npm - @aws-sdk/client-kms - Versions diffs - 3.131.0 → 3.141.0 - Mend

@aws-sdk/client-kms 3.131.0 → 3.141.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (138) hide show

package/dist-types/models/models_0.d.ts CHANGED Viewed

@@ -32,12 +32,6 @@ export interface AliasListEntry {
      */
     LastUpdatedDate?: Date;
 }
-export declare namespace AliasListEntry {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: AliasListEntry) => any;
-}
 /**
  * <p>The request was rejected because it attempted to create a resource that already
  *       exists.</p>
@@ -70,24 +64,12 @@ export interface CancelKeyDeletionRequest {
      */
     KeyId: string | undefined;
 }
-export declare namespace CancelKeyDeletionRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: CancelKeyDeletionRequest) => any;
-}
 export interface CancelKeyDeletionResponse {
     /**
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the KMS key whose deletion is canceled.</p>
      */
     KeyId?: string;
 }
-export declare namespace CancelKeyDeletionResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: CancelKeyDeletionResponse) => any;
-}
 /**
  * <p>The system timed out while trying to fulfill the request. The request can be
  *       retried.</p>
@@ -259,20 +241,8 @@ export interface ConnectCustomKeyStoreRequest {
      */
     CustomKeyStoreId: string | undefined;
 }
-export declare namespace ConnectCustomKeyStoreRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ConnectCustomKeyStoreRequest) => any;
-}
 export interface ConnectCustomKeyStoreResponse {
 }
-export declare namespace ConnectCustomKeyStoreResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ConnectCustomKeyStoreResponse) => any;
-}
 /**
  * <p>The request was rejected because of the <code>ConnectionState</code> of the custom key
  *       store. To get the <code>ConnectionState</code> of a custom key store, use the <a>DescribeCustomKeyStores</a> operation.</p>
@@ -319,6 +289,7 @@ export declare class CustomKeyStoreNotFoundException extends __BaseException {
 export declare enum ConnectionErrorCodeType {
     CLUSTER_NOT_FOUND = "CLUSTER_NOT_FOUND",
     INSUFFICIENT_CLOUDHSM_HSMS = "INSUFFICIENT_CLOUDHSM_HSMS",
+    INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET = "INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET",
     INTERNAL_ERROR = "INTERNAL_ERROR",
     INVALID_CREDENTIALS = "INVALID_CREDENTIALS",
     NETWORK_ERRORS = "NETWORK_ERRORS",
@@ -370,12 +341,6 @@ export interface CreateAliasRequest {
      */
     TargetKeyId: string | undefined;
 }
-export declare namespace CreateAliasRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: CreateAliasRequest) => any;
-}
 /**
  * <p>The request was rejected because the specified alias name is not valid.</p>
  */
@@ -410,12 +375,12 @@ export interface CreateCustomKeyStoreRequest {
      *       CloudHSM cluster that is not already associated with a custom key store. To find the cluster ID,
      *       use the <a href="https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html">DescribeClusters</a> operation.</p>
      */
-    CloudHsmClusterId: string | undefined;
+    CloudHsmClusterId?: string;
     /**
      * <p>Enter the content of the trust anchor certificate for the cluster. This is the content of
      *       the <code>customerCA.crt</code> file that you created when you <a href="https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html">initialized the cluster</a>.</p>
      */
-    TrustAnchorCertificate: string | undefined;
+    TrustAnchorCertificate?: string;
     /**
      * <p>Enter the password of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser">
      *                <code>kmsuser</code> crypto user
@@ -425,13 +390,7 @@ export interface CreateCustomKeyStoreRequest {
      *          <p>This parameter tells KMS the <code>kmsuser</code> account password; it does not change
      *       the password in the CloudHSM cluster.</p>
      */
-    KeyStorePassword: string | undefined;
-}
-export declare namespace CreateCustomKeyStoreRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: CreateCustomKeyStoreRequest) => any;
+    KeyStorePassword?: string;
 }
 export interface CreateCustomKeyStoreResponse {
     /**
@@ -439,12 +398,6 @@ export interface CreateCustomKeyStoreResponse {
      */
     CustomKeyStoreId?: string;
 }
-export declare namespace CreateCustomKeyStoreResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: CreateCustomKeyStoreResponse) => any;
-}
 /**
  * <p>The request was rejected because the specified custom key store name is already assigned
  *       to another custom key store in the account. Try again with a custom key store name that is
@@ -508,12 +461,6 @@ export interface GrantConstraints {
      */
     EncryptionContextEquals?: Record<string, string>;
 }
-export declare namespace GrantConstraints {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: GrantConstraints) => any;
-}
 export declare enum GrantOperation {
     CreateGrant = "CreateGrant",
     Decrypt = "Decrypt",
@@ -632,12 +579,6 @@ export interface CreateGrantRequest {
      */
     Name?: string;
 }
-export declare namespace CreateGrantRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: CreateGrantRequest) => any;
-}
 export interface CreateGrantResponse {
     /**
      * <p>The grant token.</p>
@@ -651,12 +592,6 @@ export interface CreateGrantResponse {
      */
     GrantId?: string;
 }
-export declare namespace CreateGrantResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: CreateGrantResponse) => any;
-}
 /**
  * <p>The request was rejected because the specified KMS key is not enabled.</p>
  */
@@ -691,6 +626,7 @@ export declare enum CustomerMasterKeySpec {
     RSA_2048 = "RSA_2048",
     RSA_3072 = "RSA_3072",
     RSA_4096 = "RSA_4096",
+    SM2 = "SM2",
     SYMMETRIC_DEFAULT = "SYMMETRIC_DEFAULT"
 }
 export declare enum KeySpec {
@@ -705,6 +641,7 @@ export declare enum KeySpec {
     RSA_2048 = "RSA_2048",
     RSA_3072 = "RSA_3072",
     RSA_4096 = "RSA_4096",
+    SM2 = "SM2",
     SYMMETRIC_DEFAULT = "SYMMETRIC_DEFAULT"
 }
 export declare enum KeyUsageType {
@@ -733,12 +670,6 @@ export interface Tag {
      */
     TagValue: string | undefined;
 }
-export declare namespace Tag {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: Tag) => any;
-}
 export interface CreateKeyRequest {
     /**
      * <p>The key policy to attach to the KMS key. If you do not specify a key policy, KMS attaches a default key policy to the KMS key.
@@ -765,23 +696,20 @@ export interface CreateKeyRequest {
      *             </li>
      *          </ul>
      *
-     *          <p>A key policy document must conform to the following rules.</p>
+     *          <p>A key policy document can include only the following characters:</p>
      *          <ul>
      *             <li>
-     *                <p>Up to 32 kilobytes (32768 bytes)</p>
-     *             </li>
-     *             <li>
-     *                <p>Must be UTF-8 encoded</p>
+     *                <p>Printable ASCII characters from the space character (<code>\u0020</code>) through the end of the ASCII character range.</p>
      *             </li>
      *             <li>
-     *                <p>The only Unicode characters that are permitted in a key policy document are the horizontal tab (U+0009), linefeed (U+000A), carriage return (U+000D), and characters in the range U+0020 to U+00FF.</p>
+     *                <p>Printable characters in the Basic Latin and Latin-1 Supplement character set (through <code>\u00FF</code>).</p>
      *             </li>
      *             <li>
-     *                <p>The <code>Sid</code> element in a key policy statement can include spaces. (Spaces are
-     *             prohibited in the <code>Sid</code> element of an IAM policy document.)</p>
+     *                <p>The tab (<code>\u0009</code>), line feed (<code>\u000A</code>), and carriage return (<code>\u000D</code>) special characters</p>
      *             </li>
      *          </ul>
-     *          <p>For help writing and formatting a JSON policy document, see the <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html">IAM JSON Policy Reference</a> in the <i>
+     *          <p>For information about key policies, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html">Key policies in KMS</a> in the
+     *       <i>Key Management Service Developer Guide</i>. For help writing and formatting a JSON policy document, see the <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html">IAM JSON Policy Reference</a> in the <i>
      *                <i>Identity and Access Management User Guide</i>
      *             </i>.</p>
      */
@@ -815,6 +743,10 @@ export interface CreateKeyRequest {
      *                <p>For asymmetric KMS keys with ECC key material, specify
      *           <code>SIGN_VERIFY</code>.</p>
      *             </li>
+     *             <li>
+     *                <p>For asymmetric KMS keys with SM2 key material (China Regions only), specify <code>ENCRYPT_DECRYPT</code> or
+     *           <code>SIGN_VERIFY</code>.</p>
+     *             </li>
      *          </ul>
      */
     KeyUsage?: KeyUsageType | string;
@@ -829,8 +761,8 @@ export interface CreateKeyRequest {
     CustomerMasterKeySpec?: CustomerMasterKeySpec | string;
     /**
      * <p>Specifies the type of KMS key to create. The default value,
-     *       <code>SYMMETRIC_DEFAULT</code>, creates a KMS key with a 256-bit symmetric key for encryption
-     *       and decryption. For help choosing a key spec for your KMS key, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-types.html#symm-asymm-choose">Choosing a KMS key type</a> in the <i>
+     *       <code>SYMMETRIC_DEFAULT</code>, creates a KMS key with a 256-bit AES-GCM key that is used for encryption and decryption, except in China Regions,
+     *       where it creates a 128-bit symmetric key that uses SM4 encryption. For help choosing a key spec for your KMS key, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-types.html#symm-asymm-choose">Choosing a KMS key type</a> in the <i>
      *                <i>Key Management Service Developer Guide</i>
      *             </i>.</p>
      *          <p>The <code>KeySpec</code> determines whether the KMS key contains a symmetric key or an
@@ -853,7 +785,8 @@ export interface CreateKeyRequest {
      *                <ul>
      *                   <li>
      *                      <p>
-     *                         <code>SYMMETRIC_DEFAULT</code> (AES-256-GCM)</p>
+     *                         <code>SYMMETRIC_DEFAULT</code>
+     *                      </p>
      *                   </li>
      *                </ul>
      *             </li>
@@ -929,6 +862,16 @@ export interface CreateKeyRequest {
      *                   </li>
      *                </ul>
      *             </li>
+     *             <li>
+     *                <p>SM2 key pairs (China Regions only)</p>
+     *                <ul>
+     *                   <li>
+     *                      <p>
+     *                         <code>SM2</code>
+     *                      </p>
+     *                   </li>
+     *                </ul>
+     *             </li>
      *          </ul>
      */
     KeySpec?: KeySpec | string;
@@ -956,7 +899,7 @@ export interface CreateKeyRequest {
      *       cannot create any other type of KMS key in a custom key store.</p>
      *          <p>To find the ID of a custom key store, use the <a>DescribeCustomKeyStores</a> operation.</p>
      *          <p>The response includes the custom key store ID and the ID of the CloudHSM cluster.</p>
-     *          <p>This operation is part of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">Custom Key Store feature</a> feature in KMS, which
+     *          <p>This operation is part of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store feature</a> feature in KMS, which
      * combines the convenience and extensive integration of KMS with the isolation and control of a
      * single-tenant key store.</p>
      */
@@ -1009,15 +952,10 @@ export interface CreateKeyRequest {
      */
     MultiRegion?: boolean;
 }
-export declare namespace CreateKeyRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: CreateKeyRequest) => any;
-}
 export declare enum EncryptionAlgorithmSpec {
     RSAES_OAEP_SHA_1 = "RSAES_OAEP_SHA_1",
     RSAES_OAEP_SHA_256 = "RSAES_OAEP_SHA_256",
+    SM2PKE = "SM2PKE",
     SYMMETRIC_DEFAULT = "SYMMETRIC_DEFAULT"
 }
 export declare enum ExpirationModelType {
@@ -1061,12 +999,6 @@ export interface MultiRegionKey {
      */
     Region?: string;
 }
-export declare namespace MultiRegionKey {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: MultiRegionKey) => any;
-}
 /**
  * <p>Describes the configuration of this multi-Region key. This field appears only when the KMS
  *       key is a primary or replica of a multi-Region key.</p>
@@ -1090,12 +1022,6 @@ export interface MultiRegionConfiguration {
      */
     ReplicaKeys?: MultiRegionKey[];
 }
-export declare namespace MultiRegionConfiguration {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: MultiRegionConfiguration) => any;
-}
 export declare enum SigningAlgorithmSpec {
     ECDSA_SHA_256 = "ECDSA_SHA_256",
     ECDSA_SHA_384 = "ECDSA_SHA_384",
@@ -1105,7 +1031,8 @@ export declare enum SigningAlgorithmSpec {
     RSASSA_PKCS1_V1_5_SHA_512 = "RSASSA_PKCS1_V1_5_SHA_512",
     RSASSA_PSS_SHA_256 = "RSASSA_PSS_SHA_256",
     RSASSA_PSS_SHA_384 = "RSASSA_PSS_SHA_384",
-    RSASSA_PSS_SHA_512 = "RSASSA_PSS_SHA_512"
+    RSASSA_PSS_SHA_512 = "RSASSA_PSS_SHA_512",
+    SM2DSA = "SM2DSA"
 }
 /**
  * <p>Contains metadata about a KMS key.</p>
@@ -1273,24 +1200,12 @@ export interface KeyMetadata {
      */
     MacAlgorithms?: (MacAlgorithmSpec | string)[];
 }
-export declare namespace KeyMetadata {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: KeyMetadata) => any;
-}
 export interface CreateKeyResponse {
     /**
      * <p>Metadata associated with the KMS key.</p>
      */
     KeyMetadata?: KeyMetadata;
 }
-export declare namespace CreateKeyResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: CreateKeyResponse) => any;
-}
 /**
  * <p>The request was rejected because the specified policy is not syntactically or semantically
  *       correct.</p>
@@ -1456,12 +1371,6 @@ export interface CustomKeyStoresListEntry {
      */
     CreationDate?: Date;
 }
-export declare namespace CustomKeyStoresListEntry {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: CustomKeyStoresListEntry) => any;
-}
 export declare enum DataKeyPairSpec {
     ECC_NIST_P256 = "ECC_NIST_P256",
     ECC_NIST_P384 = "ECC_NIST_P384",
@@ -1469,7 +1378,8 @@ export declare enum DataKeyPairSpec {
     ECC_SECG_P256K1 = "ECC_SECG_P256K1",
     RSA_2048 = "RSA_2048",
     RSA_3072 = "RSA_3072",
-    RSA_4096 = "RSA_4096"
+    RSA_4096 = "RSA_4096",
+    SM2 = "SM2"
 }
 export declare enum DataKeySpec {
     AES_128 = "AES_128",
@@ -1538,12 +1448,6 @@ export interface DecryptRequest {
      */
     EncryptionAlgorithm?: EncryptionAlgorithmSpec | string;
 }
-export declare namespace DecryptRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: DecryptRequest) => any;
-}
 export interface DecryptResponse {
     /**
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the KMS key that was used to decrypt the ciphertext.</p>
@@ -1558,12 +1462,6 @@ export interface DecryptResponse {
      */
     EncryptionAlgorithm?: EncryptionAlgorithmSpec | string;
 }
-export declare namespace DecryptResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: DecryptResponse) => any;
-}
 /**
  * <p>The request was rejected because the specified KMS key cannot decrypt the data. The
  *       <code>KeyId</code> in a <a>Decrypt</a> request and the <code>SourceKeyId</code>
@@ -1642,32 +1540,14 @@ export interface DeleteAliasRequest {
      */
     AliasName: string | undefined;
 }
-export declare namespace DeleteAliasRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: DeleteAliasRequest) => any;
-}
 export interface DeleteCustomKeyStoreRequest {
     /**
      * <p>Enter the ID of the custom key store you want to delete. To find the ID of a custom key store, use the <a>DescribeCustomKeyStores</a> operation.</p>
      */
     CustomKeyStoreId: string | undefined;
 }
-export declare namespace DeleteCustomKeyStoreRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: DeleteCustomKeyStoreRequest) => any;
-}
 export interface DeleteCustomKeyStoreResponse {
 }
-export declare namespace DeleteCustomKeyStoreResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: DeleteCustomKeyStoreResponse) => any;
-}
 export interface DeleteImportedKeyMaterialRequest {
     /**
      * <p>Identifies the KMS key from which you are deleting imported key material. The
@@ -1689,12 +1569,6 @@ export interface DeleteImportedKeyMaterialRequest {
      */
     KeyId: string | undefined;
 }
-export declare namespace DeleteImportedKeyMaterialRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: DeleteImportedKeyMaterialRequest) => any;
-}
 export interface DescribeCustomKeyStoresRequest {
     /**
      * <p>Gets only information about the specified custom key store. Enter the key store ID.</p>
@@ -1726,12 +1600,6 @@ export interface DescribeCustomKeyStoresRequest {
      */
     Marker?: string;
 }
-export declare namespace DescribeCustomKeyStoresRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: DescribeCustomKeyStoresRequest) => any;
-}
 export interface DescribeCustomKeyStoresResponse {
     /**
      * <p>Contains metadata about each custom key store.</p>
@@ -1750,12 +1618,6 @@ export interface DescribeCustomKeyStoresResponse {
      */
     Truncated?: boolean;
 }
-export declare namespace DescribeCustomKeyStoresResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: DescribeCustomKeyStoresResponse) => any;
-}
 /**
  * <p>The request was rejected because the marker that specifies where pagination should next
  *       begin is not valid.</p>
@@ -1805,24 +1667,12 @@ export interface DescribeKeyRequest {
      */
     GrantTokens?: string[];
 }
-export declare namespace DescribeKeyRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: DescribeKeyRequest) => any;
-}
 export interface DescribeKeyResponse {
     /**
      * <p>Metadata associated with the key.</p>
      */
     KeyMetadata?: KeyMetadata;
 }
-export declare namespace DescribeKeyResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: DescribeKeyResponse) => any;
-}
 export interface DisableKeyRequest {
     /**
      * <p>Identifies the KMS key to disable.</p>
@@ -1842,12 +1692,6 @@ export interface DisableKeyRequest {
      */
     KeyId: string | undefined;
 }
-export declare namespace DisableKeyRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: DisableKeyRequest) => any;
-}
 export interface DisableKeyRotationRequest {
     /**
      * <p>Identifies a symmetric encryption KMS key. You cannot enable or disable automatic rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html#asymmetric-cmks">asymmetric
@@ -1869,32 +1713,14 @@ export interface DisableKeyRotationRequest {
      */
     KeyId: string | undefined;
 }
-export declare namespace DisableKeyRotationRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: DisableKeyRotationRequest) => any;
-}
 export interface DisconnectCustomKeyStoreRequest {
     /**
      * <p>Enter the ID of the custom key store you want to disconnect. To find the ID of a custom key store, use the <a>DescribeCustomKeyStores</a> operation.</p>
      */
     CustomKeyStoreId: string | undefined;
 }
-export declare namespace DisconnectCustomKeyStoreRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: DisconnectCustomKeyStoreRequest) => any;
-}
 export interface DisconnectCustomKeyStoreResponse {
 }
-export declare namespace DisconnectCustomKeyStoreResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: DisconnectCustomKeyStoreResponse) => any;
-}
 export interface EnableKeyRequest {
     /**
      * <p>Identifies the KMS key to enable.</p>
@@ -1914,12 +1740,6 @@ export interface EnableKeyRequest {
      */
     KeyId: string | undefined;
 }
-export declare namespace EnableKeyRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: EnableKeyRequest) => any;
-}
 export interface EnableKeyRotationRequest {
     /**
      * <p>Identifies a symmetric encryption KMS key. You cannot enable or disable automatic rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">asymmetric KMS keys</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html">HMAC KMS keys</a>, KMS keys with <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">imported key material</a>, or KMS keys in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>. The key rotation status of these KMS keys is always <code>false</code>.
@@ -1941,12 +1761,6 @@ export interface EnableKeyRotationRequest {
      */
     KeyId: string | undefined;
 }
-export declare namespace EnableKeyRotationRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: EnableKeyRotationRequest) => any;
-}
 export interface EncryptRequest {
     /**
      * <p>Identifies the KMS key to use in the encryption operation. The KMS key must have a
@@ -2005,12 +1819,6 @@ export interface EncryptRequest {
      */
     EncryptionAlgorithm?: EncryptionAlgorithmSpec | string;
 }
-export declare namespace EncryptRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: EncryptRequest) => any;
-}
 export interface EncryptResponse {
     /**
      * <p>The encrypted plaintext. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
@@ -2025,12 +1833,6 @@ export interface EncryptResponse {
      */
     EncryptionAlgorithm?: EncryptionAlgorithmSpec | string;
 }
-export declare namespace EncryptResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: EncryptResponse) => any;
-}
 /**
  * <p>The request was rejected because the specified import token is expired. Use <a>GetParametersForImport</a> to get a new import token and public key, use the new
  *       public key to encrypt the key material, and then try the request again.</p>
@@ -2103,12 +1905,6 @@ export interface GenerateDataKeyRequest {
      */
     GrantTokens?: string[];
 }
-export declare namespace GenerateDataKeyRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: GenerateDataKeyRequest) => any;
-}
 export interface GenerateDataKeyResponse {
     /**
      * <p>The encrypted copy of the data key. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
@@ -2124,12 +1920,6 @@ export interface GenerateDataKeyResponse {
      */
     KeyId?: string;
 }
-export declare namespace GenerateDataKeyResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: GenerateDataKeyResponse) => any;
-}
 export interface GenerateDataKeyPairRequest {
     /**
      * <p>Specifies the encryption context that will be used when encrypting the private key in the
@@ -2171,7 +1961,7 @@ export interface GenerateDataKeyPairRequest {
     KeyId: string | undefined;
     /**
      * <p>Determines the type of data key pair that is generated. </p>
-     *          <p>The KMS rule that restricts the use of asymmetric RSA KMS keys to encrypt and decrypt or to sign and verify (but not both), and the rule that permits you to use ECC KMS keys only to sign and verify, are not effective on data key pairs, which are used outside of KMS.</p>
+     *          <p>The KMS rule that restricts the use of asymmetric RSA and SM2 KMS keys to encrypt and decrypt or to sign and verify (but not both), and the rule that permits you to use ECC KMS keys only to sign and verify, are not effective on data key pairs, which are used outside of KMS. The SM2 key spec is only available in China Regions. RSA and ECC asymmetric key pairs are also available in China Regions.</p>
      */
     KeyPairSpec: DataKeyPairSpec | string | undefined;
     /**
@@ -2181,12 +1971,6 @@ export interface GenerateDataKeyPairRequest {
      */
     GrantTokens?: string[];
 }
-export declare namespace GenerateDataKeyPairRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: GenerateDataKeyPairRequest) => any;
-}
 export interface GenerateDataKeyPairResponse {
     /**
      * <p>The encrypted copy of the private key. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
@@ -2209,12 +1993,6 @@ export interface GenerateDataKeyPairResponse {
      */
     KeyPairSpec?: DataKeyPairSpec | string;
 }
-export declare namespace GenerateDataKeyPairResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: GenerateDataKeyPairResponse) => any;
-}
 export interface GenerateDataKeyPairWithoutPlaintextRequest {
     /**
      * <p>Specifies the encryption context that will be used when encrypting the private key in the
@@ -2256,7 +2034,7 @@ export interface GenerateDataKeyPairWithoutPlaintextRequest {
     KeyId: string | undefined;
     /**
      * <p>Determines the type of data key pair that is generated.</p>
-     *          <p>The KMS rule that restricts the use of asymmetric RSA KMS keys to encrypt and decrypt or to sign and verify (but not both), and the rule that permits you to use ECC KMS keys only to sign and verify, are not effective on data key pairs, which are used outside of KMS.</p>
+     *          <p>The KMS rule that restricts the use of asymmetric RSA and SM2 KMS keys to encrypt and decrypt or to sign and verify (but not both), and the rule that permits you to use ECC KMS keys only to sign and verify, are not effective on data key pairs, which are used outside of KMS. The SM2 key spec is only available in China Regions. RSA and ECC asymmetric key pairs are also available in China Regions.</p>
      */
     KeyPairSpec: DataKeyPairSpec | string | undefined;
     /**
@@ -2266,12 +2044,6 @@ export interface GenerateDataKeyPairWithoutPlaintextRequest {
      */
     GrantTokens?: string[];
 }
-export declare namespace GenerateDataKeyPairWithoutPlaintextRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: GenerateDataKeyPairWithoutPlaintextRequest) => any;
-}
 export interface GenerateDataKeyPairWithoutPlaintextResponse {
     /**
      * <p>The encrypted copy of the private key. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
@@ -2290,12 +2062,6 @@ export interface GenerateDataKeyPairWithoutPlaintextResponse {
      */
     KeyPairSpec?: DataKeyPairSpec | string;
 }
-export declare namespace GenerateDataKeyPairWithoutPlaintextResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: GenerateDataKeyPairWithoutPlaintextResponse) => any;
-}
 export interface GenerateDataKeyWithoutPlaintextRequest {
     /**
      * <p>Specifies the symmetric encryption KMS key that encrypts the data key. You cannot specify
@@ -2352,12 +2118,6 @@ export interface GenerateDataKeyWithoutPlaintextRequest {
      */
     GrantTokens?: string[];
 }
-export declare namespace GenerateDataKeyWithoutPlaintextRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: GenerateDataKeyWithoutPlaintextRequest) => any;
-}
 export interface GenerateDataKeyWithoutPlaintextResponse {
     /**
      * <p>The encrypted data key. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
@@ -2368,12 +2128,6 @@ export interface GenerateDataKeyWithoutPlaintextResponse {
      */
     KeyId?: string;
 }
-export declare namespace GenerateDataKeyWithoutPlaintextResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: GenerateDataKeyWithoutPlaintextResponse) => any;
-}
 export interface GenerateMacRequest {
     /**
      * <p>The message to be hashed. Specify a message of up to 4,096 bytes. </p>
@@ -2403,12 +2157,6 @@ export interface GenerateMacRequest {
      */
     GrantTokens?: string[];
 }
-export declare namespace GenerateMacRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: GenerateMacRequest) => any;
-}
 export interface GenerateMacResponse {
     /**
      * <p>The hash-based message authentication code (HMAC) for the given message, key, and MAC
@@ -2424,15 +2172,9 @@ export interface GenerateMacResponse {
      */
     KeyId?: string;
 }
-export declare namespace GenerateMacResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: GenerateMacResponse) => any;
-}
 export interface GenerateRandomRequest {
     /**
-     * <p>The length of the byte string.</p>
+     * <p>The length of the random byte string. This parameter is required.</p>
      */
     NumberOfBytes?: number;
     /**
@@ -2441,24 +2183,12 @@ export interface GenerateRandomRequest {
      */
     CustomKeyStoreId?: string;
 }
-export declare namespace GenerateRandomRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: GenerateRandomRequest) => any;
-}
 export interface GenerateRandomResponse {
     /**
      * <p>The random byte string. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
      */
     Plaintext?: Uint8Array;
 }
-export declare namespace GenerateRandomResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: GenerateRandomResponse) => any;
-}
 export interface GetKeyPolicyRequest {
     /**
      * <p>Gets the key policy for the specified KMS key.</p>
@@ -2483,24 +2213,12 @@ export interface GetKeyPolicyRequest {
      */
     PolicyName: string | undefined;
 }
-export declare namespace GetKeyPolicyRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: GetKeyPolicyRequest) => any;
-}
 export interface GetKeyPolicyResponse {
     /**
      * <p>A key policy document in JSON format.</p>
      */
     Policy?: string;
 }
-export declare namespace GetKeyPolicyResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: GetKeyPolicyResponse) => any;
-}
 export interface GetKeyRotationStatusRequest {
     /**
      * <p>Gets the rotation status for the specified KMS key.</p>
@@ -2522,24 +2240,12 @@ export interface GetKeyRotationStatusRequest {
      */
     KeyId: string | undefined;
 }
-export declare namespace GetKeyRotationStatusRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: GetKeyRotationStatusRequest) => any;
-}
 export interface GetKeyRotationStatusResponse {
     /**
      * <p>A Boolean value that specifies whether key rotation is enabled.</p>
      */
     KeyRotationEnabled?: boolean;
 }
-export declare namespace GetKeyRotationStatusResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: GetKeyRotationStatusResponse) => any;
-}
 export declare enum WrappingKeySpec {
     RSA_2048 = "RSA_2048"
 }
@@ -2574,12 +2280,6 @@ export interface GetParametersForImportRequest {
      */
     WrappingKeySpec: WrappingKeySpec | string | undefined;
 }
-export declare namespace GetParametersForImportRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: GetParametersForImportRequest) => any;
-}
 export interface GetParametersForImportResponse {
     /**
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the KMS key to use in a subsequent <a>ImportKeyMaterial</a> request. This is the same KMS key specified in the <code>GetParametersForImport</code>
@@ -2602,12 +2302,6 @@ export interface GetParametersForImportResponse {
      */
     ParametersValidTo?: Date;
 }
-export declare namespace GetParametersForImportResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: GetParametersForImportResponse) => any;
-}
 export interface GetPublicKeyRequest {
     /**
      * <p>Identifies the asymmetric KMS key that includes the public key.</p>
@@ -2642,12 +2336,6 @@ export interface GetPublicKeyRequest {
      */
     GrantTokens?: string[];
 }
-export declare namespace GetPublicKeyRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: GetPublicKeyRequest) => any;
-}
 export interface GetPublicKeyResponse {
     /**
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the asymmetric KMS key from which the public key was
@@ -2697,12 +2385,6 @@ export interface GetPublicKeyResponse {
      */
     SigningAlgorithms?: (SigningAlgorithmSpec | string)[];
 }
-export declare namespace GetPublicKeyResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: GetPublicKeyResponse) => any;
-}
 /**
  * <p>Contains information about a grant.</p>
  */
@@ -2750,12 +2432,6 @@ export interface GrantListEntry {
      */
     Constraints?: GrantConstraints;
 }
-export declare namespace GrantListEntry {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: GrantListEntry) => any;
-}
 export interface ImportKeyMaterialRequest {
     /**
      * <p>The identifier of the symmetric encryption KMS key that receives the imported key
@@ -2804,20 +2480,8 @@ export interface ImportKeyMaterialRequest {
      */
     ExpirationModel?: ExpirationModelType | string;
 }
-export declare namespace ImportKeyMaterialRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ImportKeyMaterialRequest) => any;
-}
 export interface ImportKeyMaterialResponse {
 }
-export declare namespace ImportKeyMaterialResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ImportKeyMaterialResponse) => any;
-}
 /**
  * <p>The request was rejected because the key material in the request is, expired, invalid, or
  *       is not the same key material that was previously imported into this KMS key.</p>
@@ -2866,12 +2530,6 @@ export interface KeyListEntry {
      */
     KeyArn?: string;
 }
-export declare namespace KeyListEntry {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: KeyListEntry) => any;
-}
 /**
  * <p>The request was rejected because the HMAC verification failed. HMAC verification
  *       fails when the HMAC computed by using the specified message, HMAC KMS key, and MAC algorithm does not match the HMAC specified in the request.</p>
@@ -2933,12 +2591,6 @@ export interface ListAliasesRequest {
      */
     Marker?: string;
 }
-export declare namespace ListAliasesRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ListAliasesRequest) => any;
-}
 export interface ListAliasesResponse {
     /**
      * <p>A list of aliases.</p>
@@ -2957,12 +2609,6 @@ export interface ListAliasesResponse {
      */
     Truncated?: boolean;
 }
-export declare namespace ListAliasesResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ListAliasesResponse) => any;
-}
 export interface ListGrantsRequest {
     /**
      * <p>Use this parameter to specify the maximum number of items to return. When this
@@ -3008,12 +2654,6 @@ export interface ListGrantsRequest {
      */
     GranteePrincipal?: string;
 }
-export declare namespace ListGrantsRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ListGrantsRequest) => any;
-}
 export interface ListGrantsResponse {
     /**
      * <p>A list of grants.</p>
@@ -3032,12 +2672,6 @@ export interface ListGrantsResponse {
      */
     Truncated?: boolean;
 }
-export declare namespace ListGrantsResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ListGrantsResponse) => any;
-}
 export interface ListKeyPoliciesRequest {
     /**
      * <p>Gets the names of key policies for the specified KMS key.</p>
@@ -3072,12 +2706,6 @@ export interface ListKeyPoliciesRequest {
      */
     Marker?: string;
 }
-export declare namespace ListKeyPoliciesRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ListKeyPoliciesRequest) => any;
-}
 export interface ListKeyPoliciesResponse {
     /**
      * <p>A list of key policy names. The only valid value is <code>default</code>.</p>
@@ -3096,12 +2724,6 @@ export interface ListKeyPoliciesResponse {
      */
     Truncated?: boolean;
 }
-export declare namespace ListKeyPoliciesResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ListKeyPoliciesResponse) => any;
-}
 export interface ListKeysRequest {
     /**
      * <p>Use this parameter to specify the maximum number of items to return. When this
@@ -3118,12 +2740,6 @@ export interface ListKeysRequest {
      */
     Marker?: string;
 }
-export declare namespace ListKeysRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ListKeysRequest) => any;
-}
 export interface ListKeysResponse {
     /**
      * <p>A list of KMS keys.</p>
@@ -3142,12 +2758,6 @@ export interface ListKeysResponse {
      */
     Truncated?: boolean;
 }
-export declare namespace ListKeysResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ListKeysResponse) => any;
-}
 export interface ListResourceTagsRequest {
     /**
      * <p>Gets tags on the specified KMS key.</p>
@@ -3183,12 +2793,6 @@ export interface ListResourceTagsRequest {
      */
     Marker?: string;
 }
-export declare namespace ListResourceTagsRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ListResourceTagsRequest) => any;
-}
 export interface ListResourceTagsResponse {
     /**
      * <p>A list of tags. Each tag consists of a tag key and a tag value.</p>
@@ -3211,12 +2815,6 @@ export interface ListResourceTagsResponse {
      */
     Truncated?: boolean;
 }
-export declare namespace ListResourceTagsResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ListResourceTagsResponse) => any;
-}
 export interface ListRetirableGrantsRequest {
     /**
      * <p>Use this parameter to specify the maximum number of items to return. When this
@@ -3243,12 +2841,6 @@ export interface ListRetirableGrantsRequest {
      */
     RetiringPrincipal: string | undefined;
 }
-export declare namespace ListRetirableGrantsRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ListRetirableGrantsRequest) => any;
-}
 export declare enum MessageType {
     DIGEST = "DIGEST",
     RAW = "RAW"
@@ -3296,22 +2888,22 @@ export interface PutKeyPolicyRequest {
      *             </li>
      *          </ul>
      *
-     *          <p>A key policy document must conform to the following rules.</p>
+     *          <p>A key policy document can include only the following characters:</p>
      *          <ul>
      *             <li>
-     *                <p>Up to 32 kilobytes (32768 bytes)</p>
+     *                <p>Printable ASCII characters from the space character (<code>\u0020</code>) through the end of the ASCII character range.</p>
      *             </li>
      *             <li>
-     *                <p>Must be UTF-8 encoded</p>
+     *                <p>Printable characters in the Basic Latin and Latin-1 Supplement character set (through <code>\u00FF</code>).</p>
      *             </li>
      *             <li>
-     *                <p>The only Unicode characters that are permitted in a key policy document are the horizontal tab (U+0009), linefeed (U+000A), carriage return (U+000D), and characters in the range U+0020 to U+00FF.</p>
-     *             </li>
-     *             <li>
-     *                <p>The <code>Sid</code> element in a key policy statement can include spaces. (Spaces are
-     *             prohibited in the <code>Sid</code> element of an IAM policy document.)</p>
+     *                <p>The tab (<code>\u0009</code>), line feed (<code>\u000A</code>), and carriage return (<code>\u000D</code>) special characters</p>
      *             </li>
      *          </ul>
+     *          <p>For information about key policies, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html">Key policies in KMS</a> in the
+     *       <i>Key Management Service Developer Guide</i>. For help writing and formatting a JSON policy document, see the <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html">IAM JSON Policy Reference</a> in the <i>
+     *                <i>Identity and Access Management User Guide</i>
+     *             </i>.</p>
      */
     Policy: string | undefined;
     /**
@@ -3327,12 +2919,6 @@ export interface PutKeyPolicyRequest {
      */
     BypassPolicyLockoutSafetyCheck?: boolean;
 }
-export declare namespace PutKeyPolicyRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: PutKeyPolicyRequest) => any;
-}
 export interface ReEncryptRequest {
     /**
      * <p>Ciphertext of the data to reencrypt.</p>
@@ -3444,12 +3030,6 @@ export interface ReEncryptRequest {
      */
     GrantTokens?: string[];
 }
-export declare namespace ReEncryptRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ReEncryptRequest) => any;
-}
 export interface ReEncryptResponse {
     /**
      * <p>The reencrypted data. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
@@ -3473,12 +3053,6 @@ export interface ReEncryptResponse {
      */
     DestinationEncryptionAlgorithm?: EncryptionAlgorithmSpec | string;
 }
-export declare namespace ReEncryptResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ReEncryptResponse) => any;
-}
 export interface ReplicateKeyRequest {
     /**
      * <p>Identifies the multi-Region primary key that is being replicated. To determine whether a
@@ -3550,22 +3124,22 @@ export interface ReplicateKeyRequest {
      *          </ul>
      *
      *
-     *          <p>A key policy document must conform to the following rules.</p>
+     *          <p>A key policy document can include only the following characters:</p>
      *          <ul>
      *             <li>
-     *                <p>Up to 32 kilobytes (32768 bytes)</p>
+     *                <p>Printable ASCII characters from the space character (<code>\u0020</code>) through the end of the ASCII character range.</p>
      *             </li>
      *             <li>
-     *                <p>Must be UTF-8 encoded</p>
+     *                <p>Printable characters in the Basic Latin and Latin-1 Supplement character set (through <code>\u00FF</code>).</p>
      *             </li>
      *             <li>
-     *                <p>The only Unicode characters that are permitted in a key policy document are the horizontal tab (U+0009), linefeed (U+000A), carriage return (U+000D), and characters in the range U+0020 to U+00FF.</p>
-     *             </li>
-     *             <li>
-     *                <p>The <code>Sid</code> element in a key policy statement can include spaces. (Spaces are
-     *             prohibited in the <code>Sid</code> element of an IAM policy document.)</p>
+     *                <p>The tab (<code>\u0009</code>), line feed (<code>\u000A</code>), and carriage return (<code>\u000D</code>) special characters</p>
      *             </li>
      *          </ul>
+     *          <p>For information about key policies, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html">Key policies in KMS</a> in the
+     *       <i>Key Management Service Developer Guide</i>. For help writing and formatting a JSON policy document, see the <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html">IAM JSON Policy Reference</a> in the <i>
+     *                <i>Identity and Access Management User Guide</i>
+     *             </i>.</p>
      */
     Policy?: string;
     /**
@@ -3609,12 +3183,6 @@ export interface ReplicateKeyRequest {
      */
     Tags?: Tag[];
 }
-export declare namespace ReplicateKeyRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ReplicateKeyRequest) => any;
-}
 export interface ReplicateKeyResponse {
     /**
      * <p>Displays details about the new replica key, including its Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) and
@@ -3633,12 +3201,6 @@ export interface ReplicateKeyResponse {
      */
     ReplicaTags?: Tag[];
 }
-export declare namespace ReplicateKeyResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ReplicateKeyResponse) => any;
-}
 export interface RetireGrantRequest {
     /**
      * <p>Identifies the grant to be retired. You can use a grant token to identify a new grant even
@@ -3666,12 +3228,6 @@ export interface RetireGrantRequest {
      */
     GrantId?: string;
 }
-export declare namespace RetireGrantRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: RetireGrantRequest) => any;
-}
 export interface RevokeGrantRequest {
     /**
      * <p>A unique identifier for the KMS key associated with the grant. To get the key ID and key
@@ -3699,12 +3255,6 @@ export interface RevokeGrantRequest {
      */
     GrantId: string | undefined;
 }
-export declare namespace RevokeGrantRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: RevokeGrantRequest) => any;
-}
 export interface ScheduleKeyDeletionRequest {
     /**
      * <p>The unique identifier of the KMS key to delete.</p>
@@ -3734,12 +3284,6 @@ export interface ScheduleKeyDeletionRequest {
      */
     PendingWindowInDays?: number;
 }
-export declare namespace ScheduleKeyDeletionRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ScheduleKeyDeletionRequest) => any;
-}
 export interface ScheduleKeyDeletionResponse {
     /**
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the KMS key whose deletion is scheduled.</p>
@@ -3765,12 +3309,6 @@ export interface ScheduleKeyDeletionResponse {
      */
     PendingWindowInDays?: number;
 }
-export declare namespace ScheduleKeyDeletionResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ScheduleKeyDeletionResponse) => any;
-}
 export interface SignRequest {
     /**
      * <p>Identifies an asymmetric KMS key. KMS uses the private key in the asymmetric KMS key to
@@ -3825,12 +3363,6 @@ export interface SignRequest {
      */
     SigningAlgorithm: SigningAlgorithmSpec | string | undefined;
 }
-export declare namespace SignRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: SignRequest) => any;
-}
 export interface SignResponse {
     /**
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the asymmetric KMS key that was used to sign the message.</p>
@@ -3860,12 +3392,6 @@ export interface SignResponse {
      */
     SigningAlgorithm?: SigningAlgorithmSpec | string;
 }
-export declare namespace SignResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: SignResponse) => any;
-}
 export interface TagResourceRequest {
     /**
      * <p>Identifies a customer managed key in the account and Region.</p>
@@ -3895,12 +3421,6 @@ export interface TagResourceRequest {
      */
     Tags: Tag[] | undefined;
 }
-export declare namespace TagResourceRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: TagResourceRequest) => any;
-}
 export interface UntagResourceRequest {
     /**
      * <p>Identifies the KMS key from which you are removing tags.</p>
@@ -3925,17 +3445,11 @@ export interface UntagResourceRequest {
      */
     TagKeys: string[] | undefined;
 }
-export declare namespace UntagResourceRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: UntagResourceRequest) => any;
-}
 export interface UpdateAliasRequest {
     /**
      * <p>Identifies the alias that is changing its KMS key. This value must begin with
      *         <code>alias/</code> followed by the alias name, such as <code>alias/ExampleAlias</code>. You
-     *       cannot use UpdateAlias to change the alias name.</p>
+     *       cannot use <code>UpdateAlias</code> to change the alias name.</p>
      */
     AliasName: string | undefined;
     /**
@@ -3962,12 +3476,6 @@ export interface UpdateAliasRequest {
      */
     TargetKeyId: string | undefined;
 }
-export declare namespace UpdateAliasRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: UpdateAliasRequest) => any;
-}
 export interface UpdateCustomKeyStoreRequest {
     /**
      * <p>Identifies the custom key store that you want to update. Enter the ID of the custom key
@@ -3997,20 +3505,8 @@ export interface UpdateCustomKeyStoreRequest {
      */
     CloudHsmClusterId?: string;
 }
-export declare namespace UpdateCustomKeyStoreRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: UpdateCustomKeyStoreRequest) => any;
-}
 export interface UpdateCustomKeyStoreResponse {
 }
-export declare namespace UpdateCustomKeyStoreResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: UpdateCustomKeyStoreResponse) => any;
-}
 export interface UpdateKeyDescriptionRequest {
     /**
      * <p>Updates the description of the specified KMS key.</p>
@@ -4035,12 +3531,6 @@ export interface UpdateKeyDescriptionRequest {
      */
     Description: string | undefined;
 }
-export declare namespace UpdateKeyDescriptionRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: UpdateKeyDescriptionRequest) => any;
-}
 export interface UpdatePrimaryRegionRequest {
     /**
      * <p>Identifies the current primary key. When the operation completes, this KMS key will be a
@@ -4069,12 +3559,6 @@ export interface UpdatePrimaryRegionRequest {
      */
     PrimaryRegion: string | undefined;
 }
-export declare namespace UpdatePrimaryRegionRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: UpdatePrimaryRegionRequest) => any;
-}
 export interface VerifyRequest {
     /**
      * <p>Identifies the asymmetric KMS key that will be used to verify the signature. This must be
@@ -4139,12 +3623,6 @@ export interface VerifyRequest {
      */
     GrantTokens?: string[];
 }
-export declare namespace VerifyRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: VerifyRequest) => any;
-}
 export interface VerifyResponse {
     /**
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the asymmetric KMS key that was used to verify the signature.</p>
@@ -4163,12 +3641,6 @@ export interface VerifyResponse {
      */
     SigningAlgorithm?: SigningAlgorithmSpec | string;
 }
-export declare namespace VerifyResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: VerifyResponse) => any;
-}
 export interface VerifyMacRequest {
     /**
      * <p>The message that will be used in the verification. Enter the same message that was used to
@@ -4201,12 +3673,6 @@ export interface VerifyMacRequest {
      */
     GrantTokens?: string[];
 }
-export declare namespace VerifyMacRequest {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: VerifyMacRequest) => any;
-}
 export interface VerifyMacResponse {
     /**
      * <p>The HMAC KMS key used in the verification.</p>
@@ -4227,9 +3693,375 @@ export interface VerifyMacResponse {
      */
     MacAlgorithm?: MacAlgorithmSpec | string;
 }
-export declare namespace VerifyMacResponse {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: VerifyMacResponse) => any;
-}
+/**
+ * @internal
+ */
+export declare const AliasListEntryFilterSensitiveLog: (obj: AliasListEntry) => any;
+/**
+ * @internal
+ */
+export declare const CancelKeyDeletionRequestFilterSensitiveLog: (obj: CancelKeyDeletionRequest) => any;
+/**
+ * @internal
+ */
+export declare const CancelKeyDeletionResponseFilterSensitiveLog: (obj: CancelKeyDeletionResponse) => any;
+/**
+ * @internal
+ */
+export declare const ConnectCustomKeyStoreRequestFilterSensitiveLog: (obj: ConnectCustomKeyStoreRequest) => any;
+/**
+ * @internal
+ */
+export declare const ConnectCustomKeyStoreResponseFilterSensitiveLog: (obj: ConnectCustomKeyStoreResponse) => any;
+/**
+ * @internal
+ */
+export declare const CreateAliasRequestFilterSensitiveLog: (obj: CreateAliasRequest) => any;
+/**
+ * @internal
+ */
+export declare const CreateCustomKeyStoreRequestFilterSensitiveLog: (obj: CreateCustomKeyStoreRequest) => any;
+/**
+ * @internal
+ */
+export declare const CreateCustomKeyStoreResponseFilterSensitiveLog: (obj: CreateCustomKeyStoreResponse) => any;
+/**
+ * @internal
+ */
+export declare const GrantConstraintsFilterSensitiveLog: (obj: GrantConstraints) => any;
+/**
+ * @internal
+ */
+export declare const CreateGrantRequestFilterSensitiveLog: (obj: CreateGrantRequest) => any;
+/**
+ * @internal
+ */
+export declare const CreateGrantResponseFilterSensitiveLog: (obj: CreateGrantResponse) => any;
+/**
+ * @internal
+ */
+export declare const TagFilterSensitiveLog: (obj: Tag) => any;
+/**
+ * @internal
+ */
+export declare const CreateKeyRequestFilterSensitiveLog: (obj: CreateKeyRequest) => any;
+/**
+ * @internal
+ */
+export declare const MultiRegionKeyFilterSensitiveLog: (obj: MultiRegionKey) => any;
+/**
+ * @internal
+ */
+export declare const MultiRegionConfigurationFilterSensitiveLog: (obj: MultiRegionConfiguration) => any;
+/**
+ * @internal
+ */
+export declare const KeyMetadataFilterSensitiveLog: (obj: KeyMetadata) => any;
+/**
+ * @internal
+ */
+export declare const CreateKeyResponseFilterSensitiveLog: (obj: CreateKeyResponse) => any;
+/**
+ * @internal
+ */
+export declare const CustomKeyStoresListEntryFilterSensitiveLog: (obj: CustomKeyStoresListEntry) => any;
+/**
+ * @internal
+ */
+export declare const DecryptRequestFilterSensitiveLog: (obj: DecryptRequest) => any;
+/**
+ * @internal
+ */
+export declare const DecryptResponseFilterSensitiveLog: (obj: DecryptResponse) => any;
+/**
+ * @internal
+ */
+export declare const DeleteAliasRequestFilterSensitiveLog: (obj: DeleteAliasRequest) => any;
+/**
+ * @internal
+ */
+export declare const DeleteCustomKeyStoreRequestFilterSensitiveLog: (obj: DeleteCustomKeyStoreRequest) => any;
+/**
+ * @internal
+ */
+export declare const DeleteCustomKeyStoreResponseFilterSensitiveLog: (obj: DeleteCustomKeyStoreResponse) => any;
+/**
+ * @internal
+ */
+export declare const DeleteImportedKeyMaterialRequestFilterSensitiveLog: (obj: DeleteImportedKeyMaterialRequest) => any;
+/**
+ * @internal
+ */
+export declare const DescribeCustomKeyStoresRequestFilterSensitiveLog: (obj: DescribeCustomKeyStoresRequest) => any;
+/**
+ * @internal
+ */
+export declare const DescribeCustomKeyStoresResponseFilterSensitiveLog: (obj: DescribeCustomKeyStoresResponse) => any;
+/**
+ * @internal
+ */
+export declare const DescribeKeyRequestFilterSensitiveLog: (obj: DescribeKeyRequest) => any;
+/**
+ * @internal
+ */
+export declare const DescribeKeyResponseFilterSensitiveLog: (obj: DescribeKeyResponse) => any;
+/**
+ * @internal
+ */
+export declare const DisableKeyRequestFilterSensitiveLog: (obj: DisableKeyRequest) => any;
+/**
+ * @internal
+ */
+export declare const DisableKeyRotationRequestFilterSensitiveLog: (obj: DisableKeyRotationRequest) => any;
+/**
+ * @internal
+ */
+export declare const DisconnectCustomKeyStoreRequestFilterSensitiveLog: (obj: DisconnectCustomKeyStoreRequest) => any;
+/**
+ * @internal
+ */
+export declare const DisconnectCustomKeyStoreResponseFilterSensitiveLog: (obj: DisconnectCustomKeyStoreResponse) => any;
+/**
+ * @internal
+ */
+export declare const EnableKeyRequestFilterSensitiveLog: (obj: EnableKeyRequest) => any;
+/**
+ * @internal
+ */
+export declare const EnableKeyRotationRequestFilterSensitiveLog: (obj: EnableKeyRotationRequest) => any;
+/**
+ * @internal
+ */
+export declare const EncryptRequestFilterSensitiveLog: (obj: EncryptRequest) => any;
+/**
+ * @internal
+ */
+export declare const EncryptResponseFilterSensitiveLog: (obj: EncryptResponse) => any;
+/**
+ * @internal
+ */
+export declare const GenerateDataKeyRequestFilterSensitiveLog: (obj: GenerateDataKeyRequest) => any;
+/**
+ * @internal
+ */
+export declare const GenerateDataKeyResponseFilterSensitiveLog: (obj: GenerateDataKeyResponse) => any;
+/**
+ * @internal
+ */
+export declare const GenerateDataKeyPairRequestFilterSensitiveLog: (obj: GenerateDataKeyPairRequest) => any;
+/**
+ * @internal
+ */
+export declare const GenerateDataKeyPairResponseFilterSensitiveLog: (obj: GenerateDataKeyPairResponse) => any;
+/**
+ * @internal
+ */
+export declare const GenerateDataKeyPairWithoutPlaintextRequestFilterSensitiveLog: (obj: GenerateDataKeyPairWithoutPlaintextRequest) => any;
+/**
+ * @internal
+ */
+export declare const GenerateDataKeyPairWithoutPlaintextResponseFilterSensitiveLog: (obj: GenerateDataKeyPairWithoutPlaintextResponse) => any;
+/**
+ * @internal
+ */
+export declare const GenerateDataKeyWithoutPlaintextRequestFilterSensitiveLog: (obj: GenerateDataKeyWithoutPlaintextRequest) => any;
+/**
+ * @internal
+ */
+export declare const GenerateDataKeyWithoutPlaintextResponseFilterSensitiveLog: (obj: GenerateDataKeyWithoutPlaintextResponse) => any;
+/**
+ * @internal
+ */
+export declare const GenerateMacRequestFilterSensitiveLog: (obj: GenerateMacRequest) => any;
+/**
+ * @internal
+ */
+export declare const GenerateMacResponseFilterSensitiveLog: (obj: GenerateMacResponse) => any;
+/**
+ * @internal
+ */
+export declare const GenerateRandomRequestFilterSensitiveLog: (obj: GenerateRandomRequest) => any;
+/**
+ * @internal
+ */
+export declare const GenerateRandomResponseFilterSensitiveLog: (obj: GenerateRandomResponse) => any;
+/**
+ * @internal
+ */
+export declare const GetKeyPolicyRequestFilterSensitiveLog: (obj: GetKeyPolicyRequest) => any;
+/**
+ * @internal
+ */
+export declare const GetKeyPolicyResponseFilterSensitiveLog: (obj: GetKeyPolicyResponse) => any;
+/**
+ * @internal
+ */
+export declare const GetKeyRotationStatusRequestFilterSensitiveLog: (obj: GetKeyRotationStatusRequest) => any;
+/**
+ * @internal
+ */
+export declare const GetKeyRotationStatusResponseFilterSensitiveLog: (obj: GetKeyRotationStatusResponse) => any;
+/**
+ * @internal
+ */
+export declare const GetParametersForImportRequestFilterSensitiveLog: (obj: GetParametersForImportRequest) => any;
+/**
+ * @internal
+ */
+export declare const GetParametersForImportResponseFilterSensitiveLog: (obj: GetParametersForImportResponse) => any;
+/**
+ * @internal
+ */
+export declare const GetPublicKeyRequestFilterSensitiveLog: (obj: GetPublicKeyRequest) => any;
+/**
+ * @internal
+ */
+export declare const GetPublicKeyResponseFilterSensitiveLog: (obj: GetPublicKeyResponse) => any;
+/**
+ * @internal
+ */
+export declare const GrantListEntryFilterSensitiveLog: (obj: GrantListEntry) => any;
+/**
+ * @internal
+ */
+export declare const ImportKeyMaterialRequestFilterSensitiveLog: (obj: ImportKeyMaterialRequest) => any;
+/**
+ * @internal
+ */
+export declare const ImportKeyMaterialResponseFilterSensitiveLog: (obj: ImportKeyMaterialResponse) => any;
+/**
+ * @internal
+ */
+export declare const KeyListEntryFilterSensitiveLog: (obj: KeyListEntry) => any;
+/**
+ * @internal
+ */
+export declare const ListAliasesRequestFilterSensitiveLog: (obj: ListAliasesRequest) => any;
+/**
+ * @internal
+ */
+export declare const ListAliasesResponseFilterSensitiveLog: (obj: ListAliasesResponse) => any;
+/**
+ * @internal
+ */
+export declare const ListGrantsRequestFilterSensitiveLog: (obj: ListGrantsRequest) => any;
+/**
+ * @internal
+ */
+export declare const ListGrantsResponseFilterSensitiveLog: (obj: ListGrantsResponse) => any;
+/**
+ * @internal
+ */
+export declare const ListKeyPoliciesRequestFilterSensitiveLog: (obj: ListKeyPoliciesRequest) => any;
+/**
+ * @internal
+ */
+export declare const ListKeyPoliciesResponseFilterSensitiveLog: (obj: ListKeyPoliciesResponse) => any;
+/**
+ * @internal
+ */
+export declare const ListKeysRequestFilterSensitiveLog: (obj: ListKeysRequest) => any;
+/**
+ * @internal
+ */
+export declare const ListKeysResponseFilterSensitiveLog: (obj: ListKeysResponse) => any;
+/**
+ * @internal
+ */
+export declare const ListResourceTagsRequestFilterSensitiveLog: (obj: ListResourceTagsRequest) => any;
+/**
+ * @internal
+ */
+export declare const ListResourceTagsResponseFilterSensitiveLog: (obj: ListResourceTagsResponse) => any;
+/**
+ * @internal
+ */
+export declare const ListRetirableGrantsRequestFilterSensitiveLog: (obj: ListRetirableGrantsRequest) => any;
+/**
+ * @internal
+ */
+export declare const PutKeyPolicyRequestFilterSensitiveLog: (obj: PutKeyPolicyRequest) => any;
+/**
+ * @internal
+ */
+export declare const ReEncryptRequestFilterSensitiveLog: (obj: ReEncryptRequest) => any;
+/**
+ * @internal
+ */
+export declare const ReEncryptResponseFilterSensitiveLog: (obj: ReEncryptResponse) => any;
+/**
+ * @internal
+ */
+export declare const ReplicateKeyRequestFilterSensitiveLog: (obj: ReplicateKeyRequest) => any;
+/**
+ * @internal
+ */
+export declare const ReplicateKeyResponseFilterSensitiveLog: (obj: ReplicateKeyResponse) => any;
+/**
+ * @internal
+ */
+export declare const RetireGrantRequestFilterSensitiveLog: (obj: RetireGrantRequest) => any;
+/**
+ * @internal
+ */
+export declare const RevokeGrantRequestFilterSensitiveLog: (obj: RevokeGrantRequest) => any;
+/**
+ * @internal
+ */
+export declare const ScheduleKeyDeletionRequestFilterSensitiveLog: (obj: ScheduleKeyDeletionRequest) => any;
+/**
+ * @internal
+ */
+export declare const ScheduleKeyDeletionResponseFilterSensitiveLog: (obj: ScheduleKeyDeletionResponse) => any;
+/**
+ * @internal
+ */
+export declare const SignRequestFilterSensitiveLog: (obj: SignRequest) => any;
+/**
+ * @internal
+ */
+export declare const SignResponseFilterSensitiveLog: (obj: SignResponse) => any;
+/**
+ * @internal
+ */
+export declare const TagResourceRequestFilterSensitiveLog: (obj: TagResourceRequest) => any;
+/**
+ * @internal
+ */
+export declare const UntagResourceRequestFilterSensitiveLog: (obj: UntagResourceRequest) => any;
+/**
+ * @internal
+ */
+export declare const UpdateAliasRequestFilterSensitiveLog: (obj: UpdateAliasRequest) => any;
+/**
+ * @internal
+ */
+export declare const UpdateCustomKeyStoreRequestFilterSensitiveLog: (obj: UpdateCustomKeyStoreRequest) => any;
+/**
+ * @internal
+ */
+export declare const UpdateCustomKeyStoreResponseFilterSensitiveLog: (obj: UpdateCustomKeyStoreResponse) => any;
+/**
+ * @internal
+ */
+export declare const UpdateKeyDescriptionRequestFilterSensitiveLog: (obj: UpdateKeyDescriptionRequest) => any;
+/**
+ * @internal
+ */
+export declare const UpdatePrimaryRegionRequestFilterSensitiveLog: (obj: UpdatePrimaryRegionRequest) => any;
+/**
+ * @internal
+ */
+export declare const VerifyRequestFilterSensitiveLog: (obj: VerifyRequest) => any;
+/**
+ * @internal
+ */
+export declare const VerifyResponseFilterSensitiveLog: (obj: VerifyResponse) => any;
+/**
+ * @internal
+ */
+export declare const VerifyMacRequestFilterSensitiveLog: (obj: VerifyMacRequest) => any;
+/**
+ * @internal
+ */
+export declare const VerifyMacResponseFilterSensitiveLog: (obj: VerifyMacResponse) => any;