@aws-sdk/client-kms 3.295.0 → 3.297.0

package/dist-types/models/models_0.d.ts

@@ -1,11 +1,15 @@
 import { ExceptionOptionType as __ExceptionOptionType } from "@aws-sdk/smithy-client";
 import { KMSServiceException as __BaseException } from "./KMSServiceException";
+/**
+ * @public
+ */
 export declare enum AlgorithmSpec {
     RSAES_OAEP_SHA_1 = "RSAES_OAEP_SHA_1",
     RSAES_OAEP_SHA_256 = "RSAES_OAEP_SHA_256",
     RSAES_PKCS1_V1_5 = "RSAES_PKCS1_V1_5"
 }
 /**
+ * @public
  * <p>Contains information about an alias.</p>
  */
 export interface AliasListEntry {
@@ -33,6 +37,7 @@ export interface AliasListEntry {
     LastUpdatedDate?: Date;
 }
 /**
+ * @public
  * <p>The request was rejected because it attempted to create a resource that already
  *       exists.</p>
  */
@@ -44,6 +49,9 @@ export declare class AlreadyExistsException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<AlreadyExistsException, __BaseException>);
 }
+/**
+ * @public
+ */
 export interface CancelKeyDeletionRequest {
     /**
      * <p>Identifies the KMS key whose deletion is being canceled.</p>
@@ -63,6 +71,9 @@ export interface CancelKeyDeletionRequest {
      */
     KeyId: string | undefined;
 }
+/**
+ * @public
+ */
 export interface CancelKeyDeletionResponse {
     /**
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the KMS key whose deletion is canceled.</p>
@@ -70,6 +81,7 @@ export interface CancelKeyDeletionResponse {
     KeyId?: string;
 }
 /**
+ * @public
  * <p>The system timed out while trying to fulfill the request. You can retry the
  *       request.</p>
  */
@@ -82,6 +94,7 @@ export declare class DependencyTimeoutException extends __BaseException {
     constructor(opts: __ExceptionOptionType<DependencyTimeoutException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because a specified ARN, or an ARN in a key policy, is not
  *       valid.</p>
  */
@@ -94,6 +107,7 @@ export declare class InvalidArnException extends __BaseException {
     constructor(opts: __ExceptionOptionType<InvalidArnException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because an internal exception occurred. The request can be
  *       retried.</p>
  */
@@ -106,6 +120,7 @@ export declare class KMSInternalException extends __BaseException {
     constructor(opts: __ExceptionOptionType<KMSInternalException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because the state of the specified resource is not valid for this
  *       request.</p>
  *          <p>This exceptions means one of the following:</p>
@@ -132,6 +147,7 @@ export declare class KMSInvalidStateException extends __BaseException {
     constructor(opts: __ExceptionOptionType<KMSInvalidStateException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because the specified entity or resource could not be
  *       found.</p>
  */
@@ -144,6 +160,7 @@ export declare class NotFoundException extends __BaseException {
     constructor(opts: __ExceptionOptionType<NotFoundException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because the specified CloudHSM cluster is already associated with an
  *       CloudHSM key store in the account, or it shares a backup history with an CloudHSM key store in the
  *       account. Each CloudHSM key store in the account must be associated with a different CloudHSM
@@ -160,6 +177,7 @@ export declare class CloudHsmClusterInUseException extends __BaseException {
     constructor(opts: __ExceptionOptionType<CloudHsmClusterInUseException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because the associated CloudHSM cluster did not meet the
  *       configuration requirements for an CloudHSM key store.</p>
  *          <ul>
@@ -202,6 +220,7 @@ export declare class CloudHsmClusterInvalidConfigurationException extends __Base
     constructor(opts: __ExceptionOptionType<CloudHsmClusterInvalidConfigurationException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because the CloudHSM cluster associated with the CloudHSM key store is
  *       not active. Initialize and activate the cluster and try the command again. For detailed
  *       instructions, see <a href="https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html">Getting
@@ -216,6 +235,7 @@ export declare class CloudHsmClusterNotActiveException extends __BaseException {
     constructor(opts: __ExceptionOptionType<CloudHsmClusterNotActiveException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because KMS cannot find the CloudHSM cluster with the specified
  *       cluster ID. Retry the request with a different cluster ID.</p>
  */
@@ -228,6 +248,7 @@ export declare class CloudHsmClusterNotFoundException extends __BaseException {
     constructor(opts: __ExceptionOptionType<CloudHsmClusterNotFoundException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because the specified CloudHSM cluster has a different cluster
  *       certificate than the original cluster. You cannot use the operation to specify an unrelated
  *       cluster for an CloudHSM key store.</p>
@@ -245,6 +266,9 @@ export declare class CloudHsmClusterNotRelatedException extends __BaseException
      */
     constructor(opts: __ExceptionOptionType<CloudHsmClusterNotRelatedException, __BaseException>);
 }
+/**
+ * @public
+ */
 export interface ConnectCustomKeyStoreRequest {
     /**
      * <p>Enter the key store ID of the custom key store that you want to connect.
@@ -252,9 +276,13 @@ export interface ConnectCustomKeyStoreRequest {
      */
     CustomKeyStoreId: string | undefined;
 }
+/**
+ * @public
+ */
 export interface ConnectCustomKeyStoreResponse {
 }
 /**
+ * @public
  * <p>The request was rejected because of the <code>ConnectionState</code> of the custom key
  *       store. To get the <code>ConnectionState</code> of a custom key store, use the <a>DescribeCustomKeyStores</a> operation.</p>
  *          <p>This exception is thrown under the following conditions:</p>
@@ -299,6 +327,7 @@ export declare class CustomKeyStoreInvalidStateException extends __BaseException
     constructor(opts: __ExceptionOptionType<CustomKeyStoreInvalidStateException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because KMS cannot find a custom key store with the specified
  *       key store name or ID.</p>
  */
@@ -310,6 +339,9 @@ export declare class CustomKeyStoreNotFoundException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<CustomKeyStoreNotFoundException, __BaseException>);
 }
+/**
+ * @public
+ */
 export declare enum ConnectionErrorCodeType {
     CLUSTER_NOT_FOUND = "CLUSTER_NOT_FOUND",
     INSUFFICIENT_CLOUDHSM_HSMS = "INSUFFICIENT_CLOUDHSM_HSMS",
@@ -330,6 +362,9 @@ export declare enum ConnectionErrorCodeType {
     XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION = "XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION",
     XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND = "XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND"
 }
+/**
+ * @public
+ */
 export declare enum ConnectionStateType {
     CONNECTED = "CONNECTED",
     CONNECTING = "CONNECTING",
@@ -337,6 +372,9 @@ export declare enum ConnectionStateType {
     DISCONNECTING = "DISCONNECTING",
     FAILED = "FAILED"
 }
+/**
+ * @public
+ */
 export interface CreateAliasRequest {
     /**
      * <p>Specifies the alias name. This value must begin with <code>alias/</code> followed by a
@@ -374,6 +412,7 @@ export interface CreateAliasRequest {
     TargetKeyId: string | undefined;
 }
 /**
+ * @public
  * <p>The request was rejected because the specified alias name is not valid.</p>
  */
 export declare class InvalidAliasNameException extends __BaseException {
@@ -385,6 +424,7 @@ export declare class InvalidAliasNameException extends __BaseException {
     constructor(opts: __ExceptionOptionType<InvalidAliasNameException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because a quota was exceeded. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html">Quotas</a> in the
  *       <i>Key Management Service Developer Guide</i>.</p>
  */
@@ -396,11 +436,15 @@ export declare class LimitExceededException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<LimitExceededException, __BaseException>);
 }
+/**
+ * @public
+ */
 export declare enum CustomKeyStoreType {
     AWS_CLOUDHSM = "AWS_CLOUDHSM",
     EXTERNAL_KEY_STORE = "EXTERNAL_KEY_STORE"
 }
 /**
+ * @public
  * <p>KMS uses the authentication credential to sign requests that it sends to the external
  *       key store proxy (XKS proxy) on your behalf. You establish these credentials on your external
  *       key store proxy and report them to KMS.</p>
@@ -417,10 +461,16 @@ export interface XksProxyAuthenticationCredentialType {
      */
     RawSecretAccessKey: string | undefined;
 }
+/**
+ * @public
+ */
 export declare enum XksProxyConnectivityType {
     PUBLIC_ENDPOINT = "PUBLIC_ENDPOINT",
     VPC_ENDPOINT_SERVICE = "VPC_ENDPOINT_SERVICE"
 }
+/**
+ * @public
+ */
 export interface CreateCustomKeyStoreRequest {
     /**
      * <p>Specifies a friendly name for the custom key store. The name must be unique in your
@@ -576,6 +626,9 @@ export interface CreateCustomKeyStoreRequest {
      */
     XksProxyConnectivity?: XksProxyConnectivityType | string;
 }
+/**
+ * @public
+ */
 export interface CreateCustomKeyStoreResponse {
     /**
      * <p>A unique identifier for the new custom key store.</p>
@@ -583,6 +636,7 @@ export interface CreateCustomKeyStoreResponse {
     CustomKeyStoreId?: string;
 }
 /**
+ * @public
  * <p>The request was rejected because the specified custom key store name is already assigned
  *       to another custom key store in the account. Try again with a custom key store name that is
  *       unique in the account.</p>
@@ -596,6 +650,7 @@ export declare class CustomKeyStoreNameInUseException extends __BaseException {
     constructor(opts: __ExceptionOptionType<CustomKeyStoreNameInUseException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because the trust anchor certificate in the request to create an
  *       CloudHSM key store is not the trust anchor certificate for the specified CloudHSM cluster.</p>
  *          <p>When you <a href="https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr">initialize the CloudHSM cluster</a>, you create the trust anchor certificate and save it
@@ -610,6 +665,7 @@ export declare class IncorrectTrustAnchorException extends __BaseException {
     constructor(opts: __ExceptionOptionType<IncorrectTrustAnchorException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because the proxy credentials failed to authenticate to the
  *       specified external key store proxy. The specified external key store proxy rejected a status
  *       request from KMS due to invalid credentials. This can indicate an error in the credentials
@@ -624,6 +680,7 @@ export declare class XksProxyIncorrectAuthenticationCredentialException extends
     constructor(opts: __ExceptionOptionType<XksProxyIncorrectAuthenticationCredentialException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because the Amazon VPC endpoint service configuration does not fulfill
  *       the requirements for an external key store proxy. For details, see the exception
  *       message.</p>
@@ -637,6 +694,7 @@ export declare class XksProxyInvalidConfigurationException extends __BaseExcepti
     constructor(opts: __ExceptionOptionType<XksProxyInvalidConfigurationException, __BaseException>);
 }
 /**
+ * @public
  * <p></p>
  *          <p>KMS cannot interpret the response it received from the external key store proxy. The
  *       problem might be a poorly constructed response, but it could also be a transient network
@@ -651,6 +709,7 @@ export declare class XksProxyInvalidResponseException extends __BaseException {
     constructor(opts: __ExceptionOptionType<XksProxyInvalidResponseException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because the concatenation of the <code>XksProxyUriEndpoint</code>
  *       is already associated with an external key store in the Amazon Web Services account and Region. Each
  *       external key store in an account and Region must use a unique external key store proxy
@@ -665,6 +724,7 @@ export declare class XksProxyUriEndpointInUseException extends __BaseException {
     constructor(opts: __ExceptionOptionType<XksProxyUriEndpointInUseException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because the concatenation of the <code>XksProxyUriEndpoint</code>
  *       and <code>XksProxyUriPath</code> is already associated with an external key store in the
  *       Amazon Web Services account and Region. Each external key store in an account and Region must use a unique
@@ -679,6 +739,7 @@ export declare class XksProxyUriInUseException extends __BaseException {
     constructor(opts: __ExceptionOptionType<XksProxyUriInUseException, __BaseException>);
 }
 /**
+ * @public
  * <p>KMS was unable to reach the specified <code>XksProxyUriPath</code>. The path must be
  *       reachable before you create the external key store or update its settings.</p>
  *          <p>This exception is also thrown when the external key store proxy response to a <code>GetHealthStatus</code>
@@ -693,6 +754,7 @@ export declare class XksProxyUriUnreachableException extends __BaseException {
     constructor(opts: __ExceptionOptionType<XksProxyUriUnreachableException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because the specified Amazon VPC endpoint service is already
  *       associated with an external key store in the Amazon Web Services account and Region. Each external key store
  *       in an Amazon Web Services account and Region must use a different Amazon VPC endpoint service.</p>
@@ -706,6 +768,7 @@ export declare class XksProxyVpcEndpointServiceInUseException extends __BaseExce
     constructor(opts: __ExceptionOptionType<XksProxyVpcEndpointServiceInUseException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because the Amazon VPC endpoint service configuration does not fulfill
  *       the requirements for an external key store proxy. For details, see the exception message and
  *         <a href="kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements">review the requirements</a> for Amazon VPC endpoint service connectivity for an external key
@@ -720,6 +783,7 @@ export declare class XksProxyVpcEndpointServiceInvalidConfigurationException ext
     constructor(opts: __ExceptionOptionType<XksProxyVpcEndpointServiceInvalidConfigurationException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because KMS could not find the specified VPC endpoint service.
  *       Use <a>DescribeCustomKeyStores</a> to verify the VPC endpoint service name for the
  *       external key store. Also, confirm that the <code>Allow principals</code> list for the VPC
@@ -735,6 +799,7 @@ export declare class XksProxyVpcEndpointServiceNotFoundException extends __BaseE
     constructor(opts: __ExceptionOptionType<XksProxyVpcEndpointServiceNotFoundException, __BaseException>);
 }
 /**
+ * @public
  * <p>Use this structure to allow <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic operations</a> in the grant only when the operation request
  *       includes the specified <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">encryption context</a>. </p>
  *          <p>KMS applies the grant constraints only to cryptographic operations that support an
@@ -770,6 +835,9 @@ export interface GrantConstraints {
      */
     EncryptionContextEquals?: Record<string, string>;
 }
+/**
+ * @public
+ */
 export declare enum GrantOperation {
     CreateGrant = "CreateGrant",
     Decrypt = "Decrypt",
@@ -788,6 +856,9 @@ export declare enum GrantOperation {
     Verify = "Verify",
     VerifyMac = "VerifyMac"
 }
+/**
+ * @public
+ */
 export interface CreateGrantRequest {
     /**
      * <p>Identifies the KMS key for the grant. The grant gives principals permission to use this
@@ -888,6 +959,9 @@ export interface CreateGrantRequest {
      */
     Name?: string;
 }
+/**
+ * @public
+ */
 export interface CreateGrantResponse {
     /**
      * <p>The grant token.</p>
@@ -902,6 +976,7 @@ export interface CreateGrantResponse {
     GrantId?: string;
 }
 /**
+ * @public
  * <p>The request was rejected because the specified KMS key is not enabled.</p>
  */
 export declare class DisabledException extends __BaseException {
@@ -913,6 +988,7 @@ export declare class DisabledException extends __BaseException {
     constructor(opts: __ExceptionOptionType<DisabledException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because the specified grant token is not valid.</p>
  */
 export declare class InvalidGrantTokenException extends __BaseException {
@@ -923,6 +999,9 @@ export declare class InvalidGrantTokenException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<InvalidGrantTokenException, __BaseException>);
 }
+/**
+ * @public
+ */
 export declare enum CustomerMasterKeySpec {
     ECC_NIST_P256 = "ECC_NIST_P256",
     ECC_NIST_P384 = "ECC_NIST_P384",
@@ -938,6 +1017,9 @@ export declare enum CustomerMasterKeySpec {
     SM2 = "SM2",
     SYMMETRIC_DEFAULT = "SYMMETRIC_DEFAULT"
 }
+/**
+ * @public
+ */
 export declare enum KeySpec {
     ECC_NIST_P256 = "ECC_NIST_P256",
     ECC_NIST_P384 = "ECC_NIST_P384",
@@ -953,11 +1035,17 @@ export declare enum KeySpec {
     SM2 = "SM2",
     SYMMETRIC_DEFAULT = "SYMMETRIC_DEFAULT"
 }
+/**
+ * @public
+ */
 export declare enum KeyUsageType {
     ENCRYPT_DECRYPT = "ENCRYPT_DECRYPT",
     GENERATE_VERIFY_MAC = "GENERATE_VERIFY_MAC",
     SIGN_VERIFY = "SIGN_VERIFY"
 }
+/**
+ * @public
+ */
 export declare enum OriginType {
     AWS_CLOUDHSM = "AWS_CLOUDHSM",
     AWS_KMS = "AWS_KMS",
@@ -965,6 +1053,7 @@ export declare enum OriginType {
     EXTERNAL_KEY_STORE = "EXTERNAL_KEY_STORE"
 }
 /**
+ * @public
  * <p>A key-value pair. A tag consists of a tag key and a tag value. Tag keys and tag values are
  *       both required, but tag values can be empty (null) strings.</p>
  *          <p>For information about the rules that apply to tag keys and tag values, see <a href="https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html">User-Defined Tag Restrictions</a> in the <i>Amazon Web Services Billing and Cost Management
@@ -980,6 +1069,9 @@ export interface Tag {
      */
     TagValue: string | undefined;
 }
+/**
+ * @public
+ */
 export interface CreateKeyRequest {
     /**
      * <p>The key policy to attach to the KMS key.</p>
@@ -1271,20 +1363,32 @@ export interface CreateKeyRequest {
      */
     XksKeyId?: string;
 }
+/**
+ * @public
+ */
 export declare enum EncryptionAlgorithmSpec {
     RSAES_OAEP_SHA_1 = "RSAES_OAEP_SHA_1",
     RSAES_OAEP_SHA_256 = "RSAES_OAEP_SHA_256",
     SM2PKE = "SM2PKE",
     SYMMETRIC_DEFAULT = "SYMMETRIC_DEFAULT"
 }
+/**
+ * @public
+ */
 export declare enum ExpirationModelType {
     KEY_MATERIAL_DOES_NOT_EXPIRE = "KEY_MATERIAL_DOES_NOT_EXPIRE",
     KEY_MATERIAL_EXPIRES = "KEY_MATERIAL_EXPIRES"
 }
+/**
+ * @public
+ */
 export declare enum KeyManagerType {
     AWS = "AWS",
     CUSTOMER = "CUSTOMER"
 }
+/**
+ * @public
+ */
 export declare enum KeyState {
     Creating = "Creating",
     Disabled = "Disabled",
@@ -1295,17 +1399,24 @@ export declare enum KeyState {
     Unavailable = "Unavailable",
     Updating = "Updating"
 }
+/**
+ * @public
+ */
 export declare enum MacAlgorithmSpec {
     HMAC_SHA_224 = "HMAC_SHA_224",
     HMAC_SHA_256 = "HMAC_SHA_256",
     HMAC_SHA_384 = "HMAC_SHA_384",
     HMAC_SHA_512 = "HMAC_SHA_512"
 }
+/**
+ * @public
+ */
 export declare enum MultiRegionKeyType {
     PRIMARY = "PRIMARY",
     REPLICA = "REPLICA"
 }
 /**
+ * @public
  * <p>Describes the primary or replica key in a multi-Region key.</p>
  */
 export interface MultiRegionKey {
@@ -1319,6 +1430,7 @@ export interface MultiRegionKey {
     Region?: string;
 }
 /**
+ * @public
  * <p>Describes the configuration of this multi-Region key. This field appears only when the KMS
  *       key is a primary or replica of a multi-Region key.</p>
  *          <p>For more information about any listed KMS key, use the <a>DescribeKey</a>
@@ -1341,6 +1453,9 @@ export interface MultiRegionConfiguration {
      */
     ReplicaKeys?: MultiRegionKey[];
 }
+/**
+ * @public
+ */
 export declare enum SigningAlgorithmSpec {
     ECDSA_SHA_256 = "ECDSA_SHA_256",
     ECDSA_SHA_384 = "ECDSA_SHA_384",
@@ -1354,6 +1469,7 @@ export declare enum SigningAlgorithmSpec {
     SM2DSA = "SM2DSA"
 }
 /**
+ * @public
  * <p>Information about the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key">external key </a>that is associated with a KMS key in an
  *       external key store. </p>
  *          <p>This element appears in a <a>CreateKey</a> or <a>DescribeKey</a>
@@ -1370,6 +1486,7 @@ export interface XksKeyConfigurationType {
     Id?: string;
 }
 /**
+ * @public
  * <p>Contains metadata about a KMS key.</p>
  *          <p>This data type is used as a response element for the <a>CreateKey</a>, <a>DescribeKey</a>, and <a>ReplicateKey</a> operations.</p>
  */
@@ -1543,6 +1660,9 @@ export interface KeyMetadata {
      */
     XksKeyConfiguration?: XksKeyConfigurationType;
 }
+/**
+ * @public
+ */
 export interface CreateKeyResponse {
     /**
      * <p>Metadata associated with the KMS key.</p>
@@ -1550,6 +1670,7 @@ export interface CreateKeyResponse {
     KeyMetadata?: KeyMetadata;
 }
 /**
+ * @public
  * <p>The request was rejected because the specified policy is not syntactically or semantically
  *       correct.</p>
  */
@@ -1562,6 +1683,7 @@ export declare class MalformedPolicyDocumentException extends __BaseException {
     constructor(opts: __ExceptionOptionType<MalformedPolicyDocumentException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because one or more tags are not valid.</p>
  */
 export declare class TagException extends __BaseException {
@@ -1573,6 +1695,7 @@ export declare class TagException extends __BaseException {
     constructor(opts: __ExceptionOptionType<TagException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because a specified parameter is not supported or a specified
  *       resource is not valid for this operation.</p>
  */
@@ -1585,6 +1708,7 @@ export declare class UnsupportedOperationException extends __BaseException {
     constructor(opts: __ExceptionOptionType<UnsupportedOperationException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because the (<code>XksKeyId</code>) is already associated with a
  *       KMS key in this external key store. Each KMS key in an external key store must be associated
  *       with a different external key.</p>
@@ -1598,6 +1722,7 @@ export declare class XksKeyAlreadyInUseException extends __BaseException {
     constructor(opts: __ExceptionOptionType<XksKeyAlreadyInUseException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because the external key specified by the <code>XksKeyId</code>
  *       parameter did not meet the configuration requirements for an external key store.</p>
  *          <p>The external key must be an AES-256 symmetric key that is enabled and performs encryption
@@ -1612,6 +1737,7 @@ export declare class XksKeyInvalidConfigurationException extends __BaseException
     constructor(opts: __ExceptionOptionType<XksKeyInvalidConfigurationException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because the external key store proxy could not find the external key. This
  *       exception is thrown when the value of the <code>XksKeyId</code> parameter doesn't identify a
  *       key in the external key manager associated with the external key proxy.</p>
@@ -1629,6 +1755,7 @@ export declare class XksKeyNotFoundException extends __BaseException {
     constructor(opts: __ExceptionOptionType<XksKeyNotFoundException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because the custom key store contains KMS keys. After verifying
  *       that you do not need to use the KMS keys, use the <a>ScheduleKeyDeletion</a>
  *       operation to delete the KMS keys. After they are deleted, you can delete the custom key
@@ -1643,6 +1770,7 @@ export declare class CustomKeyStoreHasCMKsException extends __BaseException {
     constructor(opts: __ExceptionOptionType<CustomKeyStoreHasCMKsException, __BaseException>);
 }
 /**
+ * @public
  * <p>Detailed information about the external key store proxy (XKS proxy). Your external key
  *       store proxy translates KMS requests into a format that your external key manager can
  *       understand. These fields appear in a <a>DescribeCustomKeyStores</a> response only
@@ -1678,6 +1806,7 @@ export interface XksProxyConfigurationType {
     VpcEndpointServiceName?: string;
 }
 /**
+ * @public
  * <p>Contains information about each custom key store in the custom key store list.</p>
  */
 export interface CustomKeyStoresListEntry {
@@ -1932,6 +2061,9 @@ export interface CustomKeyStoresListEntry {
      */
     XksProxyConfiguration?: XksProxyConfigurationType;
 }
+/**
+ * @public
+ */
 export declare enum DataKeyPairSpec {
     ECC_NIST_P256 = "ECC_NIST_P256",
     ECC_NIST_P384 = "ECC_NIST_P384",
@@ -1942,10 +2074,16 @@ export declare enum DataKeyPairSpec {
     RSA_4096 = "RSA_4096",
     SM2 = "SM2"
 }
+/**
+ * @public
+ */
 export declare enum DataKeySpec {
     AES_128 = "AES_128",
     AES_256 = "AES_256"
 }
+/**
+ * @public
+ */
 export interface DecryptRequest {
     /**
      * <p>Ciphertext to be decrypted. The blob includes metadata.</p>
@@ -2009,6 +2147,9 @@ export interface DecryptRequest {
      */
     EncryptionAlgorithm?: EncryptionAlgorithmSpec | string;
 }
+/**
+ * @public
+ */
 export interface DecryptResponse {
     /**
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the KMS key that was used to decrypt the ciphertext.</p>
@@ -2024,6 +2165,7 @@ export interface DecryptResponse {
     EncryptionAlgorithm?: EncryptionAlgorithmSpec | string;
 }
 /**
+ * @public
  * <p>The request was rejected because the specified KMS key cannot decrypt the data. The
  *         <code>KeyId</code> in a <a>Decrypt</a> request and the <code>SourceKeyId</code>
  *       in a <a>ReEncrypt</a> request must identify the same KMS key that was used to
@@ -2038,6 +2180,7 @@ export declare class IncorrectKeyException extends __BaseException {
     constructor(opts: __ExceptionOptionType<IncorrectKeyException, __BaseException>);
 }
 /**
+ * @public
  * <p>From the <a>Decrypt</a> or <a>ReEncrypt</a> operation, the request
  *       was rejected because the specified ciphertext, or additional authenticated data incorporated
  *       into the ciphertext, such as the encryption context, is corrupted, missing, or otherwise
@@ -2054,6 +2197,7 @@ export declare class InvalidCiphertextException extends __BaseException {
     constructor(opts: __ExceptionOptionType<InvalidCiphertextException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected for one of the following reasons: </p>
  *          <ul>
  *             <li>
@@ -2083,6 +2227,7 @@ export declare class InvalidKeyUsageException extends __BaseException {
     constructor(opts: __ExceptionOptionType<InvalidKeyUsageException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because the specified KMS key was not available. You can retry
  *       the request.</p>
  */
@@ -2094,6 +2239,9 @@ export declare class KeyUnavailableException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<KeyUnavailableException, __BaseException>);
 }
+/**
+ * @public
+ */
 export interface DeleteAliasRequest {
     /**
      * <p>The alias to be deleted. The alias name must begin with <code>alias/</code> followed by
@@ -2101,14 +2249,23 @@ export interface DeleteAliasRequest {
      */
     AliasName: string | undefined;
 }
+/**
+ * @public
+ */
 export interface DeleteCustomKeyStoreRequest {
     /**
      * <p>Enter the ID of the custom key store you want to delete. To find the ID of a custom key store, use the <a>DescribeCustomKeyStores</a> operation.</p>
      */
     CustomKeyStoreId: string | undefined;
 }
+/**
+ * @public
+ */
 export interface DeleteCustomKeyStoreResponse {
 }
+/**
+ * @public
+ */
 export interface DeleteImportedKeyMaterialRequest {
     /**
      * <p>Identifies the KMS key from which you are deleting imported key material. The
@@ -2129,6 +2286,9 @@ export interface DeleteImportedKeyMaterialRequest {
      */
     KeyId: string | undefined;
 }
+/**
+ * @public
+ */
 export interface DescribeCustomKeyStoresRequest {
     /**
      * <p>Gets only information about the specified custom key store. Enter the key store ID.</p>
@@ -2160,6 +2320,9 @@ export interface DescribeCustomKeyStoresRequest {
      */
     Marker?: string;
 }
+/**
+ * @public
+ */
 export interface DescribeCustomKeyStoresResponse {
     /**
      * <p>Contains metadata about each custom key store.</p>
@@ -2179,6 +2342,7 @@ export interface DescribeCustomKeyStoresResponse {
     Truncated?: boolean;
 }
 /**
+ * @public
  * <p>The request was rejected because the marker that specifies where pagination should next
  *       begin is not valid.</p>
  */
@@ -2190,6 +2354,9 @@ export declare class InvalidMarkerException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<InvalidMarkerException, __BaseException>);
 }
+/**
+ * @public
+ */
 export interface DescribeKeyRequest {
     /**
      * <p>Describes the specified KMS key. </p>
@@ -2226,12 +2393,18 @@ export interface DescribeKeyRequest {
      */
     GrantTokens?: string[];
 }
+/**
+ * @public
+ */
 export interface DescribeKeyResponse {
     /**
      * <p>Metadata associated with the key.</p>
      */
     KeyMetadata?: KeyMetadata;
 }
+/**
+ * @public
+ */
 export interface DisableKeyRequest {
     /**
      * <p>Identifies the KMS key to disable.</p>
@@ -2251,6 +2424,9 @@ export interface DisableKeyRequest {
      */
     KeyId: string | undefined;
 }
+/**
+ * @public
+ */
 export interface DisableKeyRotationRequest {
     /**
      * <p>Identifies a symmetric encryption KMS key. You cannot enable or disable automatic rotation
@@ -2273,14 +2449,23 @@ export interface DisableKeyRotationRequest {
      */
     KeyId: string | undefined;
 }
+/**
+ * @public
+ */
 export interface DisconnectCustomKeyStoreRequest {
     /**
      * <p>Enter the ID of the custom key store you want to disconnect. To find the ID of a custom key store, use the <a>DescribeCustomKeyStores</a> operation.</p>
      */
     CustomKeyStoreId: string | undefined;
 }
+/**
+ * @public
+ */
 export interface DisconnectCustomKeyStoreResponse {
 }
+/**
+ * @public
+ */
 export interface EnableKeyRequest {
     /**
      * <p>Identifies the KMS key to enable.</p>
@@ -2300,6 +2485,9 @@ export interface EnableKeyRequest {
      */
     KeyId: string | undefined;
 }
+/**
+ * @public
+ */
 export interface EnableKeyRotationRequest {
     /**
      * <p>Identifies a symmetric encryption KMS key. You cannot enable automatic rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">asymmetric KMS keys</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html">HMAC KMS keys</a>, KMS keys with <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">imported key material</a>, or KMS keys in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>. To enable or disable automatic rotation of a set of related <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate">multi-Region keys</a>, set the property on the primary key.</p>
@@ -2319,6 +2507,9 @@ export interface EnableKeyRotationRequest {
      */
     KeyId: string | undefined;
 }
+/**
+ * @public
+ */
 export interface EncryptRequest {
     /**
      * <p>Identifies the KMS key to use in the encryption operation. The KMS key must have a
@@ -2377,6 +2568,9 @@ export interface EncryptRequest {
      */
     EncryptionAlgorithm?: EncryptionAlgorithmSpec | string;
 }
+/**
+ * @public
+ */
 export interface EncryptResponse {
     /**
      * <p>The encrypted plaintext. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
@@ -2392,6 +2586,7 @@ export interface EncryptResponse {
     EncryptionAlgorithm?: EncryptionAlgorithmSpec | string;
 }
 /**
+ * @public
  * <p>The request was rejected because the specified import token is expired. Use <a>GetParametersForImport</a> to get a new import token and public key, use the new
  *       public key to encrypt the key material, and then try the request again.</p>
  */
@@ -2403,6 +2598,9 @@ export declare class ExpiredImportTokenException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<ExpiredImportTokenException, __BaseException>);
 }
+/**
+ * @public
+ */
 export interface GenerateDataKeyRequest {
     /**
      * <p>Specifies the symmetric encryption KMS key that encrypts the data key. You cannot specify
@@ -2462,6 +2660,9 @@ export interface GenerateDataKeyRequest {
      */
     GrantTokens?: string[];
 }
+/**
+ * @public
+ */
 export interface GenerateDataKeyResponse {
     /**
      * <p>The encrypted copy of the data key. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
@@ -2477,6 +2678,9 @@ export interface GenerateDataKeyResponse {
      */
     KeyId?: string;
 }
+/**
+ * @public
+ */
 export interface GenerateDataKeyPairRequest {
     /**
      * <p>Specifies the encryption context that will be used when encrypting the private key in the
@@ -2527,6 +2731,9 @@ export interface GenerateDataKeyPairRequest {
      */
     GrantTokens?: string[];
 }
+/**
+ * @public
+ */
 export interface GenerateDataKeyPairResponse {
     /**
      * <p>The encrypted copy of the private key. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
@@ -2549,6 +2756,9 @@ export interface GenerateDataKeyPairResponse {
      */
     KeyPairSpec?: DataKeyPairSpec | string;
 }
+/**
+ * @public
+ */
 export interface GenerateDataKeyPairWithoutPlaintextRequest {
     /**
      * <p>Specifies the encryption context that will be used when encrypting the private key in the
@@ -2599,6 +2809,9 @@ export interface GenerateDataKeyPairWithoutPlaintextRequest {
      */
     GrantTokens?: string[];
 }
+/**
+ * @public
+ */
 export interface GenerateDataKeyPairWithoutPlaintextResponse {
     /**
      * <p>The encrypted copy of the private key. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
@@ -2617,6 +2830,9 @@ export interface GenerateDataKeyPairWithoutPlaintextResponse {
      */
     KeyPairSpec?: DataKeyPairSpec | string;
 }
+/**
+ * @public
+ */
 export interface GenerateDataKeyWithoutPlaintextRequest {
     /**
      * <p>Specifies the symmetric encryption KMS key that encrypts the data key. You cannot specify
@@ -2672,6 +2888,9 @@ export interface GenerateDataKeyWithoutPlaintextRequest {
      */
     GrantTokens?: string[];
 }
+/**
+ * @public
+ */
 export interface GenerateDataKeyWithoutPlaintextResponse {
     /**
      * <p>The encrypted data key. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
@@ -2682,6 +2901,9 @@ export interface GenerateDataKeyWithoutPlaintextResponse {
      */
     KeyId?: string;
 }
+/**
+ * @public
+ */
 export interface GenerateMacRequest {
     /**
      * <p>The message to be hashed. Specify a message of up to 4,096 bytes. </p>
@@ -2712,6 +2934,9 @@ export interface GenerateMacRequest {
      */
     GrantTokens?: string[];
 }
+/**
+ * @public
+ */
 export interface GenerateMacResponse {
     /**
      * <p>The hash-based message authentication code (HMAC) that was generated for the
@@ -2728,6 +2953,9 @@ export interface GenerateMacResponse {
      */
     KeyId?: string;
 }
+/**
+ * @public
+ */
 export interface GenerateRandomRequest {
     /**
      * <p>The length of the random byte string. This parameter is required.</p>
@@ -2742,12 +2970,18 @@ export interface GenerateRandomRequest {
      */
     CustomKeyStoreId?: string;
 }
+/**
+ * @public
+ */
 export interface GenerateRandomResponse {
     /**
      * <p>The random byte string. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
      */
     Plaintext?: Uint8Array;
 }
+/**
+ * @public
+ */
 export interface GetKeyPolicyRequest {
     /**
      * <p>Gets the key policy for the specified KMS key.</p>
@@ -2772,12 +3006,18 @@ export interface GetKeyPolicyRequest {
      */
     PolicyName: string | undefined;
 }
+/**
+ * @public
+ */
 export interface GetKeyPolicyResponse {
     /**
      * <p>A key policy document in JSON format.</p>
      */
     Policy?: string;
 }
+/**
+ * @public
+ */
 export interface GetKeyRotationStatusRequest {
     /**
      * <p>Gets the rotation status for the specified KMS key.</p>
@@ -2798,15 +3038,24 @@ export interface GetKeyRotationStatusRequest {
      */
     KeyId: string | undefined;
 }
+/**
+ * @public
+ */
 export interface GetKeyRotationStatusResponse {
     /**
      * <p>A Boolean value that specifies whether key rotation is enabled.</p>
      */
     KeyRotationEnabled?: boolean;
 }
+/**
+ * @public
+ */
 export declare enum WrappingKeySpec {
     RSA_2048 = "RSA_2048"
 }
+/**
+ * @public
+ */
 export interface GetParametersForImportRequest {
     /**
      * <p>The identifier of the symmetric encryption KMS key into which you will import key
@@ -2843,6 +3092,9 @@ export interface GetParametersForImportRequest {
      */
     WrappingKeySpec: WrappingKeySpec | string | undefined;
 }
+/**
+ * @public
+ */
 export interface GetParametersForImportResponse {
     /**
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the KMS key to use in a subsequent <a>ImportKeyMaterial</a> request. This is the same KMS key specified in the <code>GetParametersForImport</code>
@@ -2865,6 +3117,9 @@ export interface GetParametersForImportResponse {
      */
     ParametersValidTo?: Date;
 }
+/**
+ * @public
+ */
 export interface GetPublicKeyRequest {
     /**
      * <p>Identifies the asymmetric KMS key that includes the public key.</p>
@@ -2898,6 +3153,9 @@ export interface GetPublicKeyRequest {
      */
     GrantTokens?: string[];
 }
+/**
+ * @public
+ */
 export interface GetPublicKeyResponse {
     /**
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the asymmetric KMS key from which the public key was
@@ -2948,6 +3206,7 @@ export interface GetPublicKeyResponse {
     SigningAlgorithms?: (SigningAlgorithmSpec | string)[];
 }
 /**
+ * @public
  * <p>Contains information about a grant.</p>
  */
 export interface GrantListEntry {
@@ -2994,6 +3253,9 @@ export interface GrantListEntry {
      */
     Constraints?: GrantConstraints;
 }
+/**
+ * @public
+ */
 export interface ImportKeyMaterialRequest {
     /**
      * <p>The identifier of the symmetric encryption KMS key that receives the imported key
@@ -3053,9 +3315,13 @@ export interface ImportKeyMaterialRequest {
      */
     ExpirationModel?: ExpirationModelType | string;
 }
+/**
+ * @public
+ */
 export interface ImportKeyMaterialResponse {
 }
 /**
+ * @public
  * <p>The request was rejected because the key material in the request is, expired, invalid, or
  *       is not the same key material that was previously imported into this KMS key.</p>
  */
@@ -3068,6 +3334,7 @@ export declare class IncorrectKeyMaterialException extends __BaseException {
     constructor(opts: __ExceptionOptionType<IncorrectKeyMaterialException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because the provided import token is invalid or is associated
  *       with a different KMS key.</p>
  */
@@ -3080,6 +3347,7 @@ export declare class InvalidImportTokenException extends __BaseException {
     constructor(opts: __ExceptionOptionType<InvalidImportTokenException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because the specified <code>GrantId</code> is not valid.</p>
  */
 export declare class InvalidGrantIdException extends __BaseException {
@@ -3091,6 +3359,7 @@ export declare class InvalidGrantIdException extends __BaseException {
     constructor(opts: __ExceptionOptionType<InvalidGrantIdException, __BaseException>);
 }
 /**
+ * @public
  * <p>Contains information about each entry in the key list.</p>
  */
 export interface KeyListEntry {
@@ -3104,6 +3373,7 @@ export interface KeyListEntry {
     KeyArn?: string;
 }
 /**
+ * @public
  * <p>The request was rejected because the HMAC verification failed. HMAC verification fails
  *       when the HMAC computed by using the specified message, HMAC KMS key, and MAC algorithm does
  *       not match the HMAC specified in the request.</p>
@@ -3117,6 +3387,7 @@ export declare class KMSInvalidMacException extends __BaseException {
     constructor(opts: __ExceptionOptionType<KMSInvalidMacException, __BaseException>);
 }
 /**
+ * @public
  * <p>The request was rejected because the signature verification failed. Signature verification
  *       fails when it cannot confirm that signature was produced by signing the specified message with
  *       the specified KMS key and signing algorithm.</p>
@@ -3129,6 +3400,9 @@ export declare class KMSInvalidSignatureException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<KMSInvalidSignatureException, __BaseException>);
 }
+/**
+ * @public
+ */
 export interface ListAliasesRequest {
     /**
      * <p>Lists only aliases that are associated with the specified KMS key. Enter a KMS key in your
@@ -3165,6 +3439,9 @@ export interface ListAliasesRequest {
      */
     Marker?: string;
 }
+/**
+ * @public
+ */
 export interface ListAliasesResponse {
     /**
      * <p>A list of aliases.</p>
@@ -3183,6 +3460,9 @@ export interface ListAliasesResponse {
      */
     Truncated?: boolean;
 }
+/**
+ * @public
+ */
 export interface ListGrantsRequest {
     /**
      * <p>Use this parameter to specify the maximum number of items to return. When this
@@ -3227,6 +3507,9 @@ export interface ListGrantsRequest {
      */
     GranteePrincipal?: string;
 }
+/**
+ * @public
+ */
 export interface ListGrantsResponse {
     /**
      * <p>A list of grants.</p>
@@ -3245,6 +3528,9 @@ export interface ListGrantsResponse {
      */
     Truncated?: boolean;
 }
+/**
+ * @public
+ */
 export interface ListKeyPoliciesRequest {
     /**
      * <p>Gets the names of key policies for the specified KMS key.</p>
@@ -3279,6 +3565,9 @@ export interface ListKeyPoliciesRequest {
      */
     Marker?: string;
 }
+/**
+ * @public
+ */
 export interface ListKeyPoliciesResponse {
     /**
      * <p>A list of key policy names. The only valid value is <code>default</code>.</p>
@@ -3297,6 +3586,9 @@ export interface ListKeyPoliciesResponse {
      */
     Truncated?: boolean;
 }
+/**
+ * @public
+ */
 export interface ListKeysRequest {
     /**
      * <p>Use this parameter to specify the maximum number of items to return. When this
@@ -3313,6 +3605,9 @@ export interface ListKeysRequest {
      */
     Marker?: string;
 }
+/**
+ * @public
+ */
 export interface ListKeysResponse {
     /**
      * <p>A list of KMS keys.</p>
@@ -3331,6 +3626,9 @@ export interface ListKeysResponse {
      */
     Truncated?: boolean;
 }
+/**
+ * @public
+ */
 export interface ListResourceTagsRequest {
     /**
      * <p>Gets tags on the specified KMS key.</p>
@@ -3366,6 +3664,9 @@ export interface ListResourceTagsRequest {
      */
     Marker?: string;
 }
+/**
+ * @public
+ */
 export interface ListResourceTagsResponse {
     /**
      * <p>A list of tags. Each tag consists of a tag key and a tag value.</p>
@@ -3388,6 +3689,9 @@ export interface ListResourceTagsResponse {
      */
     Truncated?: boolean;
 }
+/**
+ * @public
+ */
 export interface ListRetirableGrantsRequest {
     /**
      * <p>Use this parameter to specify the maximum number of items to return. When this
@@ -3415,10 +3719,16 @@ export interface ListRetirableGrantsRequest {
      */
     RetiringPrincipal: string | undefined;
 }
+/**
+ * @public
+ */
 export declare enum MessageType {
     DIGEST = "DIGEST",
     RAW = "RAW"
 }
+/**
+ * @public
+ */
 export interface PutKeyPolicyRequest {
     /**
      * <p>Sets the key policy on the specified KMS key.</p>
@@ -3490,6 +3800,9 @@ export interface PutKeyPolicyRequest {
      */
     BypassPolicyLockoutSafetyCheck?: boolean;
 }
+/**
+ * @public
+ */
 export interface ReEncryptRequest {
     /**
      * <p>Ciphertext of the data to reencrypt.</p>
@@ -3603,6 +3916,9 @@ export interface ReEncryptRequest {
      */
     GrantTokens?: string[];
 }
+/**
+ * @public
+ */
 export interface ReEncryptResponse {
     /**
      * <p>The reencrypted data. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
@@ -3626,6 +3942,9 @@ export interface ReEncryptResponse {
      */
     DestinationEncryptionAlgorithm?: EncryptionAlgorithmSpec | string;
 }
+/**
+ * @public
+ */
 export interface ReplicateKeyRequest {
     /**
      * <p>Identifies the multi-Region primary key that is being replicated. To determine whether a
@@ -3748,6 +4067,9 @@ export interface ReplicateKeyRequest {
      */
     Tags?: Tag[];
 }
+/**
+ * @public
+ */
 export interface ReplicateKeyResponse {
     /**
      * <p>Displays details about the new replica key, including its Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) and
@@ -3766,6 +4088,9 @@ export interface ReplicateKeyResponse {
      */
     ReplicaTags?: Tag[];
 }
+/**
+ * @public
+ */
 export interface RetireGrantRequest {
     /**
      * <p>Identifies the grant to be retired. You can use a grant token to identify a new grant even
@@ -3793,6 +4118,9 @@ export interface RetireGrantRequest {
      */
     GrantId?: string;
 }
+/**
+ * @public
+ */
 export interface RevokeGrantRequest {
     /**
      * <p>A unique identifier for the KMS key associated with the grant. To get the key ID and key
@@ -3819,6 +4147,9 @@ export interface RevokeGrantRequest {
      */
     GrantId: string | undefined;
 }
+/**
+ * @public
+ */
 export interface ScheduleKeyDeletionRequest {
     /**
      * <p>The unique identifier of the KMS key to delete.</p>
@@ -3848,6 +4179,9 @@ export interface ScheduleKeyDeletionRequest {
      */
     PendingWindowInDays?: number;
 }
+/**
+ * @public
+ */
 export interface ScheduleKeyDeletionResponse {
     /**
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the KMS key whose deletion is scheduled.</p>
@@ -3874,6 +4208,9 @@ export interface ScheduleKeyDeletionResponse {
      */
     PendingWindowInDays?: number;
 }
+/**
+ * @public
+ */
 export interface SignRequest {
     /**
      * <p>Identifies an asymmetric KMS key. KMS uses the private key in the asymmetric KMS key to
@@ -3957,6 +4294,9 @@ export interface SignRequest {
      */
     SigningAlgorithm: SigningAlgorithmSpec | string | undefined;
 }
+/**
+ * @public
+ */
 export interface SignResponse {
     /**
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the asymmetric KMS key that was used to sign the message.</p>
@@ -3986,6 +4326,9 @@ export interface SignResponse {
      */
     SigningAlgorithm?: SigningAlgorithmSpec | string;
 }
+/**
+ * @public
+ */
 export interface TagResourceRequest {
     /**
      * <p>Identifies a customer managed key in the account and Region.</p>
@@ -4014,6 +4357,9 @@ export interface TagResourceRequest {
      */
     Tags: Tag[] | undefined;
 }
+/**
+ * @public
+ */
 export interface UntagResourceRequest {
     /**
      * <p>Identifies the KMS key from which you are removing tags.</p>
@@ -4037,6 +4383,9 @@ export interface UntagResourceRequest {
      */
     TagKeys: string[] | undefined;
 }
+/**
+ * @public
+ */
 export interface UpdateAliasRequest {
     /**
      * <p>Identifies the alias that is changing its KMS key. This value must begin with
@@ -4067,6 +4416,9 @@ export interface UpdateAliasRequest {
      */
     TargetKeyId: string | undefined;
 }
+/**
+ * @public
+ */
 export interface UpdateCustomKeyStoreRequest {
     /**
      * <p>Identifies the custom key store that you want to update. Enter the ID of the custom key
@@ -4166,8 +4518,14 @@ export interface UpdateCustomKeyStoreRequest {
      */
     XksProxyConnectivity?: XksProxyConnectivityType | string;
 }
+/**
+ * @public
+ */
 export interface UpdateCustomKeyStoreResponse {
 }
+/**
+ * @public
+ */
 export interface UpdateKeyDescriptionRequest {
     /**
      * <p>Updates the description of the specified KMS key.</p>
@@ -4191,6 +4549,9 @@ export interface UpdateKeyDescriptionRequest {
      */
     Description: string | undefined;
 }
+/**
+ * @public
+ */
 export interface UpdatePrimaryRegionRequest {
     /**
      * <p>Identifies the current primary key. When the operation completes, this KMS key will be a
@@ -4219,6 +4580,9 @@ export interface UpdatePrimaryRegionRequest {
      */
     PrimaryRegion: string | undefined;
 }
+/**
+ * @public
+ */
 export interface VerifyRequest {
     /**
      * <p>Identifies the asymmetric KMS key that will be used to verify the signature. This must be
@@ -4306,6 +4670,9 @@ export interface VerifyRequest {
      */
     GrantTokens?: string[];
 }
+/**
+ * @public
+ */
 export interface VerifyResponse {
     /**
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the asymmetric KMS key that was used to verify the signature.</p>
@@ -4324,6 +4691,9 @@ export interface VerifyResponse {
      */
     SigningAlgorithm?: SigningAlgorithmSpec | string;
 }
+/**
+ * @public
+ */
 export interface VerifyMacRequest {
     /**
      * <p>The message that will be used in the verification. Enter the same message that was used to
@@ -4359,6 +4729,9 @@ export interface VerifyMacRequest {
      */
     GrantTokens?: string[];
 }
+/**
+ * @public
+ */
 export interface VerifyMacResponse {
     /**
      * <p>The HMAC KMS key used in the verification.</p>