aws-sdk-kms 1.48.0 → 1.49.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-kms/client.rb +475 -13
- data/lib/aws-sdk-kms.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a07f550283c44f04da54be848926fc2abb53eaf72d7f70b2ed94ee3c512689c8
|
4
|
+
data.tar.gz: 4ff2d5daac266b457492a3dc88d2f9fd8dd95cb52777554a5ee365462828d50d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3a486089f9d6dffe619dd8bafef64fcb2d3a4969996877b56079ea9a61fc84e2617bc9b3895f5d9ebef8bd27a8a9cebb7c6920f3f54c202d45525883c601b592
|
7
|
+
data.tar.gz: 53bb1250597b6ca39baecb61f499e08b28882c93d9f3aabd4d16d84ad605fd50a5a47d7cb1fc3af4fb1d0589308a4f7d3ab3bab958147eee89fd03af23ea7a38
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,11 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.49.0 (2021-10-04)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Added SDK examples for ConnectCustomKeyStore, CreateCustomKeyStore, CreateKey, DeleteCustomKeyStore, DescribeCustomKeyStores, DisconnectCustomKeyStore, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GetPublicKey, ReplicateKey, Sign, UpdateCustomKeyStore and Verify APIs
|
8
|
+
|
4
9
|
1.48.0 (2021-09-01)
|
5
10
|
------------------
|
6
11
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.49.0
|
data/lib/aws-sdk-kms/client.rb
CHANGED
@@ -488,6 +488,20 @@ module Aws::KMS
|
|
488
488
|
#
|
489
489
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
490
490
|
#
|
491
|
+
#
|
492
|
+
# @example Example: To connect a custom key store to its CloudHSM cluster
|
493
|
+
#
|
494
|
+
# # This example connects an AWS KMS custom key store to its AWS CloudHSM cluster. This operation does not return any data.
|
495
|
+
# # To verify that the custom key store is connected, use the <code>DescribeCustomKeyStores</code> operation.
|
496
|
+
#
|
497
|
+
# resp = client.connect_custom_key_store({
|
498
|
+
# custom_key_store_id: "cks-1234567890abcdef0", # The ID of the AWS KMS custom key store.
|
499
|
+
# })
|
500
|
+
#
|
501
|
+
# resp.to_h outputs the following:
|
502
|
+
# {
|
503
|
+
# }
|
504
|
+
#
|
491
505
|
# @example Request syntax with placeholder values
|
492
506
|
#
|
493
507
|
# resp = client.connect_custom_key_store({
|
@@ -724,6 +738,23 @@ module Aws::KMS
|
|
724
738
|
#
|
725
739
|
# * {Types::CreateCustomKeyStoreResponse#custom_key_store_id #custom_key_store_id} => String
|
726
740
|
#
|
741
|
+
#
|
742
|
+
# @example Example: To create an AWS CloudHSM custom key store
|
743
|
+
#
|
744
|
+
# # This example creates a custom key store that is associated with an AWS CloudHSM cluster.
|
745
|
+
#
|
746
|
+
# resp = client.create_custom_key_store({
|
747
|
+
# cloud_hsm_cluster_id: "cluster-1a23b4cdefg", # The ID of the CloudHSM cluster.
|
748
|
+
# custom_key_store_name: "ExampleKeyStore", # A friendly name for the custom key store.
|
749
|
+
# key_store_password: "kmsPswd", # The password for the kmsuser CU account in the specified cluster.
|
750
|
+
# trust_anchor_certificate: "<certificate-goes-here>", # The content of the customerCA.crt file that you created when you initialized the cluster.
|
751
|
+
# })
|
752
|
+
#
|
753
|
+
# resp.to_h outputs the following:
|
754
|
+
# {
|
755
|
+
# custom_key_store_id: "cks-1234567890abcdef0", # The ID of the new custom key store.
|
756
|
+
# }
|
757
|
+
#
|
727
758
|
# @example Request syntax with placeholder values
|
728
759
|
#
|
729
760
|
# resp = client.create_custom_key_store({
|
@@ -1410,15 +1441,10 @@ module Aws::KMS
|
|
1410
1441
|
#
|
1411
1442
|
# @example Example: To create a KMS key
|
1412
1443
|
#
|
1413
|
-
# # The following example creates a KMS key.
|
1444
|
+
# # The following example creates a symmetric KMS key for encryption and decryption. No parameters are required for this
|
1445
|
+
# # operation.
|
1414
1446
|
#
|
1415
1447
|
# resp = client.create_key({
|
1416
|
-
# tags: [
|
1417
|
-
# {
|
1418
|
-
# tag_key: "CreatedBy",
|
1419
|
-
# tag_value: "ExampleUser",
|
1420
|
-
# },
|
1421
|
-
# ], # One or more tags. Each tag consists of a tag key and a tag value.
|
1422
1448
|
# })
|
1423
1449
|
#
|
1424
1450
|
# resp.to_h outputs the following:
|
@@ -1438,8 +1464,181 @@ module Aws::KMS
|
|
1438
1464
|
# key_spec: "SYMMETRIC_DEFAULT",
|
1439
1465
|
# key_state: "Enabled",
|
1440
1466
|
# key_usage: "ENCRYPT_DECRYPT",
|
1467
|
+
# multi_region: false,
|
1468
|
+
# origin: "AWS_KMS",
|
1469
|
+
# }, # Detailed information about the KMS key that this operation creates.
|
1470
|
+
# }
|
1471
|
+
#
|
1472
|
+
# @example Example: To create an asymmetric RSA KMS key for encryption and decryption
|
1473
|
+
#
|
1474
|
+
# # This example creates a KMS key that contains an asymmetric RSA key pair for encryption and decryption. The key spec and
|
1475
|
+
# # key usage can't be changed after the key is created.
|
1476
|
+
#
|
1477
|
+
# resp = client.create_key({
|
1478
|
+
# key_spec: "RSA_4096", # Describes the type of key material in the KMS key.
|
1479
|
+
# key_usage: "ENCRYPT_DECRYPT", # The cryptographic operations for which you can use the KMS key.
|
1480
|
+
# })
|
1481
|
+
#
|
1482
|
+
# resp.to_h outputs the following:
|
1483
|
+
# {
|
1484
|
+
# key_metadata: {
|
1485
|
+
# aws_account_id: "111122223333",
|
1486
|
+
# arn: "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
|
1487
|
+
# creation_date: Time.parse("2021-04-05T14:04:55-07:00"),
|
1488
|
+
# customer_master_key_spec: "RSA_4096",
|
1489
|
+
# description: "",
|
1490
|
+
# enabled: true,
|
1491
|
+
# encryption_algorithms: [
|
1492
|
+
# "RSAES_OAEP_SHA_1",
|
1493
|
+
# "RSAES_OAEP_SHA_256",
|
1494
|
+
# ],
|
1495
|
+
# key_id: "1234abcd-12ab-34cd-56ef-1234567890ab",
|
1496
|
+
# key_manager: "CUSTOMER",
|
1497
|
+
# key_spec: "RSA_4096",
|
1498
|
+
# key_state: "Enabled",
|
1499
|
+
# key_usage: "ENCRYPT_DECRYPT",
|
1500
|
+
# multi_region: false,
|
1501
|
+
# origin: "AWS_KMS",
|
1502
|
+
# }, # Detailed information about the KMS key that this operation creates.
|
1503
|
+
# }
|
1504
|
+
#
|
1505
|
+
# @example Example: To create an asymmetric elliptic curve KMS key for signing and verification
|
1506
|
+
#
|
1507
|
+
# # This example creates a KMS key that contains an asymmetric elliptic curve (ECC) key pair for signing and verification.
|
1508
|
+
# # The key usage is required even though "SIGN_VERIFY" is the only valid value for ECC KMS keys. The key spec and key usage
|
1509
|
+
# # can't be changed after the key is created.
|
1510
|
+
#
|
1511
|
+
# resp = client.create_key({
|
1512
|
+
# key_spec: "ECC_NIST_P521", # Describes the type of key material in the KMS key.
|
1513
|
+
# key_usage: "SIGN_VERIFY", # The cryptographic operations for which you can use the KMS key.
|
1514
|
+
# })
|
1515
|
+
#
|
1516
|
+
# resp.to_h outputs the following:
|
1517
|
+
# {
|
1518
|
+
# key_metadata: {
|
1519
|
+
# aws_account_id: "111122223333",
|
1520
|
+
# arn: "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
|
1521
|
+
# creation_date: Time.parse("2019-12-02T07:48:55-07:00"),
|
1522
|
+
# customer_master_key_spec: "ECC_NIST_P521",
|
1523
|
+
# description: "",
|
1524
|
+
# enabled: true,
|
1525
|
+
# key_id: "1234abcd-12ab-34cd-56ef-1234567890ab",
|
1526
|
+
# key_manager: "CUSTOMER",
|
1527
|
+
# key_spec: "ECC_NIST_P521",
|
1528
|
+
# key_state: "Enabled",
|
1529
|
+
# key_usage: "SIGN_VERIFY",
|
1530
|
+
# multi_region: false,
|
1531
|
+
# origin: "AWS_KMS",
|
1532
|
+
# signing_algorithms: [
|
1533
|
+
# "ECDSA_SHA_512",
|
1534
|
+
# ],
|
1535
|
+
# }, # Detailed information about the KMS key that this operation creates.
|
1536
|
+
# }
|
1537
|
+
#
|
1538
|
+
# @example Example: To create a multi-Region primary KMS key
|
1539
|
+
#
|
1540
|
+
# # This example creates a multi-Region primary symmetric encryption key. Because the default values for all parameters
|
1541
|
+
# # create a symmetric encryption key, only the MultiRegion parameter is required for this KMS key.
|
1542
|
+
#
|
1543
|
+
# resp = client.create_key({
|
1544
|
+
# multi_region: true, # Indicates whether the KMS key is a multi-Region (True) or regional (False) key.
|
1545
|
+
# })
|
1546
|
+
#
|
1547
|
+
# resp.to_h outputs the following:
|
1548
|
+
# {
|
1549
|
+
# key_metadata: {
|
1550
|
+
# aws_account_id: "111122223333",
|
1551
|
+
# arn: "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef12345678990ab",
|
1552
|
+
# creation_date: Time.parse("2021-09-02T016:15:21-09:00"),
|
1553
|
+
# customer_master_key_spec: "SYMMETRIC_DEFAULT",
|
1554
|
+
# description: "",
|
1555
|
+
# enabled: true,
|
1556
|
+
# encryption_algorithms: [
|
1557
|
+
# "SYMMETRIC_DEFAULT",
|
1558
|
+
# ],
|
1559
|
+
# key_id: "mrk-1234abcd12ab34cd56ef12345678990ab",
|
1560
|
+
# key_manager: "CUSTOMER",
|
1561
|
+
# key_spec: "SYMMETRIC_DEFAULT",
|
1562
|
+
# key_state: "Enabled",
|
1563
|
+
# key_usage: "ENCRYPT_DECRYPT",
|
1564
|
+
# multi_region: true,
|
1565
|
+
# multi_region_configuration: {
|
1566
|
+
# multi_region_key_type: "PRIMARY",
|
1567
|
+
# primary_key: {
|
1568
|
+
# arn: "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef12345678990ab",
|
1569
|
+
# region: "us-west-2",
|
1570
|
+
# },
|
1571
|
+
# replica_keys: [
|
1572
|
+
# ],
|
1573
|
+
# },
|
1441
1574
|
# origin: "AWS_KMS",
|
1442
|
-
# }, #
|
1575
|
+
# }, # Detailed information about the KMS key that this operation creates.
|
1576
|
+
# }
|
1577
|
+
#
|
1578
|
+
# @example Example: To create a KMS key for imported key material
|
1579
|
+
#
|
1580
|
+
# # This example creates a KMS key with no key material. When the operation is complete, you can import your own key
|
1581
|
+
# # material into the KMS key. To create this KMS key, set the Origin parameter to EXTERNAL.
|
1582
|
+
#
|
1583
|
+
# resp = client.create_key({
|
1584
|
+
# origin: "EXTERNAL", # The source of the key material for the KMS key.
|
1585
|
+
# })
|
1586
|
+
#
|
1587
|
+
# resp.to_h outputs the following:
|
1588
|
+
# {
|
1589
|
+
# key_metadata: {
|
1590
|
+
# aws_account_id: "111122223333",
|
1591
|
+
# arn: "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
|
1592
|
+
# creation_date: Time.parse("2019-12-02T07:48:55-07:00"),
|
1593
|
+
# customer_master_key_spec: "SYMMETRIC_DEFAULT",
|
1594
|
+
# description: "",
|
1595
|
+
# enabled: false,
|
1596
|
+
# encryption_algorithms: [
|
1597
|
+
# "SYMMETRIC_DEFAULT",
|
1598
|
+
# ],
|
1599
|
+
# key_id: "1234abcd-12ab-34cd-56ef-1234567890ab",
|
1600
|
+
# key_manager: "CUSTOMER",
|
1601
|
+
# key_spec: "SYMMETRIC_DEFAULT",
|
1602
|
+
# key_state: "PendingImport",
|
1603
|
+
# key_usage: "ENCRYPT_DECRYPT",
|
1604
|
+
# multi_region: false,
|
1605
|
+
# origin: "EXTERNAL",
|
1606
|
+
# }, # Detailed information about the KMS key that this operation creates.
|
1607
|
+
# }
|
1608
|
+
#
|
1609
|
+
# @example Example: To create a KMS key in a custom key store
|
1610
|
+
#
|
1611
|
+
# # This example creates a KMS key in the specified custom key store. The operation creates the KMS key and its metadata in
|
1612
|
+
# # AWS KMS and the key material in the AWS CloudHSM cluster associated with the custom key store. This example requires the
|
1613
|
+
# # Origin and CustomKeyStoreId parameters.
|
1614
|
+
#
|
1615
|
+
# resp = client.create_key({
|
1616
|
+
# custom_key_store_id: "cks-1234567890abcdef0", # Identifies the custom key store that hosts the KMS key.
|
1617
|
+
# origin: "AWS_CLOUDHSM", # Indicates the source of the key material for the KMS key.
|
1618
|
+
# })
|
1619
|
+
#
|
1620
|
+
# resp.to_h outputs the following:
|
1621
|
+
# {
|
1622
|
+
# key_metadata: {
|
1623
|
+
# aws_account_id: "111122223333",
|
1624
|
+
# arn: "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
|
1625
|
+
# cloud_hsm_cluster_id: "cluster-1a23b4cdefg",
|
1626
|
+
# creation_date: Time.parse("2019-12-02T07:48:55-07:00"),
|
1627
|
+
# custom_key_store_id: "cks-1234567890abcdef0",
|
1628
|
+
# customer_master_key_spec: "SYMMETRIC_DEFAULT",
|
1629
|
+
# description: "",
|
1630
|
+
# enabled: true,
|
1631
|
+
# encryption_algorithms: [
|
1632
|
+
# "SYMMETRIC_DEFAULT",
|
1633
|
+
# ],
|
1634
|
+
# key_id: "1234abcd-12ab-34cd-56ef-1234567890ab",
|
1635
|
+
# key_manager: "CUSTOMER",
|
1636
|
+
# key_spec: "SYMMETRIC_DEFAULT",
|
1637
|
+
# key_state: "Enabled",
|
1638
|
+
# key_usage: "ENCRYPT_DECRYPT",
|
1639
|
+
# multi_region: false,
|
1640
|
+
# origin: "AWS_CLOUDHSM",
|
1641
|
+
# }, # Detailed information about the KMS key that this operation creates.
|
1443
1642
|
# }
|
1444
1643
|
#
|
1445
1644
|
# @example Request syntax with placeholder values
|
@@ -1850,6 +2049,21 @@ module Aws::KMS
|
|
1850
2049
|
#
|
1851
2050
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1852
2051
|
#
|
2052
|
+
#
|
2053
|
+
# @example Example: To delete a custom key store from AWS KMS
|
2054
|
+
#
|
2055
|
+
# # This example deletes a custom key store from AWS KMS. This operation does not delete the AWS CloudHSM cluster that was
|
2056
|
+
# # associated with the CloudHSM cluster. This operation doesn't return any data. To verify that the operation was
|
2057
|
+
# # successful, use the DescribeCustomKeyStores operation.
|
2058
|
+
#
|
2059
|
+
# resp = client.delete_custom_key_store({
|
2060
|
+
# custom_key_store_id: "cks-1234567890abcdef0", # The ID of the custom key store to be deleted.
|
2061
|
+
# })
|
2062
|
+
#
|
2063
|
+
# resp.to_h outputs the following:
|
2064
|
+
# {
|
2065
|
+
# }
|
2066
|
+
#
|
1853
2067
|
# @example Request syntax with placeholder values
|
1854
2068
|
#
|
1855
2069
|
# resp = client.delete_custom_key_store({
|
@@ -2029,6 +2243,44 @@ module Aws::KMS
|
|
2029
2243
|
# * {Types::DescribeCustomKeyStoresResponse#next_marker #next_marker} => String
|
2030
2244
|
# * {Types::DescribeCustomKeyStoresResponse#truncated #truncated} => Boolean
|
2031
2245
|
#
|
2246
|
+
#
|
2247
|
+
# @example Example: To get detailed information about custom key stores in the account and Region
|
2248
|
+
#
|
2249
|
+
# # This example gets detailed information about all AWS KMS custom key stores in an AWS account and Region. To get all key
|
2250
|
+
# # stores, do not enter a custom key store name or ID.
|
2251
|
+
#
|
2252
|
+
# resp = client.describe_custom_key_stores({
|
2253
|
+
# })
|
2254
|
+
#
|
2255
|
+
# resp.to_h outputs the following:
|
2256
|
+
# {
|
2257
|
+
# custom_key_stores: [
|
2258
|
+
# ], # Details about each custom key store in the account and Region.
|
2259
|
+
# }
|
2260
|
+
#
|
2261
|
+
# @example Example: To get detailed information about a custom key store associated with a CloudHSM cluster.
|
2262
|
+
#
|
2263
|
+
# # This example gets detailed information about a particular AWS KMS custom key store that is associate with an AWS
|
2264
|
+
# # CloudHSM cluster. To limit the output to a particular custom key store, provide the custom key store name or ID.
|
2265
|
+
#
|
2266
|
+
# resp = client.describe_custom_key_stores({
|
2267
|
+
# custom_key_store_name: "ExampleKeyStore", # The friendly name of the custom key store.
|
2268
|
+
# })
|
2269
|
+
#
|
2270
|
+
# resp.to_h outputs the following:
|
2271
|
+
# {
|
2272
|
+
# custom_key_stores: [
|
2273
|
+
# {
|
2274
|
+
# cloud_hsm_cluster_id: "cluster-1a23b4cdefg",
|
2275
|
+
# connection_state: "CONNECTED",
|
2276
|
+
# creation_date: Time.parse("1.499288695918E9"),
|
2277
|
+
# custom_key_store_id: "cks-1234567890abcdef0",
|
2278
|
+
# custom_key_store_name: "ExampleKeyStore",
|
2279
|
+
# trust_anchor_certificate: "<certificate appears here>",
|
2280
|
+
# },
|
2281
|
+
# ], # Detailed information about the specified custom key store.
|
2282
|
+
# }
|
2283
|
+
#
|
2032
2284
|
# @example Request syntax with placeholder values
|
2033
2285
|
#
|
2034
2286
|
# resp = client.describe_custom_key_stores({
|
@@ -2458,6 +2710,20 @@ module Aws::KMS
|
|
2458
2710
|
#
|
2459
2711
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2460
2712
|
#
|
2713
|
+
#
|
2714
|
+
# @example Example: To disconnect a custom key store from its CloudHSM cluster
|
2715
|
+
#
|
2716
|
+
# # This example disconnects an AWS KMS custom key store from its AWS CloudHSM cluster. This operation doesn't return any
|
2717
|
+
# # data. To verify that the custom key store is disconnected, use the <code>DescribeCustomKeyStores</code> operation.
|
2718
|
+
#
|
2719
|
+
# resp = client.disconnect_custom_key_store({
|
2720
|
+
# custom_key_store_id: "cks-1234567890abcdef0", # The ID of the custom key store.
|
2721
|
+
# })
|
2722
|
+
#
|
2723
|
+
# resp.to_h outputs the following:
|
2724
|
+
# {
|
2725
|
+
# }
|
2726
|
+
#
|
2461
2727
|
# @example Request syntax with placeholder values
|
2462
2728
|
#
|
2463
2729
|
# resp = client.disconnect_custom_key_store({
|
@@ -3205,6 +3471,26 @@ module Aws::KMS
|
|
3205
3471
|
# * {Types::GenerateDataKeyPairResponse#key_id #key_id} => String
|
3206
3472
|
# * {Types::GenerateDataKeyPairResponse#key_pair_spec #key_pair_spec} => String
|
3207
3473
|
#
|
3474
|
+
#
|
3475
|
+
# @example Example: To generate an RSA key pair for encryption and decryption
|
3476
|
+
#
|
3477
|
+
# # This example generates an RSA data key pair for encryption and decryption. The operation returns a plaintext public key
|
3478
|
+
# # and private key, and a copy of the private key that is encrypted under a symmetric KMS key that you specify.
|
3479
|
+
#
|
3480
|
+
# resp = client.generate_data_key_pair({
|
3481
|
+
# key_id: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", # The key ID of the symmetric KMS key that encrypts the private RSA key in the data key pair.
|
3482
|
+
# key_pair_spec: "RSA_3072", # The requested key spec of the RSA data key pair.
|
3483
|
+
# })
|
3484
|
+
#
|
3485
|
+
# resp.to_h outputs the following:
|
3486
|
+
# {
|
3487
|
+
# key_id: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", # The key ARN of the symmetric KMS key that was used to encrypt the private key.
|
3488
|
+
# key_pair_spec: "RSA_3072", # The actual key spec of the RSA data key pair.
|
3489
|
+
# private_key_ciphertext_blob: "<binary data>", # The encrypted private key of the RSA data key pair.
|
3490
|
+
# private_key_plaintext: "<binary data>", # The plaintext private key of the RSA data key pair.
|
3491
|
+
# public_key: "<binary data>", # The public key (plaintext) of the RSA data key pair.
|
3492
|
+
# }
|
3493
|
+
#
|
3208
3494
|
# @example Request syntax with placeholder values
|
3209
3495
|
#
|
3210
3496
|
# resp = client.generate_data_key_pair({
|
@@ -3371,6 +3657,25 @@ module Aws::KMS
|
|
3371
3657
|
# * {Types::GenerateDataKeyPairWithoutPlaintextResponse#key_id #key_id} => String
|
3372
3658
|
# * {Types::GenerateDataKeyPairWithoutPlaintextResponse#key_pair_spec #key_pair_spec} => String
|
3373
3659
|
#
|
3660
|
+
#
|
3661
|
+
# @example Example: To generate an asymmetric data key pair without a plaintext key
|
3662
|
+
#
|
3663
|
+
# # This example returns an asymmetric elliptic curve (ECC) data key pair. The private key is encrypted under the symmetric
|
3664
|
+
# # KMS key that you specify. This operation doesn't return a plaintext (unencrypted) private key.
|
3665
|
+
#
|
3666
|
+
# resp = client.generate_data_key_pair_without_plaintext({
|
3667
|
+
# key_id: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", # The symmetric KMS key that encrypts the private key of the ECC data key pair.
|
3668
|
+
# key_pair_spec: "ECC_NIST_P521", # The requested key spec of the ECC asymmetric data key pair.
|
3669
|
+
# })
|
3670
|
+
#
|
3671
|
+
# resp.to_h outputs the following:
|
3672
|
+
# {
|
3673
|
+
# key_id: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", # The key ARN of the symmetric KMS key that encrypted the private key in the ECC asymmetric data key pair.
|
3674
|
+
# key_pair_spec: "ECC_NIST_P521", # The actual key spec of the ECC asymmetric data key pair.
|
3675
|
+
# private_key_ciphertext_blob: "<binary data>", # The encrypted private key of the asymmetric ECC data key pair.
|
3676
|
+
# public_key: "<binary data>", # The public key (plaintext).
|
3677
|
+
# }
|
3678
|
+
#
|
3374
3679
|
# @example Request syntax with placeholder values
|
3375
3680
|
#
|
3376
3681
|
# resp = client.generate_data_key_pair_without_plaintext({
|
@@ -4053,6 +4358,29 @@ module Aws::KMS
|
|
4053
4358
|
# * {Types::GetPublicKeyResponse#encryption_algorithms #encryption_algorithms} => Array<String>
|
4054
4359
|
# * {Types::GetPublicKeyResponse#signing_algorithms #signing_algorithms} => Array<String>
|
4055
4360
|
#
|
4361
|
+
#
|
4362
|
+
# @example Example: To download the public key of an asymmetric KMS key
|
4363
|
+
#
|
4364
|
+
# # This example gets the public key of an asymmetric RSA KMS key used for encryption and decryption. The operation returns
|
4365
|
+
# # the key spec, key usage, and encryption or signing algorithms to help you use the public key correctly outside of AWS
|
4366
|
+
# # KMS.
|
4367
|
+
#
|
4368
|
+
# resp = client.get_public_key({
|
4369
|
+
# key_id: "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321", # The key ARN of the asymmetric KMS key.
|
4370
|
+
# })
|
4371
|
+
#
|
4372
|
+
# resp.to_h outputs the following:
|
4373
|
+
# {
|
4374
|
+
# customer_master_key_spec: "RSA_4096", # The key spec of the asymmetric KMS key from which the public key was downloaded.
|
4375
|
+
# encryption_algorithms: [
|
4376
|
+
# "RSAES_OAEP_SHA_1",
|
4377
|
+
# "RSAES_OAEP_SHA_256",
|
4378
|
+
# ], # The encryption algorithms supported by the asymmetric KMS key that was downloaded.
|
4379
|
+
# key_id: "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321", # The key ARN of the asymmetric KMS key from which the public key was downloaded.
|
4380
|
+
# key_usage: "ENCRYPT_DECRYPT", # The key usage of the asymmetric KMS key from which the public key was downloaded.
|
4381
|
+
# public_key: "<binary data>", # The public key (plaintext) of the asymmetric KMS key.
|
4382
|
+
# }
|
4383
|
+
#
|
4056
4384
|
# @example Request syntax with placeholder values
|
4057
4385
|
#
|
4058
4386
|
# resp = client.get_public_key({
|
@@ -5719,6 +6047,53 @@ module Aws::KMS
|
|
5719
6047
|
# * {Types::ReplicateKeyResponse#replica_policy #replica_policy} => String
|
5720
6048
|
# * {Types::ReplicateKeyResponse#replica_tags #replica_tags} => Array<Types::Tag>
|
5721
6049
|
#
|
6050
|
+
#
|
6051
|
+
# @example Example: To replicate a multi-Region key in a different AWS Region
|
6052
|
+
#
|
6053
|
+
# # This example creates a multi-Region replica key in us-west-2 of a multi-Region primary key in us-east-1.
|
6054
|
+
#
|
6055
|
+
# resp = client.replicate_key({
|
6056
|
+
# key_id: "arn:aws:kms:us-east-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab", # The key ID or key ARN of the multi-Region primary key
|
6057
|
+
# replica_region: "us-west-2", # The Region of the new replica.
|
6058
|
+
# })
|
6059
|
+
#
|
6060
|
+
# resp.to_h outputs the following:
|
6061
|
+
# {
|
6062
|
+
# replica_key_metadata: {
|
6063
|
+
# aws_account_id: "111122223333",
|
6064
|
+
# arn: "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab",
|
6065
|
+
# creation_date: Time.parse(1607472987.918),
|
6066
|
+
# customer_master_key_spec: "SYMMETRIC_DEFAULT",
|
6067
|
+
# description: "",
|
6068
|
+
# enabled: true,
|
6069
|
+
# encryption_algorithms: [
|
6070
|
+
# "SYMMETRIC_DEFAULT",
|
6071
|
+
# ],
|
6072
|
+
# key_id: "mrk-1234abcd12ab34cd56ef1234567890ab",
|
6073
|
+
# key_manager: "CUSTOMER",
|
6074
|
+
# key_state: "Enabled",
|
6075
|
+
# key_usage: "ENCRYPT_DECRYPT",
|
6076
|
+
# multi_region: true,
|
6077
|
+
# multi_region_configuration: {
|
6078
|
+
# multi_region_key_type: "REPLICA",
|
6079
|
+
# primary_key: {
|
6080
|
+
# arn: "arn:aws:kms:us-east-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab",
|
6081
|
+
# region: "us-east-1",
|
6082
|
+
# },
|
6083
|
+
# replica_keys: [
|
6084
|
+
# {
|
6085
|
+
# arn: "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab",
|
6086
|
+
# region: "us-west-2",
|
6087
|
+
# },
|
6088
|
+
# ],
|
6089
|
+
# },
|
6090
|
+
# origin: "AWS_KMS",
|
6091
|
+
# }, # An object that displays detailed information about the replica key.
|
6092
|
+
# replica_policy: "{\n \"Version\" : \"2012-10-17\",\n \"Id\" : \"key-default-1\",...}", # The key policy of the replica key. If you don't specify a key policy, the replica key gets the default key policy for a KMS key.
|
6093
|
+
# replica_tags: [
|
6094
|
+
# ], # The tags on the replica key, if any.
|
6095
|
+
# }
|
6096
|
+
#
|
5722
6097
|
# @example Request syntax with placeholder values
|
5723
6098
|
#
|
5724
6099
|
# resp = client.replicate_key({
|
@@ -6222,6 +6597,26 @@ module Aws::KMS
|
|
6222
6597
|
# * {Types::SignResponse#signature #signature} => String
|
6223
6598
|
# * {Types::SignResponse#signing_algorithm #signing_algorithm} => String
|
6224
6599
|
#
|
6600
|
+
#
|
6601
|
+
# @example Example: To digitally sign a message with an asymmetric KMS key.
|
6602
|
+
#
|
6603
|
+
# # This operation uses the private key in an asymmetric elliptic curve (ECC) KMS key to generate a digital signature for a
|
6604
|
+
# # given message.
|
6605
|
+
#
|
6606
|
+
# resp = client.sign({
|
6607
|
+
# key_id: "alias/ECC_signing_key", # The asymmetric KMS key to be used to generate the digital signature. This example uses an alias of the KMS key.
|
6608
|
+
# message: "<message to be signed>", # Message to be signed. Use Base-64 for the CLI.
|
6609
|
+
# message_type: "RAW", # Indicates whether the message is RAW or a DIGEST.
|
6610
|
+
# signing_algorithm: "ECDSA_SHA_384", # The requested signing algorithm. This must be an algorithm that the KMS key supports.
|
6611
|
+
# })
|
6612
|
+
#
|
6613
|
+
# resp.to_h outputs the following:
|
6614
|
+
# {
|
6615
|
+
# key_id: "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", # The key ARN of the asymmetric KMS key that was used to sign the message.
|
6616
|
+
# signature: "<binary data>", # The digital signature of the message.
|
6617
|
+
# signing_algorithm: "ECDSA_SHA_384", # The actual signing algorithm that was used to generate the signature.
|
6618
|
+
# }
|
6619
|
+
#
|
6225
6620
|
# @example Request syntax with placeholder values
|
6226
6621
|
#
|
6227
6622
|
# resp = client.sign({
|
@@ -6599,15 +6994,16 @@ module Aws::KMS
|
|
6599
6994
|
# ConnectCustomKeyStore. To find the connection state of a custom key
|
6600
6995
|
# store, use the DescribeCustomKeyStores operation.
|
6601
6996
|
#
|
6602
|
-
#
|
6997
|
+
# The `CustomKeyStoreId` parameter is required in all commands. Use the
|
6998
|
+
# other parameters of `UpdateCustomKeyStore` to edit your key store
|
6603
6999
|
# settings.
|
6604
7000
|
#
|
6605
|
-
# * Use the
|
7001
|
+
# * Use the `NewCustomKeyStoreName` parameter to change the friendly
|
6606
7002
|
# name of the custom key store to the value that you specify.
|
6607
7003
|
#
|
6608
7004
|
#
|
6609
7005
|
#
|
6610
|
-
# * Use the
|
7006
|
+
# * Use the `KeyStorePassword` parameter tell KMS the current password
|
6611
7007
|
# of the [ `kmsuser` crypto user (CU)][1] in the associated CloudHSM
|
6612
7008
|
# cluster. You can use this parameter to [fix connection failures][2]
|
6613
7009
|
# that occur when KMS cannot log into the associated cluster because
|
@@ -6616,7 +7012,7 @@ module Aws::KMS
|
|
6616
7012
|
#
|
6617
7013
|
#
|
6618
7014
|
#
|
6619
|
-
# * Use the
|
7015
|
+
# * Use the `CloudHsmClusterId` parameter to associate the custom key
|
6620
7016
|
# store with a different, but related, CloudHSM cluster. You can use
|
6621
7017
|
# this parameter to repair a custom key store if its CloudHSM cluster
|
6622
7018
|
# becomes corrupted or is deleted, or when you need to create or
|
@@ -6690,6 +7086,51 @@ module Aws::KMS
|
|
6690
7086
|
#
|
6691
7087
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
6692
7088
|
#
|
7089
|
+
#
|
7090
|
+
# @example Example: To edit the password of a custom key store
|
7091
|
+
#
|
7092
|
+
# # This example tells KMS the password for the kmsuser crypto user in the AWS CloudHSM cluster that is associated with the
|
7093
|
+
# # AWS KMS custom key store. (It does not change the password in the CloudHSM cluster.) This operation does not return any
|
7094
|
+
# # data.
|
7095
|
+
#
|
7096
|
+
# resp = client.update_custom_key_store({
|
7097
|
+
# custom_key_store_id: "cks-1234567890abcdef0", # The ID of the custom key store that you are updating.
|
7098
|
+
# key_store_password: "ExamplePassword", # The password for the kmsuser crypto user in the CloudHSM cluster.
|
7099
|
+
# })
|
7100
|
+
#
|
7101
|
+
# resp.to_h outputs the following:
|
7102
|
+
# {
|
7103
|
+
# }
|
7104
|
+
#
|
7105
|
+
# @example Example: To edit the friendly name of a custom key store
|
7106
|
+
#
|
7107
|
+
# # This example changes the friendly name of the AWS KMS custom key store to the name that you specify. This operation does
|
7108
|
+
# # not return any data. To verify that the operation worked, use the DescribeCustomKeyStores operation.
|
7109
|
+
#
|
7110
|
+
# resp = client.update_custom_key_store({
|
7111
|
+
# custom_key_store_id: "cks-1234567890abcdef0", # The ID of the custom key store that you are updating.
|
7112
|
+
# new_custom_key_store_name: "DevelopmentKeys", # A new friendly name for the custom key store.
|
7113
|
+
# })
|
7114
|
+
#
|
7115
|
+
# resp.to_h outputs the following:
|
7116
|
+
# {
|
7117
|
+
# }
|
7118
|
+
#
|
7119
|
+
# @example Example: To associate the custom key store with a different, but related, AWS CloudHSM cluster.
|
7120
|
+
#
|
7121
|
+
# # This example changes the cluster that is associated with a custom key store to a related cluster, such as a different
|
7122
|
+
# # backup of the same cluster. This operation does not return any data. To verify that the operation worked, use the
|
7123
|
+
# # DescribeCustomKeyStores operation.
|
7124
|
+
#
|
7125
|
+
# resp = client.update_custom_key_store({
|
7126
|
+
# cloud_hsm_cluster_id: "cluster-1a23b4cdefg", # The ID of the AWS CloudHSM cluster that you want to associate with the custom key store. This cluster must be related to the original CloudHSM cluster for this key store.
|
7127
|
+
# custom_key_store_id: "cks-1234567890abcdef0", # The ID of the custom key store that you are updating.
|
7128
|
+
# })
|
7129
|
+
#
|
7130
|
+
# resp.to_h outputs the following:
|
7131
|
+
# {
|
7132
|
+
# }
|
7133
|
+
#
|
6693
7134
|
# @example Request syntax with placeholder values
|
6694
7135
|
#
|
6695
7136
|
# resp = client.update_custom_key_store({
|
@@ -7021,6 +7462,27 @@ module Aws::KMS
|
|
7021
7462
|
# * {Types::VerifyResponse#signature_valid #signature_valid} => Boolean
|
7022
7463
|
# * {Types::VerifyResponse#signing_algorithm #signing_algorithm} => String
|
7023
7464
|
#
|
7465
|
+
#
|
7466
|
+
# @example Example: To use an asymmetric KMS key to verify a digital signature
|
7467
|
+
#
|
7468
|
+
# # This operation uses the public key in an elliptic curve (ECC) asymmetric key to verify a digital signature within AWS
|
7469
|
+
# # KMS.
|
7470
|
+
#
|
7471
|
+
# resp = client.verify({
|
7472
|
+
# key_id: "alias/ECC_signing_key", # The asymmetric KMS key to be used to verify the digital signature. This example uses an alias to identify the KMS key.
|
7473
|
+
# message: "<message to be verified>", # The message that was signed.
|
7474
|
+
# message_type: "RAW", # Indicates whether the message is RAW or a DIGEST.
|
7475
|
+
# signature: "<binary data>", # The signature to be verified.
|
7476
|
+
# signing_algorithm: "ECDSA_SHA_384", # The signing algorithm to be used to verify the signature.
|
7477
|
+
# })
|
7478
|
+
#
|
7479
|
+
# resp.to_h outputs the following:
|
7480
|
+
# {
|
7481
|
+
# key_id: "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", # The key ARN of the asymmetric KMS key that was used to verify the digital signature.
|
7482
|
+
# signature_valid: true, # Indicates whether the signature was verified (true) or failed verification (false).
|
7483
|
+
# signing_algorithm: "ECDSA_SHA_384", # The signing algorithm that was used to verify the signature.
|
7484
|
+
# }
|
7485
|
+
#
|
7024
7486
|
# @example Request syntax with placeholder values
|
7025
7487
|
#
|
7026
7488
|
# resp = client.verify({
|
@@ -7060,7 +7522,7 @@ module Aws::KMS
|
|
7060
7522
|
params: params,
|
7061
7523
|
config: config)
|
7062
7524
|
context[:gem_name] = 'aws-sdk-kms'
|
7063
|
-
context[:gem_version] = '1.
|
7525
|
+
context[:gem_version] = '1.49.0'
|
7064
7526
|
Seahorse::Client::Request.new(handlers, context)
|
7065
7527
|
end
|
7066
7528
|
|
data/lib/aws-sdk-kms.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-kms
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.49.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-10-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|