # [2]: https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk
1887
+ # [3]: https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html
1888
+ # @return [Types::RecipientInfo]
1889
+ #
1890
+ # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeriveSharedSecretRequest AWS API Documentation
1891
+ #
1892
+ class DeriveSharedSecretRequest < Struct.new(
1893
+ :key_id,
1894
+ :key_agreement_algorithm,
1895
+ :public_key,
1896
+ :grant_tokens,
1897
+ :dry_run,
1898
+ :recipient)
1899
+ SENSITIVE = []
1900
+ include Aws::Structure
1901
+ end
1902
+
1903
+ # @!attribute [rw] key_id
1904
+ # Identifies the KMS key used to derive the shared secret.
1905
+ # @return [String]
1906
+ #
1907
+ # @!attribute [rw] shared_secret
1908
+ # The raw secret derived from the specified key agreement algorithm,
1909
+ # private key in the asymmetric KMS key, and your peer's public key.
1910
+ #
1911
+ # If the response includes the `CiphertextForRecipient` field, the
1912
+ # `SharedSecret` field is null or empty.
1913
+ # @return [String]
1914
+ #
1915
+ # @!attribute [rw] ciphertext_for_recipient
1916
+ # The plaintext shared secret encrypted with the public key in the
1917
+ # attestation document.
1918
+ #
1919
+ # This field is included in the response only when the `Recipient`
1920
+ # parameter in the request includes a valid attestation document from
1921
+ # an Amazon Web Services Nitro enclave. For information about the
1922
+ # interaction between KMS and Amazon Web Services Nitro Enclaves, see
1923
+ # [How Amazon Web Services Nitro Enclaves uses KMS][1] in the *Key
1924
+ # Management Service Developer Guide*.
1925
+ #
1926
+ #
1927
+ #
1928
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html
1929
+ # @return [String]
1930
+ #
1931
+ # @!attribute [rw] key_agreement_algorithm
1932
+ # Identifies the key agreement algorithm used to derive the shared
1933
+ # secret.
1934
+ # @return [String]
1935
+ #
1936
+ # @!attribute [rw] key_origin
1937
+ # The source of the key material for the specified KMS key.
1938
+ #
1939
+ # When this value is `AWS_KMS`, KMS created the key material. When
1940
+ # this value is `EXTERNAL`, the key material was imported or the KMS
1941
+ # key doesn't have any key material.
1942
+ #
1943
+ # The only valid values for DeriveSharedSecret are `AWS_KMS` and
1944
+ # `EXTERNAL`. DeriveSharedSecret does not support KMS keys with a
1945
+ # `KeyOrigin` value of `AWS_CLOUDHSM` or `EXTERNAL_KEY_STORE`.
1946
+ # @return [String]
1947
+ #
1948
+ # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeriveSharedSecretResponse AWS API Documentation
1949
+ #
1950
+ class DeriveSharedSecretResponse < Struct.new(
1951
+ :key_id,
1952
+ :shared_secret,
1953
+ :ciphertext_for_recipient,
1954
+ :key_agreement_algorithm,
1955
+ :key_origin)
1956
+ SENSITIVE = [:shared_secret]
1957
+ include Aws::Structure
1958
+ end
1959
+
1764
1960
  # @!attribute [rw] custom_key_store_id
1765
1961
  # Gets only information about the specified custom key store. Enter
1766
1962
  # the key store ID.
@@ -2317,8 +2513,11 @@ module Aws::KMS
2317
2513
  # `RSAES_OAEP_SHA_256`.
2318
2514
  #
2319
2515
  # This parameter only supports attestation documents for Amazon Web
2320
- # Services Nitro Enclaves. To include this parameter, use the [Amazon
2321
- # Web Services Nitro Enclaves SDK][2] or any Amazon Web Services SDK.
2516
+ # Services Nitro Enclaves. To call DeriveSharedSecret for an Amazon
2517
+ # Web Services Nitro Enclaves, use the [Amazon Web Services Nitro
2518
+ # Enclaves SDK][2] to generate the attestation document and then use
2519
+ # the Recipient parameter from any Amazon Web Services SDK to provide
2520
+ # the attestation document for the enclave.
2322
2521
  #
2323
2522
  # When you use this parameter, instead of returning a plaintext copy
2324
2523
  # of the private data key, KMS encrypts the plaintext private data key
@@ -3388,12 +3587,12 @@ module Aws::KMS
3388
3587
  # @return [String]
3389
3588
  #
3390
3589
  # @!attribute [rw] key_usage
3391
- # The permitted use of the public key. Valid values are
3392
- # `ENCRYPT_DECRYPT` or `SIGN_VERIFY`.
3590
+ # The permitted use of the public key. Valid values for asymmetric key
3591
+ # pairs are `ENCRYPT_DECRYPT`, `SIGN_VERIFY`, and `KEY_AGREEMENT`.
3393
3592
  #
3394
- # This information is critical. If a public key with `SIGN_VERIFY` key
3395
- # usage encrypts data outside of KMS, the ciphertext cannot be
3396
- # decrypted.
3593
+ # This information is critical. For example, if a public key with
3594
+ # `SIGN_VERIFY` key usage encrypts data outside of KMS, the ciphertext
3595
+ # cannot be decrypted.
3397
3596
  # @return [String]
3398
3597
  #
3399
3598
  # @!attribute [rw] encryption_algorithms
@@ -3414,6 +3613,12 @@ module Aws::KMS
3414
3613
  # public key is `SIGN_VERIFY`.
3415
3614
  # @return [Array<String>]
3416
3615
  #
3616
+ # @!attribute [rw] key_agreement_algorithms
3617
+ # The key agreement algorithm used to derive a shared secret. This
3618
+ # field is present only when the KMS key has a `KeyUsage` value of
3619
+ # `KEY_AGREEMENT`.
3620
+ # @return [Array<String>]
3621
+ #
3417
3622
  # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetPublicKeyResponse AWS API Documentation
3418
3623
  #
3419
3624
  class GetPublicKeyResponse < Struct.new(
@@ -3423,7 +3628,8 @@ module Aws::KMS
3423
3628
  :key_spec,
3424
3629
  :key_usage,
3425
3630
  :encryption_algorithms,
3426
- :signing_algorithms)
3631
+ :signing_algorithms,
3632
+ :key_agreement_algorithms)
3427
3633
  SENSITIVE = []
3428
3634
  include Aws::Structure
3429
3635
  end
@@ -3811,8 +4017,9 @@ module Aws::KMS
3811
4017
  # the `KeyUsage` must be `ENCRYPT_DECRYPT`. For signing and verifying
3812
4018
  # messages, the `KeyUsage` must be `SIGN_VERIFY`. For generating and
3813
4019
  # verifying message authentication codes (MACs), the `KeyUsage` must be
3814
- # `GENERATE_VERIFY_MAC`. To find the `KeyUsage` of a KMS key, use the
3815
- # DescribeKey operation.
4020
+ # `GENERATE_VERIFY_MAC`. For deriving key agreement secrets, the
4021
+ # `KeyUsage` must be `KEY_AGREEMENT`. To find the `KeyUsage` of a KMS
4022
+ # key, use the DescribeKey operation.
3816
4023
  #
3817
4024
  # To find the encryption or signing algorithms supported for a
3818
4025
  # particular KMS key, use the DescribeKey operation.
@@ -4091,6 +4298,10 @@ module Aws::KMS
4091
4298
  # `SIGN_VERIFY`.
4092
4299
  # @return [Array<String>]
4093
4300
  #
4301
+ # @!attribute [rw] key_agreement_algorithms
4302
+ # The key agreement algorithm used to derive a shared secret.
4303
+ # @return [Array<String>]
4304
+ #
4094
4305
  # @!attribute [rw] multi_region
4095
4306
  # Indicates whether the KMS key is a multi-Region (`True`) or regional
4096
4307
  # (`False`) key. This value is `True` for multi-Region primary and
@@ -4184,6 +4395,7 @@ module Aws::KMS
4184
4395
  :key_spec,
4185
4396
  :encryption_algorithms,
4186
4397
  :signing_algorithms,
4398
+ :key_agreement_algorithms,
4187
4399
  :multi_region,
4188
4400
  :multi_region_configuration,
4189
4401
  :pending_deletion_window_in_days,
data/lib/aws-sdk-kms.rb CHANGED
@@ -52,6 +52,6 @@ require_relative 'aws-sdk-kms/customizations'
52
52
  # @!group service
53
53
  module Aws::KMS
54
54
 
55
- GEM_VERSION = '1.79.0'
55
+ GEM_VERSION = '1.91.0'
56
56
 
57
57
  end
data/sig/client.rbs CHANGED
@@ -48,8 +48,10 @@ module Aws
48
48
  ?sdk_ua_app_id: String,
49
49
  ?secret_access_key: String,
50
50
  ?session_token: String,
51
+ ?sigv4a_signing_region_set: Array[String],
51
52
  ?simple_json: bool,
52
53
  ?stub_responses: untyped,
54
+ ?telemetry_provider: Aws::Telemetry::TelemetryProviderBase,
53
55
  ?token_provider: untyped,
54
56
  ?use_dualstack_endpoint: bool,
55
57
  ?use_fips_endpoint: bool,
@@ -131,7 +133,7 @@ module Aws
131
133
  key_id: ::String,
132
134
  grantee_principal: ::String,
133
135
  ?retiring_principal: ::String,
134
- operations: Array[("Decrypt" | "Encrypt" | "GenerateDataKey" | "GenerateDataKeyWithoutPlaintext" | "ReEncryptFrom" | "ReEncryptTo" | "Sign" | "Verify" | "GetPublicKey" | "CreateGrant" | "RetireGrant" | "DescribeKey" | "GenerateDataKeyPair" | "GenerateDataKeyPairWithoutPlaintext" | "GenerateMac" | "VerifyMac")],
136
+ operations: Array[("Decrypt" | "Encrypt" | "GenerateDataKey" | "GenerateDataKeyWithoutPlaintext" | "ReEncryptFrom" | "ReEncryptTo" | "Sign" | "Verify" | "GetPublicKey" | "CreateGrant" | "RetireGrant" | "DescribeKey" | "GenerateDataKeyPair" | "GenerateDataKeyPairWithoutPlaintext" | "GenerateMac" | "VerifyMac" | "DeriveSharedSecret")],
135
137
  ?constraints: {
136
138
  encryption_context_subset: Hash[::String, ::String]?,
137
139
  encryption_context_equals: Hash[::String, ::String]?
@@ -150,7 +152,7 @@ module Aws
150
152
  def create_key: (
151
153
  ?policy: ::String,
152
154
  ?description: ::String,
153
- ?key_usage: ("SIGN_VERIFY" | "ENCRYPT_DECRYPT" | "GENERATE_VERIFY_MAC"),
155
+ ?key_usage: ("SIGN_VERIFY" | "ENCRYPT_DECRYPT" | "GENERATE_VERIFY_MAC" | "KEY_AGREEMENT"),
154
156
  ?customer_master_key_spec: ("RSA_2048" | "RSA_3072" | "RSA_4096" | "ECC_NIST_P256" | "ECC_NIST_P384" | "ECC_NIST_P521" | "ECC_SECG_P256K1" | "SYMMETRIC_DEFAULT" | "HMAC_224" | "HMAC_256" | "HMAC_384" | "HMAC_512" | "SM2"),
155
157
  ?key_spec: ("RSA_2048" | "RSA_3072" | "RSA_4096" | "ECC_NIST_P256" | "ECC_NIST_P384" | "ECC_NIST_P521" | "ECC_SECG_P256K1" | "SYMMETRIC_DEFAULT" | "HMAC_224" | "HMAC_256" | "HMAC_384" | "HMAC_512" | "SM2"),
156
158
  ?origin: ("AWS_KMS" | "EXTERNAL" | "AWS_CLOUDHSM" | "EXTERNAL_KEY_STORE"),
@@ -210,6 +212,28 @@ module Aws
210
212
  ) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
211
213
  | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
212
214
 
215
+ interface _DeriveSharedSecretResponseSuccess
216
+ include ::Seahorse::Client::_ResponseSuccess[Types::DeriveSharedSecretResponse]
217
+ def key_id: () -> ::String
218
+ def shared_secret: () -> ::String
219
+ def ciphertext_for_recipient: () -> ::String
220
+ def key_agreement_algorithm: () -> ("ECDH")
221
+ def key_origin: () -> ("AWS_KMS" | "EXTERNAL" | "AWS_CLOUDHSM" | "EXTERNAL_KEY_STORE")
222
+ end
223
+ # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/KMS/Client.html#derive_shared_secret-instance_method
224
+ def derive_shared_secret: (
225
+ key_id: ::String,
226
+ key_agreement_algorithm: ("ECDH"),
227
+ public_key: ::String,
228
+ ?grant_tokens: Array[::String],
229
+ ?dry_run: bool,
230
+ ?recipient: {
231
+ key_encryption_algorithm: ("RSAES_OAEP_SHA_256")?,
232
+ attestation_document: ::String?
233
+ }
234
+ ) -> _DeriveSharedSecretResponseSuccess
235
+ | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _DeriveSharedSecretResponseSuccess
236
+
213
237
  interface _DescribeCustomKeyStoresResponseSuccess
214
238
  include ::Seahorse::Client::_ResponseSuccess[Types::DescribeCustomKeyStoresResponse]
215
239
  def custom_key_stores: () -> ::Array[Types::CustomKeyStoresListEntry]
@@ -433,8 +457,8 @@ module Aws
433
457
  # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/KMS/Client.html#get_parameters_for_import-instance_method
434
458
  def get_parameters_for_import: (
435
459
  key_id: ::String,
436
- wrapping_algorithm: ("RSAES_PKCS1_V1_5" | "RSAES_OAEP_SHA_1" | "RSAES_OAEP_SHA_256" | "RSA_AES_KEY_WRAP_SHA_1" | "RSA_AES_KEY_WRAP_SHA_256"),
437
- wrapping_key_spec: ("RSA_2048" | "RSA_3072" | "RSA_4096")
460
+ wrapping_algorithm: ("RSAES_PKCS1_V1_5" | "RSAES_OAEP_SHA_1" | "RSAES_OAEP_SHA_256" | "RSA_AES_KEY_WRAP_SHA_1" | "RSA_AES_KEY_WRAP_SHA_256" | "SM2PKE"),
461
+ wrapping_key_spec: ("RSA_2048" | "RSA_3072" | "RSA_4096" | "SM2")
438
462
  ) -> _GetParametersForImportResponseSuccess
439
463
  | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetParametersForImportResponseSuccess
440
464
 
@@ -444,9 +468,10 @@ module Aws
444
468
  def public_key: () -> ::String
445
469
  def customer_master_key_spec: () -> ("RSA_2048" | "RSA_3072" | "RSA_4096" | "ECC_NIST_P256" | "ECC_NIST_P384" | "ECC_NIST_P521" | "ECC_SECG_P256K1" | "SYMMETRIC_DEFAULT" | "HMAC_224" | "HMAC_256" | "HMAC_384" | "HMAC_512" | "SM2")
446
470
  def key_spec: () -> ("RSA_2048" | "RSA_3072" | "RSA_4096" | "ECC_NIST_P256" | "ECC_NIST_P384" | "ECC_NIST_P521" | "ECC_SECG_P256K1" | "SYMMETRIC_DEFAULT" | "HMAC_224" | "HMAC_256" | "HMAC_384" | "HMAC_512" | "SM2")
447
- def key_usage: () -> ("SIGN_VERIFY" | "ENCRYPT_DECRYPT" | "GENERATE_VERIFY_MAC")
471
+ def key_usage: () -> ("SIGN_VERIFY" | "ENCRYPT_DECRYPT" | "GENERATE_VERIFY_MAC" | "KEY_AGREEMENT")
448
472
  def encryption_algorithms: () -> ::Array[("SYMMETRIC_DEFAULT" | "RSAES_OAEP_SHA_1" | "RSAES_OAEP_SHA_256" | "SM2PKE")]
449
473
  def signing_algorithms: () -> ::Array[("RSASSA_PSS_SHA_256" | "RSASSA_PSS_SHA_384" | "RSASSA_PSS_SHA_512" | "RSASSA_PKCS1_V1_5_SHA_256" | "RSASSA_PKCS1_V1_5_SHA_384" | "RSASSA_PKCS1_V1_5_SHA_512" | "ECDSA_SHA_256" | "ECDSA_SHA_384" | "ECDSA_SHA_512" | "SM2DSA")]
474
+ def key_agreement_algorithms: () -> ::Array[("ECDH")]
450
475
  end
451
476
  # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/KMS/Client.html#get_public_key-instance_method
452
477
  def get_public_key: (
data/sig/resource.rbs CHANGED
@@ -48,8 +48,10 @@ module Aws
48
48
  ?sdk_ua_app_id: String,
49
49
  ?secret_access_key: String,
50
50
  ?session_token: String,
51
+ ?sigv4a_signing_region_set: Array[String],
51
52
  ?simple_json: bool,
52
53
  ?stub_responses: untyped,
54
+ ?telemetry_provider: Aws::Telemetry::TelemetryProviderBase,
53
55
  ?token_provider: untyped,
54
56
  ?use_dualstack_endpoint: bool,
55
57
  ?use_fips_endpoint: bool,
data/sig/types.rbs CHANGED
@@ -99,7 +99,7 @@ module Aws::KMS
99
99
  attr_accessor key_id: ::String
100
100
  attr_accessor grantee_principal: ::String
101
101
  attr_accessor retiring_principal: ::String
102
- attr_accessor operations: ::Array[("Decrypt" | "Encrypt" | "GenerateDataKey" | "GenerateDataKeyWithoutPlaintext" | "ReEncryptFrom" | "ReEncryptTo" | "Sign" | "Verify" | "GetPublicKey" | "CreateGrant" | "RetireGrant" | "DescribeKey" | "GenerateDataKeyPair" | "GenerateDataKeyPairWithoutPlaintext" | "GenerateMac" | "VerifyMac")]
102
+ attr_accessor operations: ::Array[("Decrypt" | "Encrypt" | "GenerateDataKey" | "GenerateDataKeyWithoutPlaintext" | "ReEncryptFrom" | "ReEncryptTo" | "Sign" | "Verify" | "GetPublicKey" | "CreateGrant" | "RetireGrant" | "DescribeKey" | "GenerateDataKeyPair" | "GenerateDataKeyPairWithoutPlaintext" | "GenerateMac" | "VerifyMac" | "DeriveSharedSecret")]
103
103
  attr_accessor constraints: Types::GrantConstraints
104
104
  attr_accessor grant_tokens: ::Array[::String]
105
105
  attr_accessor name: ::String
@@ -116,7 +116,7 @@ module Aws::KMS
116
116
  class CreateKeyRequest
117
117
  attr_accessor policy: ::String
118
118
  attr_accessor description: ::String
119
- attr_accessor key_usage: ("SIGN_VERIFY" | "ENCRYPT_DECRYPT" | "GENERATE_VERIFY_MAC")
119
+ attr_accessor key_usage: ("SIGN_VERIFY" | "ENCRYPT_DECRYPT" | "GENERATE_VERIFY_MAC" | "KEY_AGREEMENT")
120
120
  attr_accessor customer_master_key_spec: ("RSA_2048" | "RSA_3072" | "RSA_4096" | "ECC_NIST_P256" | "ECC_NIST_P384" | "ECC_NIST_P521" | "ECC_SECG_P256K1" | "SYMMETRIC_DEFAULT" | "HMAC_224" | "HMAC_256" | "HMAC_384" | "HMAC_512" | "SM2")
121
121
  attr_accessor key_spec: ("RSA_2048" | "RSA_3072" | "RSA_4096" | "ECC_NIST_P256" | "ECC_NIST_P384" | "ECC_NIST_P521" | "ECC_SECG_P256K1" | "SYMMETRIC_DEFAULT" | "HMAC_224" | "HMAC_256" | "HMAC_384" | "HMAC_512" | "SM2")
122
122
  attr_accessor origin: ("AWS_KMS" | "EXTERNAL" | "AWS_CLOUDHSM" | "EXTERNAL_KEY_STORE")
@@ -208,6 +208,25 @@ module Aws::KMS
208
208
  SENSITIVE: []
209
209
  end
210
210
 
211
+ class DeriveSharedSecretRequest
212
+ attr_accessor key_id: ::String
213
+ attr_accessor key_agreement_algorithm: ("ECDH")
214
+ attr_accessor public_key: ::String
215
+ attr_accessor grant_tokens: ::Array[::String]
216
+ attr_accessor dry_run: bool
217
+ attr_accessor recipient: Types::RecipientInfo
218
+ SENSITIVE: []
219
+ end
220
+
221
+ class DeriveSharedSecretResponse
222
+ attr_accessor key_id: ::String
223
+ attr_accessor shared_secret: ::String
224
+ attr_accessor ciphertext_for_recipient: ::String
225
+ attr_accessor key_agreement_algorithm: ("ECDH")
226
+ attr_accessor key_origin: ("AWS_KMS" | "EXTERNAL" | "AWS_CLOUDHSM" | "EXTERNAL_KEY_STORE")
227
+ SENSITIVE: [:shared_secret]
228
+ end
229
+
211
230
  class DescribeCustomKeyStoresRequest
212
231
  attr_accessor custom_key_store_id: ::String
213
232
  attr_accessor custom_key_store_name: ::String
@@ -424,8 +443,8 @@ module Aws::KMS
424
443
 
425
444
  class GetParametersForImportRequest
426
445
  attr_accessor key_id: ::String
427
- attr_accessor wrapping_algorithm: ("RSAES_PKCS1_V1_5" | "RSAES_OAEP_SHA_1" | "RSAES_OAEP_SHA_256" | "RSA_AES_KEY_WRAP_SHA_1" | "RSA_AES_KEY_WRAP_SHA_256")
428
- attr_accessor wrapping_key_spec: ("RSA_2048" | "RSA_3072" | "RSA_4096")
446
+ attr_accessor wrapping_algorithm: ("RSAES_PKCS1_V1_5" | "RSAES_OAEP_SHA_1" | "RSAES_OAEP_SHA_256" | "RSA_AES_KEY_WRAP_SHA_1" | "RSA_AES_KEY_WRAP_SHA_256" | "SM2PKE")
447
+ attr_accessor wrapping_key_spec: ("RSA_2048" | "RSA_3072" | "RSA_4096" | "SM2")
429
448
  SENSITIVE: []
430
449
  end
431
450
 
@@ -448,9 +467,10 @@ module Aws::KMS
448
467
  attr_accessor public_key: ::String
449
468
  attr_accessor customer_master_key_spec: ("RSA_2048" | "RSA_3072" | "RSA_4096" | "ECC_NIST_P256" | "ECC_NIST_P384" | "ECC_NIST_P521" | "ECC_SECG_P256K1" | "SYMMETRIC_DEFAULT" | "HMAC_224" | "HMAC_256" | "HMAC_384" | "HMAC_512" | "SM2")
450
469
  attr_accessor key_spec: ("RSA_2048" | "RSA_3072" | "RSA_4096" | "ECC_NIST_P256" | "ECC_NIST_P384" | "ECC_NIST_P521" | "ECC_SECG_P256K1" | "SYMMETRIC_DEFAULT" | "HMAC_224" | "HMAC_256" | "HMAC_384" | "HMAC_512" | "SM2")
451
- attr_accessor key_usage: ("SIGN_VERIFY" | "ENCRYPT_DECRYPT" | "GENERATE_VERIFY_MAC")
470
+ attr_accessor key_usage: ("SIGN_VERIFY" | "ENCRYPT_DECRYPT" | "GENERATE_VERIFY_MAC" | "KEY_AGREEMENT")
452
471
  attr_accessor encryption_algorithms: ::Array[("SYMMETRIC_DEFAULT" | "RSAES_OAEP_SHA_1" | "RSAES_OAEP_SHA_256" | "SM2PKE")]
453
472
  attr_accessor signing_algorithms: ::Array[("RSASSA_PSS_SHA_256" | "RSASSA_PSS_SHA_384" | "RSASSA_PSS_SHA_512" | "RSASSA_PKCS1_V1_5_SHA_256" | "RSASSA_PKCS1_V1_5_SHA_384" | "RSASSA_PKCS1_V1_5_SHA_512" | "ECDSA_SHA_256" | "ECDSA_SHA_384" | "ECDSA_SHA_512" | "SM2DSA")]
473
+ attr_accessor key_agreement_algorithms: ::Array[("ECDH")]
454
474
  SENSITIVE: []
455
475
  end
456
476
 
@@ -468,7 +488,7 @@ module Aws::KMS
468
488
  attr_accessor grantee_principal: ::String
469
489
  attr_accessor retiring_principal: ::String
470
490
  attr_accessor issuing_account: ::String
471
- attr_accessor operations: ::Array[("Decrypt" | "Encrypt" | "GenerateDataKey" | "GenerateDataKeyWithoutPlaintext" | "ReEncryptFrom" | "ReEncryptTo" | "Sign" | "Verify" | "GetPublicKey" | "CreateGrant" | "RetireGrant" | "DescribeKey" | "GenerateDataKeyPair" | "GenerateDataKeyPairWithoutPlaintext" | "GenerateMac" | "VerifyMac")]
491
+ attr_accessor operations: ::Array[("Decrypt" | "Encrypt" | "GenerateDataKey" | "GenerateDataKeyWithoutPlaintext" | "ReEncryptFrom" | "ReEncryptTo" | "Sign" | "Verify" | "GetPublicKey" | "CreateGrant" | "RetireGrant" | "DescribeKey" | "GenerateDataKeyPair" | "GenerateDataKeyPairWithoutPlaintext" | "GenerateMac" | "VerifyMac" | "DeriveSharedSecret")]
472
492
  attr_accessor constraints: Types::GrantConstraints
473
493
  SENSITIVE: []
474
494
  end
@@ -573,7 +593,7 @@ module Aws::KMS
573
593
  attr_accessor creation_date: ::Time
574
594
  attr_accessor enabled: bool
575
595
  attr_accessor description: ::String
576
- attr_accessor key_usage: ("SIGN_VERIFY" | "ENCRYPT_DECRYPT" | "GENERATE_VERIFY_MAC")
596
+ attr_accessor key_usage: ("SIGN_VERIFY" | "ENCRYPT_DECRYPT" | "GENERATE_VERIFY_MAC" | "KEY_AGREEMENT")
577
597
  attr_accessor key_state: ("Creating" | "Enabled" | "Disabled" | "PendingDeletion" | "PendingImport" | "PendingReplicaDeletion" | "Unavailable" | "Updating")
578
598
  attr_accessor deletion_date: ::Time
579
599
  attr_accessor valid_to: ::Time
@@ -586,6 +606,7 @@ module Aws::KMS
586
606
  attr_accessor key_spec: ("RSA_2048" | "RSA_3072" | "RSA_4096" | "ECC_NIST_P256" | "ECC_NIST_P384" | "ECC_NIST_P521" | "ECC_SECG_P256K1" | "SYMMETRIC_DEFAULT" | "HMAC_224" | "HMAC_256" | "HMAC_384" | "HMAC_512" | "SM2")
587
607
  attr_accessor encryption_algorithms: ::Array[("SYMMETRIC_DEFAULT" | "RSAES_OAEP_SHA_1" | "RSAES_OAEP_SHA_256" | "SM2PKE")]
588
608
  attr_accessor signing_algorithms: ::Array[("RSASSA_PSS_SHA_256" | "RSASSA_PSS_SHA_384" | "RSASSA_PSS_SHA_512" | "RSASSA_PKCS1_V1_5_SHA_256" | "RSASSA_PKCS1_V1_5_SHA_384" | "RSASSA_PKCS1_V1_5_SHA_512" | "ECDSA_SHA_256" | "ECDSA_SHA_384" | "ECDSA_SHA_512" | "SM2DSA")]
609
+ attr_accessor key_agreement_algorithms: ::Array[("ECDH")]
589
610
  attr_accessor multi_region: bool
590
611
  attr_accessor multi_region_configuration: Types::MultiRegionConfiguration
591
612
  attr_accessor pending_deletion_window_in_days: ::Integer
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-kms
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.79.0
4
+ version: 1.91.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-04-12 00:00:00.000000000 Z
11
+ date: 2024-09-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
19
19
  version: '3'
20
20
  - - ">="
21
21
  - !ruby/object:Gem::Version
22
- version: 3.191.0
22
+ version: 3.205.0
23
23
  type: :runtime
24
24
  prerelease: false
25
25
  version_requirements: !ruby/object:Gem::Requirement
@@ -29,21 +29,21 @@ dependencies:
29
29
  version: '3'
30
30
  - - ">="
31
31
  - !ruby/object:Gem::Version
32
- version: 3.191.0
32
+ version: 3.205.0
33
33
  - !ruby/object:Gem::Dependency
34
34
  name: aws-sigv4
35
35
  requirement: !ruby/object:Gem::Requirement
36
36
  requirements:
37
37
  - - "~>"
38
38
  - !ruby/object:Gem::Version
39
- version: '1.1'
39
+ version: '1.5'
40
40
  type: :runtime
41
41
  prerelease: false
42
42
  version_requirements: !ruby/object:Gem::Requirement
43
43
  requirements:
44
44
  - - "~>"
45
45
  - !ruby/object:Gem::Version
46
- version: '1.1'
46
+ version: '1.5'
47
47
  description: Official AWS Ruby gem for AWS Key Management Service (KMS). This gem
48
48
  is part of the AWS SDK for Ruby.
49
49
  email: