@aws-sdk/client-kms 3.287.0 → 3.289.0

package/dist-types/commands/CancelKeyDeletionCommand.d.ts

@@ -41,6 +41,22 @@ export interface CancelKeyDeletionCommandOutput extends CancelKeyDeletionRespons
  * @see {@link CancelKeyDeletionCommandOutput} for command's `response` shape.
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
  *
+ * @example To cancel deletion of a KMS key
+ * ```javascript
+ * // The following example cancels deletion of the specified KMS key.
+ * const input = {
+ *   "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab"
+ * };
+ * const command = new CancelKeyDeletionCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "KeyId": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
+ * }
+ * *\/
+ * // example id: to-cancel-deletion-of-a-cmk-1477428535102
+ * ```
+ *
  */
 export declare class CancelKeyDeletionCommand extends $Command<CancelKeyDeletionCommandInput, CancelKeyDeletionCommandOutput, KMSClientResolvedConfig> {
     readonly input: CancelKeyDeletionCommandInput;

package/dist-types/commands/ConnectCustomKeyStoreCommand.d.ts

@@ -115,6 +115,17 @@ export interface ConnectCustomKeyStoreCommandOutput extends ConnectCustomKeyStor
  * @see {@link ConnectCustomKeyStoreCommandOutput} for command's `response` shape.
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
  *
+ * @example To connect a custom key store
+ * ```javascript
+ * // This example connects an AWS KMS custom key store to its backing key store. For an AWS CloudHSM key store, it connects the key store to its AWS CloudHSM cluster. For an external key store, it connects the key store to the external key store proxy that communicates with your external key manager. This operation does not return any data. To verify that the custom key store is connected, use the <code>DescribeCustomKeyStores</code> operation.
+ * const input = {
+ *   "CustomKeyStoreId": "cks-1234567890abcdef0"
+ * };
+ * const command = new ConnectCustomKeyStoreCommand(input);
+ * await client.send(command);
+ * // example id: to-connect-a-custom-key-store-1628626947750
+ * ```
+ *
  */
 export declare class ConnectCustomKeyStoreCommand extends $Command<ConnectCustomKeyStoreCommandInput, ConnectCustomKeyStoreCommandOutput, KMSClientResolvedConfig> {
     readonly input: ConnectCustomKeyStoreCommandInput;

package/dist-types/commands/CreateAliasCommand.d.ts

@@ -85,6 +85,18 @@ export interface CreateAliasCommandOutput extends __MetadataBearer {
  * @see {@link CreateAliasCommandOutput} for command's `response` shape.
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
  *
+ * @example To create an alias
+ * ```javascript
+ * // The following example creates an alias for the specified KMS key.
+ * const input = {
+ *   "AliasName": "alias/ExampleAlias",
+ *   "TargetKeyId": "1234abcd-12ab-34cd-56ef-1234567890ab"
+ * };
+ * const command = new CreateAliasCommand(input);
+ * await client.send(command);
+ * // example id: to-create-an-alias-1477505685119
+ * ```
+ *
  */
 export declare class CreateAliasCommand extends $Command<CreateAliasCommandInput, CreateAliasCommandOutput, KMSClientResolvedConfig> {
     readonly input: CreateAliasCommandInput;

package/dist-types/commands/CreateCustomKeyStoreCommand.d.ts

@@ -116,6 +116,74 @@ export interface CreateCustomKeyStoreCommandOutput extends CreateCustomKeyStoreR
  * @see {@link CreateCustomKeyStoreCommandOutput} for command's `response` shape.
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
  *
+ * @example To create an AWS CloudHSM key store
+ * ```javascript
+ * // This example creates a custom key store that is associated with an AWS CloudHSM cluster.
+ * const input = {
+ *   "CloudHsmClusterId": "cluster-1a23b4cdefg",
+ *   "CustomKeyStoreName": "ExampleKeyStore",
+ *   "KeyStorePassword": "kmsPswd",
+ *   "TrustAnchorCertificate": "<certificate-goes-here>"
+ * };
+ * const command = new CreateCustomKeyStoreCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "CustomKeyStoreId": "cks-1234567890abcdef0"
+ * }
+ * *\/
+ * // example id: to-create-an-aws-cloudhsm-custom-key-store-1
+ * ```
+ *
+ * @example To create an external key store with VPC endpoint service connectivity
+ * ```javascript
+ * // This example creates an external key store that uses an Amazon VPC endpoint service to communicate with AWS KMS.
+ * const input = {
+ *   "CustomKeyStoreName": "ExampleVPCEndpointKeyStore",
+ *   "CustomKeyStoreType": "EXTERNAL_KEY_STORE",
+ *   "XksProxyAuthenticationCredential": {
+ *     "AccessKeyId": "ABCDE12345670EXAMPLE",
+ *     "RawSecretAccessKey": "DXjSUawnel2fr6SKC7G25CNxTyWKE5PF9XX6H/u9pSo="
+ *   },
+ *   "XksProxyConnectivity": "VPC_ENDPOINT_SERVICE",
+ *   "XksProxyUriEndpoint": "https://myproxy-private.xks.example.com",
+ *   "XksProxyUriPath": "/example-prefix/kms/xks/v1",
+ *   "XksProxyVpcEndpointServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-example1"
+ * };
+ * const command = new CreateCustomKeyStoreCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "CustomKeyStoreId": "cks-1234567890abcdef0"
+ * }
+ * *\/
+ * // example id: to-create-an-external-custom-key-store-with-vpc-connectivity-2
+ * ```
+ *
+ * @example To create an external key store with public endpoint connectivity
+ * ```javascript
+ * // This example creates an external key store with public endpoint connectivity.
+ * const input = {
+ *   "CustomKeyStoreName": "ExamplePublicEndpointKeyStore",
+ *   "CustomKeyStoreType": "EXTERNAL_KEY_STORE",
+ *   "XksProxyAuthenticationCredential": {
+ *     "AccessKeyId": "ABCDE12345670EXAMPLE",
+ *     "RawSecretAccessKey": "DXjSUawnel2fr6SKC7G25CNxTyWKE5PF9XX6H/u9pSo="
+ *   },
+ *   "XksProxyConnectivity": "PUBLIC_ENDPOINT",
+ *   "XksProxyUriEndpoint": "https://myproxy.xks.example.com",
+ *   "XksProxyUriPath": "/kms/xks/v1"
+ * };
+ * const command = new CreateCustomKeyStoreCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "CustomKeyStoreId": "cks-987654321abcdef0"
+ * }
+ * *\/
+ * // example id: to-create-an-external-custom-key-store-with-a-public-endpoint-3
+ * ```
+ *
  */
 export declare class CreateCustomKeyStoreCommand extends $Command<CreateCustomKeyStoreCommandInput, CreateCustomKeyStoreCommandOutput, KMSClientResolvedConfig> {
     readonly input: CreateCustomKeyStoreCommandInput;

package/dist-types/commands/CreateGrantCommand.d.ts

@@ -90,6 +90,28 @@ export interface CreateGrantCommandOutput extends CreateGrantResponse, __Metadat
  * @see {@link CreateGrantCommandOutput} for command's `response` shape.
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
  *
+ * @example To create a grant
+ * ```javascript
+ * // The following example creates a grant that allows the specified IAM role to encrypt data with the specified KMS key.
+ * const input = {
+ *   "GranteePrincipal": "arn:aws:iam::111122223333:role/ExampleRole",
+ *   "KeyId": "arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ *   "Operations": [
+ *     "Encrypt",
+ *     "Decrypt"
+ *   ]
+ * };
+ * const command = new CreateGrantCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "GrantId": "0c237476b39f8bc44e45212e08498fbe3151305030726c0590dd8d3e9f3d6a60",
+ *   "GrantToken": "AQpAM2RhZTk1MGMyNTk2ZmZmMzEyYWVhOWViN2I1MWM4Mzc0MWFiYjc0ZDE1ODkyNGFlNTIzODZhMzgyZjBlNGY3NiKIAgEBAgB4Pa6VDCWW__MSrqnre1HIN0Grt00ViSSuUjhqOC8OT3YAAADfMIHcBgkqhkiG9w0BBwaggc4wgcsCAQAwgcUGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMmqLyBTAegIn9XlK5AgEQgIGXZQjkBcl1dykDdqZBUQ6L1OfUivQy7JVYO2-ZJP7m6f1g8GzV47HX5phdtONAP7K_HQIflcgpkoCqd_fUnE114mSmiagWkbQ5sqAVV3ov-VeqgrvMe5ZFEWLMSluvBAqdjHEdMIkHMlhlj4ENZbzBfo9Wxk8b8SnwP4kc4gGivedzFXo-dwN8fxjjq_ZZ9JFOj2ijIbj5FyogDCN0drOfi8RORSEuCEmPvjFRMFAwcmwFkN2NPp89amA"
+ * }
+ * *\/
+ * // example id: to-create-a-grant-1477972226782
+ * ```
+ *
  */
 export declare class CreateGrantCommand extends $Command<CreateGrantCommandInput, CreateGrantCommandOutput, KMSClientResolvedConfig> {
     readonly input: CreateGrantCommandInput;

package/dist-types/commands/CreateKeyCommand.d.ts

@@ -195,6 +195,289 @@ export interface CreateKeyCommandOutput extends CreateKeyResponse, __MetadataBea
  * @see {@link CreateKeyCommandOutput} for command's `response` shape.
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
  *
+ * @example To create a KMS key
+ * ```javascript
+ * // The following example creates a symmetric KMS key for encryption and decryption. No parameters are required for this operation.
+ * const input = {};
+ * const command = new CreateKeyCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "KeyMetadata": {
+ *     "AWSAccountId": "111122223333",
+ *     "Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     "CreationDate": "2017-07-05T14:04:55-07:00",
+ *     "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+ *     "Description": "",
+ *     "Enabled": true,
+ *     "EncryptionAlgorithms": [
+ *       "SYMMETRIC_DEFAULT"
+ *     ],
+ *     "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     "KeyManager": "CUSTOMER",
+ *     "KeySpec": "SYMMETRIC_DEFAULT",
+ *     "KeyState": "Enabled",
+ *     "KeyUsage": "ENCRYPT_DECRYPT",
+ *     "MultiRegion": false,
+ *     "Origin": "AWS_KMS"
+ *   }
+ * }
+ * *\/
+ * // example id: to-create-a-cmk-1
+ * ```
+ *
+ * @example To create an asymmetric RSA KMS key for encryption and decryption
+ * ```javascript
+ * // This example creates a KMS key that contains an asymmetric RSA key pair for encryption and decryption. The key spec and key usage can't be changed after the key is created.
+ * const input = {
+ *   "KeySpec": "RSA_4096",
+ *   "KeyUsage": "ENCRYPT_DECRYPT"
+ * };
+ * const command = new CreateKeyCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "KeyMetadata": {
+ *     "AWSAccountId": "111122223333",
+ *     "Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     "CreationDate": "2021-04-05T14:04:55-07:00",
+ *     "CustomerMasterKeySpec": "RSA_4096",
+ *     "Description": "",
+ *     "Enabled": true,
+ *     "EncryptionAlgorithms": [
+ *       "RSAES_OAEP_SHA_1",
+ *       "RSAES_OAEP_SHA_256"
+ *     ],
+ *     "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     "KeyManager": "CUSTOMER",
+ *     "KeySpec": "RSA_4096",
+ *     "KeyState": "Enabled",
+ *     "KeyUsage": "ENCRYPT_DECRYPT",
+ *     "MultiRegion": false,
+ *     "Origin": "AWS_KMS"
+ *   }
+ * }
+ * *\/
+ * // example id: to-create-an-asymmetric-rsa-kms-key-for-encryption-and-decryption-2
+ * ```
+ *
+ * @example To create an asymmetric elliptic curve KMS key for signing and verification
+ * ```javascript
+ * // This example creates a KMS key that contains an asymmetric elliptic curve (ECC) key pair for signing and verification. The key usage is required even though "SIGN_VERIFY" is the only valid value for ECC KMS keys. The key spec and key usage can't be changed after the key is created.
+ * const input = {
+ *   "KeySpec": "ECC_NIST_P521",
+ *   "KeyUsage": "SIGN_VERIFY"
+ * };
+ * const command = new CreateKeyCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "KeyMetadata": {
+ *     "AWSAccountId": "111122223333",
+ *     "Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     "CreationDate": "2019-12-02T07:48:55-07:00",
+ *     "CustomerMasterKeySpec": "ECC_NIST_P521",
+ *     "Description": "",
+ *     "Enabled": true,
+ *     "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     "KeyManager": "CUSTOMER",
+ *     "KeySpec": "ECC_NIST_P521",
+ *     "KeyState": "Enabled",
+ *     "KeyUsage": "SIGN_VERIFY",
+ *     "MultiRegion": false,
+ *     "Origin": "AWS_KMS",
+ *     "SigningAlgorithms": [
+ *       "ECDSA_SHA_512"
+ *     ]
+ *   }
+ * }
+ * *\/
+ * // example id: to-create-an-asymmetric-elliptic-curve-kms-key-for-signing-and-verification-3
+ * ```
+ *
+ * @example To create an HMAC KMS key
+ * ```javascript
+ * // This example creates a 384-bit symmetric HMAC KMS key. The GENERATE_VERIFY_MAC key usage value is required even though it's the only valid value for HMAC KMS keys. The key spec and key usage can't be changed after the key is created.
+ * const input = {
+ *   "KeySpec": "HMAC_384",
+ *   "KeyUsage": "GENERATE_VERIFY_MAC"
+ * };
+ * const command = new CreateKeyCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "KeyMetadata": {
+ *     "AWSAccountId": "111122223333",
+ *     "Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     "CreationDate": "2022-04-05T14:04:55-07:00",
+ *     "CustomerMasterKeySpec": "HMAC_384",
+ *     "Description": "",
+ *     "Enabled": true,
+ *     "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     "KeyManager": "CUSTOMER",
+ *     "KeySpec": "HMAC_384",
+ *     "KeyState": "Enabled",
+ *     "KeyUsage": "GENERATE_VERIFY_MAC",
+ *     "MacAlgorithms": [
+ *       "HMAC_SHA_384"
+ *     ],
+ *     "MultiRegion": false,
+ *     "Origin": "AWS_KMS"
+ *   }
+ * }
+ * *\/
+ * // example id: to-create-an-hmac-kms-key-1630628752841
+ * ```
+ *
+ * @example To create a multi-Region primary KMS key
+ * ```javascript
+ * // This example creates a multi-Region primary symmetric encryption key. Because the default values for all parameters create a symmetric encryption key, only the MultiRegion parameter is required for this KMS key.
+ * const input = {
+ *   "MultiRegion": true
+ * };
+ * const command = new CreateKeyCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "KeyMetadata": {
+ *     "AWSAccountId": "111122223333",
+ *     "Arn": "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef12345678990ab",
+ *     "CreationDate": "2021-09-02T016:15:21-09:00",
+ *     "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+ *     "Description": "",
+ *     "Enabled": true,
+ *     "EncryptionAlgorithms": [
+ *       "SYMMETRIC_DEFAULT"
+ *     ],
+ *     "KeyId": "mrk-1234abcd12ab34cd56ef12345678990ab",
+ *     "KeyManager": "CUSTOMER",
+ *     "KeySpec": "SYMMETRIC_DEFAULT",
+ *     "KeyState": "Enabled",
+ *     "KeyUsage": "ENCRYPT_DECRYPT",
+ *     "MultiRegion": true,
+ *     "MultiRegionConfiguration": {
+ *       "MultiRegionKeyType": "PRIMARY",
+ *       "PrimaryKey": {
+ *         "Arn": "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef12345678990ab",
+ *         "Region": "us-west-2"
+ *       },
+ *       "ReplicaKeys": []
+ *     },
+ *     "Origin": "AWS_KMS"
+ *   }
+ * }
+ * *\/
+ * // example id: to-create-a-multi-region-primary-kms-key-4
+ * ```
+ *
+ * @example To create a KMS key for imported key material
+ * ```javascript
+ * // This example creates a KMS key with no key material. When the operation is complete, you can import your own key material into the KMS key. To create this KMS key, set the Origin parameter to EXTERNAL.
+ * const input = {
+ *   "Origin": "EXTERNAL"
+ * };
+ * const command = new CreateKeyCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "KeyMetadata": {
+ *     "AWSAccountId": "111122223333",
+ *     "Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     "CreationDate": "2019-12-02T07:48:55-07:00",
+ *     "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+ *     "Description": "",
+ *     "Enabled": false,
+ *     "EncryptionAlgorithms": [
+ *       "SYMMETRIC_DEFAULT"
+ *     ],
+ *     "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     "KeyManager": "CUSTOMER",
+ *     "KeySpec": "SYMMETRIC_DEFAULT",
+ *     "KeyState": "PendingImport",
+ *     "KeyUsage": "ENCRYPT_DECRYPT",
+ *     "MultiRegion": false,
+ *     "Origin": "EXTERNAL"
+ *   }
+ * }
+ * *\/
+ * // example id: to-create-a-kms-key-for-imported-key-material-5
+ * ```
+ *
+ * @example To create a KMS key in an AWS CloudHSM key store
+ * ```javascript
+ * // This example creates a KMS key in the specified AWS CloudHSM key store. The operation creates the KMS key and its metadata in AWS KMS and creates the key material in the AWS CloudHSM cluster associated with the custom key store. This example requires the CustomKeyStoreId  and Origin parameters.
+ * const input = {
+ *   "CustomKeyStoreId": "cks-1234567890abcdef0",
+ *   "Origin": "AWS_CLOUDHSM"
+ * };
+ * const command = new CreateKeyCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "KeyMetadata": {
+ *     "AWSAccountId": "111122223333",
+ *     "Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     "CloudHsmClusterId": "cluster-1a23b4cdefg",
+ *     "CreationDate": "2019-12-02T07:48:55-07:00",
+ *     "CustomKeyStoreId": "cks-1234567890abcdef0",
+ *     "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+ *     "Description": "",
+ *     "Enabled": true,
+ *     "EncryptionAlgorithms": [
+ *       "SYMMETRIC_DEFAULT"
+ *     ],
+ *     "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     "KeyManager": "CUSTOMER",
+ *     "KeySpec": "SYMMETRIC_DEFAULT",
+ *     "KeyState": "Enabled",
+ *     "KeyUsage": "ENCRYPT_DECRYPT",
+ *     "MultiRegion": false,
+ *     "Origin": "AWS_CLOUDHSM"
+ *   }
+ * }
+ * *\/
+ * // example id: to-create-a-kms-key-in-an-aws-cloudhsm-custom-key-store-6
+ * ```
+ *
+ * @example To create a KMS key in an external key store
+ * ```javascript
+ * // This example creates a KMS key in the specified external key store. It uses the XksKeyId parameter to associate the KMS key with an existing symmetric encryption key in your external key manager. This CustomKeyStoreId, Origin, and XksKeyId parameters are required in this operation.
+ * const input = {
+ *   "CustomKeyStoreId": "cks-9876543210fedcba9",
+ *   "Origin": "EXTERNAL_KEY_STORE",
+ *   "XksKeyId": "bb8562717f809024"
+ * };
+ * const command = new CreateKeyCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "KeyMetadata": {
+ *     "AWSAccountId": "111122223333",
+ *     "Arn": "arn:aws:kms:us-east-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321",
+ *     "CreationDate": "2022-02-02T07:48:55-07:00",
+ *     "CustomKeyStoreId": "cks-9876543210fedcba9",
+ *     "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+ *     "Description": "",
+ *     "Enabled": true,
+ *     "EncryptionAlgorithms": [
+ *       "SYMMETRIC_DEFAULT"
+ *     ],
+ *     "KeyId": "0987dcba-09fe-87dc-65ba-ab0987654321",
+ *     "KeyManager": "CUSTOMER",
+ *     "KeySpec": "SYMMETRIC_DEFAULT",
+ *     "KeyState": "Enabled",
+ *     "KeyUsage": "ENCRYPT_DECRYPT",
+ *     "MultiRegion": false,
+ *     "Origin": "EXTERNAL_KEY_STORE",
+ *     "XksKeyConfiguration": {
+ *       "Id": "bb8562717f809024"
+ *     }
+ *   }
+ * }
+ * *\/
+ * // example id: to-create-a-kms-key-in-an-external-custom-key-store-7
+ * ```
+ *
  */
 export declare class CreateKeyCommand extends $Command<CreateKeyCommandInput, CreateKeyCommandOutput, KMSClientResolvedConfig> {
     readonly input: CreateKeyCommandInput;

package/dist-types/commands/DecryptCommand.d.ts

@@ -116,6 +116,24 @@ export interface DecryptCommandOutput extends DecryptResponse, __MetadataBearer
  * @see {@link DecryptCommandOutput} for command's `response` shape.
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
  *
+ * @example To decrypt data
+ * ```javascript
+ * // The following example decrypts data that was encrypted with a KMS key.
+ * const input = {
+ *   "CiphertextBlob": "<binary data>",
+ *   "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
+ * };
+ * const command = new DecryptCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ *   "Plaintext": "<binary data>"
+ * }
+ * *\/
+ * // example id: to-decrypt-data-1478281622886
+ * ```
+ *
  */
 export declare class DecryptCommand extends $Command<DecryptCommandInput, DecryptCommandOutput, KMSClientResolvedConfig> {
     readonly input: DecryptCommandInput;

package/dist-types/commands/DeleteAliasCommand.d.ts

@@ -76,6 +76,17 @@ export interface DeleteAliasCommandOutput extends __MetadataBearer {
  * @see {@link DeleteAliasCommandOutput} for command's `response` shape.
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
  *
+ * @example To delete an alias
+ * ```javascript
+ * // The following example deletes the specified alias.
+ * const input = {
+ *   "AliasName": "alias/ExampleAlias"
+ * };
+ * const command = new DeleteAliasCommand(input);
+ * await client.send(command);
+ * // example id: to-delete-an-alias-1478285209338
+ * ```
+ *
  */
 export declare class DeleteAliasCommand extends $Command<DeleteAliasCommandInput, DeleteAliasCommandOutput, KMSClientResolvedConfig> {
     readonly input: DeleteAliasCommandInput;

package/dist-types/commands/DeleteCustomKeyStoreCommand.d.ts

@@ -87,6 +87,17 @@ export interface DeleteCustomKeyStoreCommandOutput extends DeleteCustomKeyStoreR
  * @see {@link DeleteCustomKeyStoreCommandOutput} for command's `response` shape.
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
  *
+ * @example To delete a custom key store from AWS KMS
+ * ```javascript
+ * // This example deletes a custom key store from AWS KMS. This operation does not affect the backing key store, such as a CloudHSM cluster, external key store proxy, or your external key manager. This operation doesn't return any data. To verify that the operation was successful, use the DescribeCustomKeyStores operation.
+ * const input = {
+ *   "CustomKeyStoreId": "cks-1234567890abcdef0"
+ * };
+ * const command = new DeleteCustomKeyStoreCommand(input);
+ * await client.send(command);
+ * // example id: to-delete-a-custom-key-store-from-aws-kms-1628630837145
+ * ```
+ *
  */
 export declare class DeleteCustomKeyStoreCommand extends $Command<DeleteCustomKeyStoreCommandInput, DeleteCustomKeyStoreCommandOutput, KMSClientResolvedConfig> {
     readonly input: DeleteCustomKeyStoreCommandInput;

package/dist-types/commands/DeleteImportedKeyMaterialCommand.d.ts

@@ -57,6 +57,17 @@ export interface DeleteImportedKeyMaterialCommandOutput extends __MetadataBearer
  * @see {@link DeleteImportedKeyMaterialCommandOutput} for command's `response` shape.
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
  *
+ * @example To delete imported key material
+ * ```javascript
+ * // The following example deletes the imported key material from the specified KMS key.
+ * const input = {
+ *   "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab"
+ * };
+ * const command = new DeleteImportedKeyMaterialCommand(input);
+ * await client.send(command);
+ * // example id: to-delete-imported-key-material-1478561674507
+ * ```
+ *
  */
 export declare class DeleteImportedKeyMaterialCommand extends $Command<DeleteImportedKeyMaterialCommandInput, DeleteImportedKeyMaterialCommandOutput, KMSClientResolvedConfig> {
     readonly input: DeleteImportedKeyMaterialCommandInput;

package/dist-types/commands/DescribeCustomKeyStoresCommand.d.ts

@@ -87,6 +87,107 @@ export interface DescribeCustomKeyStoresCommandOutput extends DescribeCustomKeyS
  * @see {@link DescribeCustomKeyStoresCommandOutput} for command's `response` shape.
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
  *
+ * @example To get detailed information about custom key stores in the account and Region
+ * ```javascript
+ * // This example gets detailed information about all AWS KMS custom key stores in an AWS account and Region. To get all key stores, do not enter a custom key store name or ID.
+ * const input = {};
+ * const command = new DescribeCustomKeyStoresCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "CustomKeyStores": []
+ * }
+ * *\/
+ * // example id: to-get-detailed-information-about-custom-key-stores-in-the-account-and-region-1
+ * ```
+ *
+ * @example To get detailed information about an AWS CloudHSM key store by specifying its friendly name
+ * ```javascript
+ * // This example gets detailed information about a particular AWS CloudHSM key store by specifying its friendly name. To limit the output to a particular custom key store, provide either the custom key store name or ID.
+ * const input = {
+ *   "CustomKeyStoreName": "ExampleKeyStore"
+ * };
+ * const command = new DescribeCustomKeyStoresCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "CustomKeyStores": [
+ *     {
+ *       "CloudHsmClusterId": "cluster-1a23b4cdefg",
+ *       "ConnectionState": "CONNECTED",
+ *       "CreationDate": "1.499288695918E9",
+ *       "CustomKeyStoreId": "cks-1234567890abcdef0",
+ *       "CustomKeyStoreName": "ExampleKeyStore",
+ *       "CustomKeyStoreType": "AWS_CLOUDHSM",
+ *       "TrustAnchorCertificate": "<certificate appears here>"
+ *     }
+ *   ]
+ * }
+ * *\/
+ * // example id: to-get-detailed-information-about-a-cloudhsm-custom-key-store-by-name-2
+ * ```
+ *
+ * @example To get detailed information about an external key store by specifying its ID
+ * ```javascript
+ * // This example gets detailed information about an external key store by specifying its ID.  The example external key store proxy uses public endpoint connectivity.
+ * const input = {
+ *   "CustomKeyStoreId": "cks-9876543210fedcba9"
+ * };
+ * const command = new DescribeCustomKeyStoresCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "CustomKeyStores": [
+ *     {
+ *       "ConnectionState": "CONNECTED",
+ *       "CreationDate": "1.599288695918E9",
+ *       "CustomKeyStoreId": "cks-9876543210fedcba9",
+ *       "CustomKeyStoreName": "ExampleExternalKeyStore",
+ *       "CustomKeyStoreType": "EXTERNAL_KEY_STORE",
+ *       "XksProxyConfiguration": {
+ *         "AccessKeyId": "ABCDE12345670EXAMPLE",
+ *         "Connectivity": "PUBLIC_ENDPOINT",
+ *         "UriEndpoint": "https://myproxy.xks.example.com",
+ *         "UriPath": "/kms/xks/v1"
+ *       }
+ *     }
+ *   ]
+ * }
+ * *\/
+ * // example id: to-get-detailed-information-about-an-external-key-store--3
+ * ```
+ *
+ * @example To get detailed information about an external key store VPC endpoint connectivity by specifying its friendly name
+ * ```javascript
+ * // This example gets detailed information about a particular external key store by specifying its friendly name. To limit the output to a particular custom key store, provide either the custom key store name or ID. The proxy URI path for this external key store includes an optional prefix. Also, because this example external key store uses VPC endpoint connectivity, the response includes the associated VPC endpoint service name.
+ * const input = {
+ *   "CustomKeyStoreName": "VPCExternalKeystore"
+ * };
+ * const command = new DescribeCustomKeyStoresCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "CustomKeyStores": [
+ *     {
+ *       "ConnectionState": "CONNECTED",
+ *       "CreationDate": "1.643057863.842",
+ *       "CustomKeyStoreId": "cks-876543210fedcba98",
+ *       "CustomKeyStoreName": "ExampleVPCExternalKeyStore",
+ *       "CustomKeyStoreType": "EXTERNAL_KEY_STORE",
+ *       "XksProxyConfiguration": {
+ *         "AccessKeyId": "ABCDE12345670EXAMPLE",
+ *         "Connectivity": "VPC_ENDPOINT_SERVICE",
+ *         "UriEndpoint": "https://myproxy-private.xks.example.com",
+ *         "UriPath": "/example-prefix/kms/xks/v1",
+ *         "VpcEndpointServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-example1"
+ *       }
+ *     }
+ *   ]
+ * }
+ * *\/
+ * // example id: to-get-detailed-information-about-an-external-custom-key-store-by-name-4
+ * ```
+ *
  */
 export declare class DescribeCustomKeyStoresCommand extends $Command<DescribeCustomKeyStoresCommandInput, DescribeCustomKeyStoresCommandOutput, KMSClientResolvedConfig> {
     readonly input: DescribeCustomKeyStoresCommandInput;