npm - @aws-sdk/client-kms - Versions diffs - 3.278.0 → 3.281.0 - Mend

@aws-sdk/client-kms 3.278.0 → 3.281.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

package/dist-types/commands/CreateKeyCommand.d.ts CHANGED Viewed

@@ -3,8 +3,14 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
 import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { CreateKeyRequest, CreateKeyResponse } from "../models/models_0";
+/**
+ * The input for {@link CreateKeyCommand}.
+ */
 export interface CreateKeyCommandInput extends CreateKeyRequest {
 }
+/**
+ * The output of {@link CreateKeyCommand}.
+ */
 export interface CreateKeyCommandOutput extends CreateKeyResponse, __MetadataBearer {
 }
 /**
@@ -22,10 +28,7 @@ export interface CreateKeyCommandOutput extends CreateKeyResponse, __MetadataBea
  *          <note>
  *             <p>KMS has replaced the term <i>customer master key (CMK)</i> with <i>KMS key</i> and <i>KMS key</i>. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.</p>
  *          </note>
- *
- *
  *          <p>To create different types of KMS keys, use the following guidance:</p>
- *
  *          <dl>
  *             <dt>Symmetric encryption KMS key</dt>
  *             <dd>
@@ -153,7 +156,6 @@ export interface CreateKeyCommandOutput extends CreateKeyResponse, __MetadataBea
  *          <p>
  *             <b>Cross-account use</b>: No. You cannot use this operation to
  *       create a KMS key in a different Amazon Web Services account.</p>
- *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:CreateKey</a> (IAM policy). To use the
  *         <code>Tags</code> parameter, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:TagResource</a> (IAM policy). For examples and information about related

package/dist-types/commands/DecryptCommand.d.ts CHANGED Viewed

@@ -3,8 +3,14 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
 import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { DecryptRequest, DecryptResponse } from "../models/models_0";
+/**
+ * The input for {@link DecryptCommand}.
+ */
 export interface DecryptCommandInput extends DecryptRequest {
 }
+/**
+ * The output of {@link DecryptCommand}.
+ */
 export interface DecryptCommandOutput extends DecryptResponse, __MetadataBearer {
 }
 /**
@@ -55,8 +61,8 @@ export interface DecryptCommandOutput extends DecryptResponse, __MetadataBearer
  *       the <code>Decrypt</code> operation fails. This practice ensures that you use the KMS key that
  *       you intend.</p>
  *          <p>Whenever possible, use key policies to give users permission to call the
- *         <code>Decrypt</code> operation on a particular KMS key, instead of using IAM policies.
- *       Otherwise, you might create an IAM user policy that gives the user <code>Decrypt</code>
+ *         <code>Decrypt</code> operation on a particular KMS key, instead of using &IAM; policies.
+ *       Otherwise, you might create an &IAM; policy that gives the user <code>Decrypt</code>
  *       permission on all KMS keys. This user could decrypt ciphertext that was encrypted by KMS keys
  *       in other accounts if the key policy for the cross-account KMS key permits it. If you must use
  *       an IAM policy for <code>Decrypt</code> permissions, limit the user to particular KMS keys or
@@ -66,9 +72,9 @@ export interface DecryptCommandOutput extends DecryptResponse, __MetadataBearer
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
- *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter. </p>
- *
+ *             <b>Cross-account use</b>: Yes. If you use the <code>KeyId</code>
+ *       parameter to identify a KMS key in a different Amazon Web Services account, specify the key ARN or the alias
+ *       ARN of the KMS key.</p>
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:Decrypt</a> (key policy)</p>
  *          <p>

package/dist-types/commands/DeleteAliasCommand.d.ts CHANGED Viewed

@@ -3,8 +3,14 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
 import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { DeleteAliasRequest } from "../models/models_0";
+/**
+ * The input for {@link DeleteAliasCommand}.
+ */
 export interface DeleteAliasCommandInput extends DeleteAliasRequest {
 }
+/**
+ * The output of {@link DeleteAliasCommand}.
+ */
 export interface DeleteAliasCommandOutput extends __MetadataBearer {
 }
 /**

package/dist-types/commands/DeleteCustomKeyStoreCommand.d.ts CHANGED Viewed

@@ -3,8 +3,14 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
 import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { DeleteCustomKeyStoreRequest, DeleteCustomKeyStoreResponse } from "../models/models_0";
+/**
+ * The input for {@link DeleteCustomKeyStoreCommand}.
+ */
 export interface DeleteCustomKeyStoreCommandInput extends DeleteCustomKeyStoreRequest {
 }
+/**
+ * The output of {@link DeleteCustomKeyStoreCommand}.
+ */
 export interface DeleteCustomKeyStoreCommandOutput extends DeleteCustomKeyStoreResponse, __MetadataBearer {
 }
 /**
@@ -35,7 +41,6 @@ export interface DeleteCustomKeyStoreCommandOutput extends DeleteCustomKeyStoreR
  * properties.</p>
  *          <p>
  *             <b>Cross-account use</b>: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.</p>
- *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:DeleteCustomKeyStore</a> (IAM policy)</p>
  *          <p>

package/dist-types/commands/DeleteImportedKeyMaterialCommand.d.ts CHANGED Viewed

@@ -3,8 +3,14 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
 import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { DeleteImportedKeyMaterialRequest } from "../models/models_0";
+/**
+ * The input for {@link DeleteImportedKeyMaterialCommand}.
+ */
 export interface DeleteImportedKeyMaterialCommandInput extends DeleteImportedKeyMaterialRequest {
 }
+/**
+ * The output of {@link DeleteImportedKeyMaterialCommand}.
+ */
 export interface DeleteImportedKeyMaterialCommandOutput extends __MetadataBearer {
 }
 /**
@@ -20,7 +26,6 @@ export interface DeleteImportedKeyMaterialCommandOutput extends __MetadataBearer
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
- *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:DeleteImportedKeyMaterial</a> (key policy)</p>
  *          <p>

package/dist-types/commands/DescribeCustomKeyStoresCommand.d.ts CHANGED Viewed

@@ -3,8 +3,14 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
 import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { DescribeCustomKeyStoresRequest, DescribeCustomKeyStoresResponse } from "../models/models_0";
+/**
+ * The input for {@link DescribeCustomKeyStoresCommand}.
+ */
 export interface DescribeCustomKeyStoresCommandInput extends DescribeCustomKeyStoresRequest {
 }
+/**
+ * The output of {@link DescribeCustomKeyStoresCommand}.
+ */
 export interface DescribeCustomKeyStoresCommandOutput extends DescribeCustomKeyStoresResponse, __MetadataBearer {
 }
 /**

package/dist-types/commands/DescribeKeyCommand.d.ts CHANGED Viewed

@@ -3,8 +3,14 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
 import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { DescribeKeyRequest, DescribeKeyResponse } from "../models/models_0";
+/**
+ * The input for {@link DescribeKeyCommand}.
+ */
 export interface DescribeKeyCommandInput extends DescribeKeyRequest {
 }
+/**
+ * The output of {@link DescribeKeyCommand}.
+ */
 export interface DescribeKeyCommandOutput extends DescribeKeyResponse, __MetadataBearer {
 }
 /**
@@ -49,7 +55,6 @@ export interface DescribeKeyCommandOutput extends DescribeKeyResponse, __Metadat
  *          <p>
  *             <b>Cross-account use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
  *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter.</p>
- *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:DescribeKey</a> (key policy)</p>
  *          <p>

package/dist-types/commands/DisableKeyCommand.d.ts CHANGED Viewed

@@ -3,8 +3,14 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
 import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { DisableKeyRequest } from "../models/models_0";
+/**
+ * The input for {@link DisableKeyCommand}.
+ */
 export interface DisableKeyCommandInput extends DisableKeyRequest {
 }
+/**
+ * The output of {@link DisableKeyCommand}.
+ */
 export interface DisableKeyCommandOutput extends __MetadataBearer {
 }
 /**
@@ -18,7 +24,6 @@ export interface DisableKeyCommandOutput extends __MetadataBearer {
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
- *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:DisableKey</a> (key policy)</p>
  *          <p>

package/dist-types/commands/DisableKeyRotationCommand.d.ts CHANGED Viewed

@@ -3,8 +3,14 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
 import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { DisableKeyRotationRequest } from "../models/models_0";
+/**
+ * The input for {@link DisableKeyRotationCommand}.
+ */
 export interface DisableKeyRotationCommandInput extends DisableKeyRotationRequest {
 }
+/**
+ * The output of {@link DisableKeyRotationCommand}.
+ */
 export interface DisableKeyRotationCommandOutput extends __MetadataBearer {
 }
 /**
@@ -24,7 +30,6 @@ export interface DisableKeyRotationCommandOutput extends __MetadataBearer {
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
- *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:DisableKeyRotation</a> (key policy)</p>
  *          <p>

package/dist-types/commands/DisconnectCustomKeyStoreCommand.d.ts CHANGED Viewed

@@ -3,8 +3,14 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
 import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { DisconnectCustomKeyStoreRequest, DisconnectCustomKeyStoreResponse } from "../models/models_0";
+/**
+ * The input for {@link DisconnectCustomKeyStoreCommand}.
+ */
 export interface DisconnectCustomKeyStoreCommandInput extends DisconnectCustomKeyStoreRequest {
 }
+/**
+ * The output of {@link DisconnectCustomKeyStoreCommand}.
+ */
 export interface DisconnectCustomKeyStoreCommandOutput extends DisconnectCustomKeyStoreResponse, __MetadataBearer {
 }
 /**
@@ -28,7 +34,6 @@ export interface DisconnectCustomKeyStoreCommandOutput extends DisconnectCustomK
  * properties.</p>
  *          <p>
  *             <b>Cross-account use</b>: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.</p>
- *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:DisconnectCustomKeyStore</a> (IAM policy)</p>
  *          <p>

package/dist-types/commands/EnableKeyCommand.d.ts CHANGED Viewed

@@ -3,8 +3,14 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
 import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { EnableKeyRequest } from "../models/models_0";
+/**
+ * The input for {@link EnableKeyCommand}.
+ */
 export interface EnableKeyCommandInput extends EnableKeyRequest {
 }
+/**
+ * The output of {@link EnableKeyCommand}.
+ */
 export interface EnableKeyCommandOutput extends __MetadataBearer {
 }
 /**
@@ -14,7 +20,6 @@ export interface EnableKeyCommandOutput extends __MetadataBearer {
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
- *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:EnableKey</a> (key policy)</p>
  *          <p>

package/dist-types/commands/EnableKeyRotationCommand.d.ts CHANGED Viewed

@@ -3,8 +3,14 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
 import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { EnableKeyRotationRequest } from "../models/models_0";
+/**
+ * The input for {@link EnableKeyRotationCommand}.
+ */
 export interface EnableKeyRotationCommandInput extends EnableKeyRotationRequest {
 }
+/**
+ * The output of {@link EnableKeyRotationCommand}.
+ */
 export interface EnableKeyRotationCommandOutput extends __MetadataBearer {
 }
 /**
@@ -32,7 +38,6 @@ export interface EnableKeyRotationCommandOutput extends __MetadataBearer {
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
- *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:EnableKeyRotation</a> (key policy)</p>
  *          <p>

package/dist-types/commands/EncryptCommand.d.ts CHANGED Viewed

@@ -3,8 +3,14 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
 import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { EncryptRequest, EncryptResponse } from "../models/models_0";
+/**
+ * The input for {@link EncryptCommand}.
+ */
 export interface EncryptCommandInput extends EncryptRequest {
 }
+/**
+ * The output of {@link EncryptCommand}.
+ */
 export interface EncryptCommandOutput extends EncryptResponse, __MetadataBearer {
 }
 /**
@@ -28,8 +34,6 @@ export interface EncryptCommandOutput extends EncryptResponse, __MetadataBearer
  *             <p>When you use an asymmetric KMS key to encrypt or reencrypt data, be sure to record the KMS key and encryption algorithm that you choose. You will be required to provide the same KMS key and encryption algorithm when you decrypt the data. If the KMS key and algorithm do not match the values used to encrypt the data, the decrypt operation fails.</p>
  *             <p>You are not required to supply the key ID and encryption algorithm when you decrypt with symmetric encryption KMS keys because KMS stores this information in the ciphertext blob. KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields.</p>
  *          </important>
- *
- *
  *          <p>The maximum size of the data that you can encrypt varies with the type of KMS key and the
  *       encryption algorithm that you choose.</p>
  *          <ul>
@@ -98,7 +102,6 @@ export interface EncryptCommandOutput extends EncryptResponse, __MetadataBearer
  *             <b>Cross-account use</b>: Yes.
  *       To perform this operation with a KMS key in a different Amazon Web Services account, specify
  *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter.</p>
- *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:Encrypt</a> (key policy)</p>
  *          <p>

package/dist-types/commands/GenerateDataKeyCommand.d.ts CHANGED Viewed

@@ -3,8 +3,14 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
 import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { GenerateDataKeyRequest, GenerateDataKeyResponse } from "../models/models_0";
+/**
+ * The input for {@link GenerateDataKeyCommand}.
+ */
 export interface GenerateDataKeyCommandInput extends GenerateDataKeyRequest {
 }
+/**
+ * The output of {@link GenerateDataKeyCommand}.
+ */
 export interface GenerateDataKeyCommandOutput extends GenerateDataKeyResponse, __MetadataBearer {
 }
 /**
@@ -13,23 +19,18 @@ export interface GenerateDataKeyCommandOutput extends GenerateDataKeyResponse, _
  *       key that you specify. The bytes in the plaintext key are random; they are not related
  *       to the caller or the KMS key. You can use the plaintext key to encrypt your data outside of KMS
  *       and store the encrypted data key with the encrypted data.</p>
- *
  *          <p>To generate a data key, specify the symmetric encryption KMS key that will be used to
  *       encrypt the data key. You cannot use an asymmetric KMS key to encrypt data keys. To get the
  *       type of your KMS key, use the <a>DescribeKey</a> operation.</p>
- *
  *          <p>You must also specify the length of the data key. Use either the <code>KeySpec</code> or
  *       <code>NumberOfBytes</code> parameters (but not both). For 128-bit and 256-bit data keys, use
  *       the <code>KeySpec</code> parameter.</p>
- *
- *          <p>To generate an SM4 data key (China Regions only), specify a <code>KeySpec</code> value of
- *       <code>AES_128</code> or <code>NumberOfBytes</code> value of <code>128</code>. The symmetric
+ *          <p>To generate a 128-bit SM4 data key (China Regions only), specify a <code>KeySpec</code> value of
+ *       <code>AES_128</code> or a <code>NumberOfBytes</code> value of <code>16</code>. The symmetric
  *       encryption key used in China Regions to encrypt your data key is an SM4 encryption key.</p>
- *
  *          <p>To get only an encrypted copy of the data key, use <a>GenerateDataKeyWithoutPlaintext</a>. To generate an asymmetric data key pair, use
  *       the <a>GenerateDataKeyPair</a> or <a>GenerateDataKeyPairWithoutPlaintext</a> operation. To get a cryptographically secure
  *       random byte string, use <a>GenerateRandom</a>.</p>
- *
  *          <p>You can use an optional encryption context to add additional security to the encryption
  *       operation. If you specify an <code>EncryptionContext</code>, you must specify the same
  *       encryption context (a case-sensitive exact match) when decrypting the encrypted data key.
@@ -75,7 +76,6 @@ export interface GenerateDataKeyCommandOutput extends GenerateDataKeyResponse, _
  *          <p>
  *             <b>Cross-account use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
  *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter.</p>
- *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:GenerateDataKey</a> (key policy)</p>
  *          <p>

package/dist-types/commands/GenerateDataKeyPairCommand.d.ts CHANGED Viewed

@@ -3,8 +3,14 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
 import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { GenerateDataKeyPairRequest, GenerateDataKeyPairResponse } from "../models/models_0";
+/**
+ * The input for {@link GenerateDataKeyPairCommand}.
+ */
 export interface GenerateDataKeyPairCommandInput extends GenerateDataKeyPairRequest {
 }
+/**
+ * The output of {@link GenerateDataKeyPairCommand}.
+ */
 export interface GenerateDataKeyPairCommandOutput extends GenerateDataKeyPairResponse, __MetadataBearer {
 }
 /**
@@ -14,11 +20,9 @@ export interface GenerateDataKeyPairCommandOutput extends GenerateDataKeyPairRes
  *       perform asymmetric cryptography and implement digital signatures outside of KMS. The bytes
  *       in the keys are random; they not related to the caller or to the KMS key that is used to
  *       encrypt the private key. </p>
- *
  *          <p>You can use the public key that <code>GenerateDataKeyPair</code> returns to encrypt data
  *       or verify a signature outside of KMS. Then, store the encrypted private key with the data.
  *       When you are ready to decrypt data or sign a message, you can use the <a>Decrypt</a> operation to decrypt the encrypted private key.</p>
- *
  *          <p>To generate a data key pair, you must specify a symmetric encryption KMS key to encrypt
  *       the private key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a
  *       custom key store. To get the type and origin of your KMS key, use the <a>DescribeKey</a> operation. </p>
@@ -26,7 +30,6 @@ export interface GenerateDataKeyPairCommandOutput extends GenerateDataKeyPairRes
  *       key pair. In China Regions, you can also choose an SM2 data key pair. KMS recommends that you use
  *       ECC key pairs for signing, and use RSA and SM2 key pairs for either encryption or signing, but not both.
  *       However, KMS cannot enforce any restrictions on the use of data key pairs outside of KMS.</p>
- *
  *          <p>If you are using the data key pair to encrypt data, or for any operation where you don't
  *       immediately need a private key, consider using the <a>GenerateDataKeyPairWithoutPlaintext</a> operation.
  *         <code>GenerateDataKeyPairWithoutPlaintext</code> returns a plaintext public key and an
@@ -34,14 +37,12 @@ export interface GenerateDataKeyPairCommandOutput extends GenerateDataKeyPairRes
  *       ciphertext or sign a message. Later, when you need to decrypt the data or sign a message, use
  *       the <a>Decrypt</a> operation to decrypt the encrypted private key in the data key
  *       pair.</p>
- *
  *          <p>
  *             <code>GenerateDataKeyPair</code> returns a unique data key pair for each request. The
  *       bytes in the keys are random; they are not related to the caller or the KMS key that is used
  *       to encrypt the private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as
  *       specified in <a href="https://tools.ietf.org/html/rfc5280">RFC 5280</a>. The private
  *       key is a DER-encoded PKCS8 PrivateKeyInfo, as specified in <a href="https://tools.ietf.org/html/rfc5958">RFC 5958</a>.</p>
- *
  *          <p>You can use an optional encryption context to add additional security to the encryption
  *       operation. If you specify an <code>EncryptionContext</code>, you must specify the same
  *       encryption context (a case-sensitive exact match) when decrypting the encrypted data key.
@@ -52,7 +53,6 @@ export interface GenerateDataKeyPairCommandOutput extends GenerateDataKeyPairRes
  *          <p>
  *             <b>Cross-account use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
  *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter.</p>
- *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:GenerateDataKeyPair</a> (key policy)</p>
  *          <p>

package/dist-types/commands/GenerateDataKeyPairWithoutPlaintextCommand.d.ts CHANGED Viewed

@@ -3,8 +3,14 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
 import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { GenerateDataKeyPairWithoutPlaintextRequest, GenerateDataKeyPairWithoutPlaintextResponse } from "../models/models_0";
+/**
+ * The input for {@link GenerateDataKeyPairWithoutPlaintextCommand}.
+ */
 export interface GenerateDataKeyPairWithoutPlaintextCommandInput extends GenerateDataKeyPairWithoutPlaintextRequest {
 }
+/**
+ * The output of {@link GenerateDataKeyPairWithoutPlaintextCommand}.
+ */
 export interface GenerateDataKeyPairWithoutPlaintextCommandOutput extends GenerateDataKeyPairWithoutPlaintextResponse, __MetadataBearer {
 }
 /**
@@ -28,7 +34,6 @@ export interface GenerateDataKeyPairWithoutPlaintextCommandOutput extends Genera
  *       request. The bytes in the key are not related to the caller or KMS key that is used to encrypt
  *       the private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in
  *         <a href="https://tools.ietf.org/html/rfc5280">RFC 5280</a>.</p>
- *
  *          <p>You can use an optional encryption context to add additional security to the encryption
  *       operation. If you specify an <code>EncryptionContext</code>, you must specify the same
  *       encryption context (a case-sensitive exact match) when decrypting the encrypted data key.
@@ -39,7 +44,6 @@ export interface GenerateDataKeyPairWithoutPlaintextCommandOutput extends Genera
  *          <p>
  *             <b>Cross-account use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
  *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter.</p>
- *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:GenerateDataKeyPairWithoutPlaintext</a> (key
  *       policy)</p>

package/dist-types/commands/GenerateDataKeyWithoutPlaintextCommand.d.ts CHANGED Viewed

@@ -3,8 +3,14 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
 import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { GenerateDataKeyWithoutPlaintextRequest, GenerateDataKeyWithoutPlaintextResponse } from "../models/models_0";
+/**
+ * The input for {@link GenerateDataKeyWithoutPlaintextCommand}.
+ */
 export interface GenerateDataKeyWithoutPlaintextCommandInput extends GenerateDataKeyWithoutPlaintextRequest {
 }
+/**
+ * The output of {@link GenerateDataKeyWithoutPlaintextCommand}.
+ */
 export interface GenerateDataKeyWithoutPlaintextCommandOutput extends GenerateDataKeyWithoutPlaintextResponse, __MetadataBearer {
 }
 /**
@@ -26,22 +32,17 @@ export interface GenerateDataKeyWithoutPlaintextCommandOutput extends GenerateDa
  *       plaintext data key.</p>
  *          <p>To request an asymmetric data key pair, use the <a>GenerateDataKeyPair</a> or
  *         <a>GenerateDataKeyPairWithoutPlaintext</a> operations.</p>
- *
  *          <p>To generate a data key, you must specify the symmetric encryption KMS key that is used to
  *       encrypt the data key. You cannot use an asymmetric KMS key or a key in a custom key store to generate a data key. To get the
  *       type of your KMS key, use the <a>DescribeKey</a> operation.</p>
- *
  *          <p>You must also specify the length of the data key. Use either the <code>KeySpec</code> or
  *       <code>NumberOfBytes</code> parameters (but not both). For 128-bit and 256-bit data keys, use
  *       the <code>KeySpec</code> parameter.</p>
- *
  *          <p>To generate an SM4 data key (China Regions only), specify a <code>KeySpec</code> value of
  *       <code>AES_128</code> or <code>NumberOfBytes</code> value of <code>128</code>. The symmetric
  *       encryption key used in China Regions to encrypt your data key is an SM4 encryption key.</p>
- *
  *          <p>If the operation succeeds, you will find the encrypted copy of the data key in the
  *         <code>CiphertextBlob</code> field.</p>
- *
  *          <p>You can use an optional encryption context to add additional security to the encryption
  *       operation. If you specify an <code>EncryptionContext</code>, you must specify the same
  *       encryption context (a case-sensitive exact match) when decrypting the encrypted data key.
@@ -52,7 +53,6 @@ export interface GenerateDataKeyWithoutPlaintextCommandOutput extends GenerateDa
  *          <p>
  *             <b>Cross-account use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
  *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter.</p>
- *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:GenerateDataKeyWithoutPlaintext</a> (key
  *       policy)</p>

package/dist-types/commands/GenerateMacCommand.d.ts CHANGED Viewed

@@ -3,8 +3,14 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
 import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { GenerateMacRequest, GenerateMacResponse } from "../models/models_0";
+/**
+ * The input for {@link GenerateMacCommand}.
+ */
 export interface GenerateMacCommandInput extends GenerateMacRequest {
 }
+/**
+ * The output of {@link GenerateMacCommand}.
+ */
 export interface GenerateMacCommandOutput extends GenerateMacResponse, __MetadataBearer {
 }
 /**

package/dist-types/commands/GenerateRandomCommand.d.ts CHANGED Viewed

@@ -3,8 +3,14 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
 import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { GenerateRandomRequest, GenerateRandomResponse } from "../models/models_0";
+/**
+ * The input for {@link GenerateRandomCommand}.
+ */
 export interface GenerateRandomCommandInput extends GenerateRandomRequest {
 }
+/**
+ * The output of {@link GenerateRandomCommand}.
+ */
 export interface GenerateRandomCommandOutput extends GenerateRandomResponse, __MetadataBearer {
 }
 /**
@@ -17,7 +23,6 @@ export interface GenerateRandomCommandOutput extends GenerateRandomResponse, __M
  *          <p>Applications in Amazon Web Services Nitro Enclaves can call this operation by using the <a href="https://github.com/aws/aws-nitro-enclaves-sdk-c">Amazon Web Services Nitro Enclaves Development Kit</a>. For information about the supporting parameters, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html">How Amazon Web Services Nitro Enclaves use KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>For more information about entropy and random number generation, see
  *       <a href="https://docs.aws.amazon.com/kms/latest/cryptographic-details/">Key Management Service Cryptographic Details</a>.</p>
- *
  *          <p>
  *             <b>Cross-account use</b>: Not applicable.
  *         <code>GenerateRandom</code> does not use any account-specific resources, such as KMS

package/dist-types/commands/GetKeyPolicyCommand.d.ts CHANGED Viewed

@@ -3,15 +3,20 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
 import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { GetKeyPolicyRequest, GetKeyPolicyResponse } from "../models/models_0";
+/**
+ * The input for {@link GetKeyPolicyCommand}.
+ */
 export interface GetKeyPolicyCommandInput extends GetKeyPolicyRequest {
 }
+/**
+ * The output of {@link GetKeyPolicyCommand}.
+ */
 export interface GetKeyPolicyCommandOutput extends GetKeyPolicyResponse, __MetadataBearer {
 }
 /**
  * <p>Gets a key policy attached to the specified KMS key.</p>
  *          <p>
  *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
- *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:GetKeyPolicy</a> (key policy)</p>
  *          <p>

package/dist-types/commands/GetKeyRotationStatusCommand.d.ts CHANGED Viewed

@@ -3,8 +3,14 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
 import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { GetKeyRotationStatusRequest, GetKeyRotationStatusResponse } from "../models/models_0";
+/**
+ * The input for {@link GetKeyRotationStatusCommand}.
+ */
 export interface GetKeyRotationStatusCommandInput extends GetKeyRotationStatusRequest {
 }
+/**
+ * The output of {@link GetKeyRotationStatusCommand}.
+ */
 export interface GetKeyRotationStatusCommandOutput extends GetKeyRotationStatusResponse, __MetadataBearer {
 }
 /**
@@ -44,7 +50,6 @@ export interface GetKeyRotationStatusCommandOutput extends GetKeyRotationStatusR
  *          <p>
  *             <b>Cross-account use</b>: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key
  *   ARN in the value of the <code>KeyId</code> parameter.</p>
- *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:GetKeyRotationStatus</a> (key policy)</p>
  *          <p>

package/dist-types/commands/GetParametersForImportCommand.d.ts CHANGED Viewed

@@ -3,8 +3,14 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
 import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { GetParametersForImportRequest, GetParametersForImportResponse } from "../models/models_0";
+/**
+ * The input for {@link GetParametersForImportCommand}.
+ */
 export interface GetParametersForImportCommandInput extends GetParametersForImportRequest {
 }
+/**
+ * The output of {@link GetParametersForImportCommand}.
+ */
 export interface GetParametersForImportCommandOutput extends GetParametersForImportResponse, __MetadataBearer {
 }
 /**
@@ -25,7 +31,6 @@ export interface GetParametersForImportCommandOutput extends GetParametersForImp
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
- *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:GetParametersForImport</a> (key policy)</p>
  *          <p>