@aws-sdk/client-kms 3.32.0 → 3.36.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +45 -0
- package/README.md +8 -7
- package/{dist/cjs → dist-cjs}/KMS.js +9 -9
- package/{dist/cjs → dist-cjs}/KMSClient.js +16 -16
- package/{dist/cjs → dist-cjs}/commands/CancelKeyDeletionCommand.js +8 -7
- package/{dist/cjs → dist-cjs}/commands/ConnectCustomKeyStoreCommand.js +5 -6
- package/{dist/cjs → dist-cjs}/commands/CreateAliasCommand.js +13 -10
- package/{dist/cjs → dist-cjs}/commands/CreateCustomKeyStoreCommand.js +2 -3
- package/{dist/cjs → dist-cjs}/commands/CreateGrantCommand.js +16 -14
- package/{dist/cjs → dist-cjs}/commands/CreateKeyCommand.js +18 -17
- package/{dist/cjs → dist-cjs}/commands/DecryptCommand.js +26 -24
- package/{dist/cjs → dist-cjs}/commands/DeleteAliasCommand.js +13 -10
- package/{dist/cjs → dist-cjs}/commands/DeleteCustomKeyStoreCommand.js +12 -14
- package/{dist/cjs → dist-cjs}/commands/DeleteImportedKeyMaterialCommand.js +7 -9
- package/{dist/cjs → dist-cjs}/commands/DescribeCustomKeyStoresCommand.js +6 -7
- package/{dist/cjs → dist-cjs}/commands/DescribeKeyCommand.js +14 -13
- package/{dist/cjs → dist-cjs}/commands/DisableKeyCommand.js +7 -7
- package/{dist/cjs → dist-cjs}/commands/DisableKeyRotationCommand.js +4 -4
- package/{dist/cjs → dist-cjs}/commands/DisconnectCustomKeyStoreCommand.js +8 -7
- package/{dist/cjs → dist-cjs}/commands/EnableKeyCommand.js +6 -5
- package/{dist/cjs → dist-cjs}/commands/EnableKeyRotationCommand.js +4 -4
- package/{dist/cjs → dist-cjs}/commands/EncryptCommand.js +16 -15
- package/{dist/cjs → dist-cjs}/commands/GenerateDataKeyCommand.js +17 -15
- package/{dist/cjs → dist-cjs}/commands/GenerateDataKeyPairCommand.js +17 -16
- package/{dist/cjs → dist-cjs}/commands/GenerateDataKeyPairWithoutPlaintextCommand.js +18 -16
- package/{dist/cjs → dist-cjs}/commands/GenerateDataKeyWithoutPlaintextCommand.js +13 -12
- package/{dist/cjs → dist-cjs}/commands/GenerateRandomCommand.js +4 -4
- package/{dist/cjs → dist-cjs}/commands/GetKeyPolicyCommand.js +2 -3
- package/{dist/cjs → dist-cjs}/commands/GetKeyRotationStatusCommand.js +4 -4
- package/{dist/cjs → dist-cjs}/commands/GetParametersForImportCommand.js +9 -11
- package/{dist/cjs → dist-cjs}/commands/GetPublicKeyCommand.js +9 -8
- package/{dist/cjs → dist-cjs}/commands/ImportKeyMaterialCommand.js +15 -16
- package/{dist/cjs → dist-cjs}/commands/ListAliasesCommand.js +15 -13
- package/{dist/cjs → dist-cjs}/commands/ListGrantsCommand.js +4 -5
- package/{dist/cjs → dist-cjs}/commands/ListKeyPoliciesCommand.js +5 -6
- package/{dist/cjs → dist-cjs}/commands/ListKeysCommand.js +3 -5
- package/{dist/cjs → dist-cjs}/commands/ListResourceTagsCommand.js +2 -3
- package/{dist/cjs → dist-cjs}/commands/ListRetirableGrantsCommand.js +9 -9
- package/{dist/cjs → dist-cjs}/commands/PutKeyPolicyCommand.js +2 -3
- package/{dist/cjs → dist-cjs}/commands/ReEncryptCommand.js +35 -30
- package/{dist/cjs → dist-cjs}/commands/ReplicateKeyCommand.js +7 -8
- package/{dist/cjs → dist-cjs}/commands/RetireGrantCommand.js +9 -8
- package/{dist/cjs → dist-cjs}/commands/RevokeGrantCommand.js +3 -5
- package/{dist/cjs → dist-cjs}/commands/ScheduleKeyDeletionCommand.js +21 -18
- package/{dist/cjs → dist-cjs}/commands/SignCommand.js +12 -12
- package/{dist/cjs → dist-cjs}/commands/TagResourceCommand.js +8 -7
- package/{dist/cjs → dist-cjs}/commands/UntagResourceCommand.js +5 -6
- package/{dist/cjs → dist-cjs}/commands/UpdateAliasCommand.js +17 -14
- package/{dist/cjs → dist-cjs}/commands/UpdateCustomKeyStoreCommand.js +19 -20
- package/{dist/cjs → dist-cjs}/commands/UpdateKeyDescriptionCommand.js +5 -6
- package/{dist/cjs → dist-cjs}/commands/UpdatePrimaryRegionCommand.js +3 -4
- package/{dist/cjs → dist-cjs}/commands/VerifyCommand.js +7 -8
- package/{dist/cjs → dist-cjs}/endpoints.js +0 -1
- package/{dist/cjs → dist-cjs}/index.js +0 -1
- package/{dist/cjs → dist-cjs}/models/index.js +0 -1
- package/{dist/cjs → dist-cjs}/models/models_0.js +0 -1
- package/{dist/cjs → dist-cjs}/pagination/Interfaces.js +0 -1
- package/{dist/cjs → dist-cjs}/pagination/ListAliasesPaginator.js +1 -2
- package/{dist/cjs → dist-cjs}/pagination/ListGrantsPaginator.js +1 -2
- package/{dist/cjs → dist-cjs}/pagination/ListKeyPoliciesPaginator.js +1 -2
- package/{dist/cjs → dist-cjs}/pagination/ListKeysPaginator.js +1 -2
- package/{dist/cjs → dist-cjs}/protocols/Aws_json1_1.js +0 -1
- package/{dist/cjs → dist-cjs}/runtimeConfig.browser.js +2 -2
- package/{dist/cjs → dist-cjs}/runtimeConfig.js +2 -2
- package/{dist/cjs → dist-cjs}/runtimeConfig.native.js +0 -1
- package/{dist/cjs → dist-cjs}/runtimeConfig.shared.js +1 -2
- package/{dist/es → dist-es}/KMS.js +2 -94
- package/dist-es/KMSClient.js +37 -0
- package/dist-es/commands/CancelKeyDeletionCommand.js +39 -0
- package/dist-es/commands/ConnectCustomKeyStoreCommand.js +39 -0
- package/dist-es/commands/CreateAliasCommand.js +39 -0
- package/dist-es/commands/CreateCustomKeyStoreCommand.js +39 -0
- package/dist-es/commands/CreateGrantCommand.js +39 -0
- package/dist-es/commands/CreateKeyCommand.js +39 -0
- package/dist-es/commands/DecryptCommand.js +39 -0
- package/dist-es/commands/DeleteAliasCommand.js +39 -0
- package/dist-es/commands/DeleteCustomKeyStoreCommand.js +39 -0
- package/dist-es/commands/DeleteImportedKeyMaterialCommand.js +39 -0
- package/dist-es/commands/DescribeCustomKeyStoresCommand.js +39 -0
- package/dist-es/commands/DescribeKeyCommand.js +39 -0
- package/dist-es/commands/DisableKeyCommand.js +39 -0
- package/dist-es/commands/DisableKeyRotationCommand.js +39 -0
- package/dist-es/commands/DisconnectCustomKeyStoreCommand.js +39 -0
- package/dist-es/commands/EnableKeyCommand.js +39 -0
- package/dist-es/commands/EnableKeyRotationCommand.js +39 -0
- package/dist-es/commands/EncryptCommand.js +39 -0
- package/dist-es/commands/GenerateDataKeyCommand.js +39 -0
- package/dist-es/commands/GenerateDataKeyPairCommand.js +39 -0
- package/dist-es/commands/GenerateDataKeyPairWithoutPlaintextCommand.js +39 -0
- package/dist-es/commands/GenerateDataKeyWithoutPlaintextCommand.js +39 -0
- package/dist-es/commands/GenerateRandomCommand.js +39 -0
- package/{dist/es → dist-es}/commands/GetKeyPolicyCommand.js +4 -38
- package/dist-es/commands/GetKeyRotationStatusCommand.js +39 -0
- package/dist-es/commands/GetParametersForImportCommand.js +39 -0
- package/dist-es/commands/GetPublicKeyCommand.js +39 -0
- package/dist-es/commands/ImportKeyMaterialCommand.js +39 -0
- package/dist-es/commands/ListAliasesCommand.js +39 -0
- package/dist-es/commands/ListGrantsCommand.js +39 -0
- package/dist-es/commands/ListKeyPoliciesCommand.js +39 -0
- package/dist-es/commands/ListKeysCommand.js +39 -0
- package/dist-es/commands/ListResourceTagsCommand.js +39 -0
- package/dist-es/commands/ListRetirableGrantsCommand.js +39 -0
- package/dist-es/commands/PutKeyPolicyCommand.js +39 -0
- package/dist-es/commands/ReEncryptCommand.js +39 -0
- package/dist-es/commands/ReplicateKeyCommand.js +39 -0
- package/dist-es/commands/RetireGrantCommand.js +39 -0
- package/dist-es/commands/RevokeGrantCommand.js +39 -0
- package/dist-es/commands/ScheduleKeyDeletionCommand.js +39 -0
- package/dist-es/commands/SignCommand.js +39 -0
- package/dist-es/commands/TagResourceCommand.js +39 -0
- package/dist-es/commands/UntagResourceCommand.js +39 -0
- package/dist-es/commands/UpdateAliasCommand.js +39 -0
- package/dist-es/commands/UpdateCustomKeyStoreCommand.js +39 -0
- package/dist-es/commands/UpdateKeyDescriptionCommand.js +39 -0
- package/dist-es/commands/UpdatePrimaryRegionCommand.js +39 -0
- package/dist-es/commands/VerifyCommand.js +39 -0
- package/{dist/es → dist-es}/endpoints.js +1 -2
- package/{dist/types/index.d.ts → dist-es/index.js} +0 -0
- package/{dist/types/models/index.d.ts → dist-es/models/index.js} +0 -0
- package/{dist/es → dist-es}/models/models_0.js +0 -367
- package/dist-es/pagination/Interfaces.js +1 -0
- package/{dist/es → dist-es}/pagination/ListAliasesPaginator.js +17 -30
- package/{dist/es → dist-es}/pagination/ListGrantsPaginator.js +17 -30
- package/{dist/es → dist-es}/pagination/ListKeyPoliciesPaginator.js +17 -30
- package/{dist/es → dist-es}/pagination/ListKeysPaginator.js +17 -30
- package/{dist/es → dist-es}/protocols/Aws_json1_1.js +1615 -1621
- package/{dist/es → dist-es}/runtimeConfig.browser.js +1 -5
- package/{dist/es → dist-es}/runtimeConfig.js +1 -5
- package/{dist/es → dist-es}/runtimeConfig.native.js +0 -4
- package/{dist/es → dist-es}/runtimeConfig.shared.js +1 -5
- package/{dist/types → dist-types}/KMS.d.ts +398 -336
- package/{dist/types → dist-types}/KMSClient.d.ts +16 -15
- package/{dist/types → dist-types}/commands/CancelKeyDeletionCommand.d.ts +8 -6
- package/{dist/types → dist-types}/commands/ConnectCustomKeyStoreCommand.d.ts +5 -5
- package/{dist/types → dist-types}/commands/CreateAliasCommand.d.ts +13 -9
- package/{dist/types → dist-types}/commands/CreateCustomKeyStoreCommand.d.ts +2 -2
- package/{dist/types → dist-types}/commands/CreateGrantCommand.d.ts +16 -13
- package/{dist/types → dist-types}/commands/CreateKeyCommand.d.ts +18 -16
- package/{dist/types → dist-types}/commands/DecryptCommand.d.ts +26 -23
- package/{dist/types → dist-types}/commands/DeleteAliasCommand.d.ts +13 -9
- package/{dist/types → dist-types}/commands/DeleteCustomKeyStoreCommand.d.ts +12 -13
- package/{dist/types → dist-types}/commands/DeleteImportedKeyMaterialCommand.d.ts +7 -8
- package/{dist/types → dist-types}/commands/DescribeCustomKeyStoresCommand.d.ts +6 -6
- package/{dist/types → dist-types}/commands/DescribeKeyCommand.d.ts +14 -12
- package/{dist/types → dist-types}/commands/DisableKeyCommand.d.ts +7 -6
- package/{dist/types → dist-types}/commands/DisableKeyRotationCommand.d.ts +4 -3
- package/{dist/types → dist-types}/commands/DisconnectCustomKeyStoreCommand.d.ts +8 -6
- package/{dist/types → dist-types}/commands/EnableKeyCommand.d.ts +6 -4
- package/{dist/types → dist-types}/commands/EnableKeyRotationCommand.d.ts +4 -3
- package/{dist/types → dist-types}/commands/EncryptCommand.d.ts +16 -14
- package/{dist/types → dist-types}/commands/GenerateDataKeyCommand.d.ts +17 -14
- package/{dist/types → dist-types}/commands/GenerateDataKeyPairCommand.d.ts +17 -15
- package/{dist/types → dist-types}/commands/GenerateDataKeyPairWithoutPlaintextCommand.d.ts +18 -15
- package/{dist/types → dist-types}/commands/GenerateDataKeyWithoutPlaintextCommand.d.ts +13 -11
- package/{dist/types → dist-types}/commands/GenerateRandomCommand.d.ts +4 -3
- package/{dist/types → dist-types}/commands/GetKeyPolicyCommand.d.ts +2 -2
- package/{dist/types → dist-types}/commands/GetKeyRotationStatusCommand.d.ts +4 -3
- package/{dist/types → dist-types}/commands/GetParametersForImportCommand.d.ts +9 -10
- package/{dist/types → dist-types}/commands/GetPublicKeyCommand.d.ts +9 -7
- package/{dist/types → dist-types}/commands/ImportKeyMaterialCommand.d.ts +15 -15
- package/{dist/types → dist-types}/commands/ListAliasesCommand.d.ts +15 -12
- package/{dist/types → dist-types}/commands/ListGrantsCommand.d.ts +4 -4
- package/{dist/types → dist-types}/commands/ListKeyPoliciesCommand.d.ts +5 -5
- package/{dist/types → dist-types}/commands/ListKeysCommand.d.ts +3 -4
- package/{dist/types → dist-types}/commands/ListResourceTagsCommand.d.ts +2 -2
- package/{dist/types → dist-types}/commands/ListRetirableGrantsCommand.d.ts +9 -8
- package/{dist/types → dist-types}/commands/PutKeyPolicyCommand.d.ts +2 -2
- package/{dist/types → dist-types}/commands/ReEncryptCommand.d.ts +35 -29
- package/{dist/types → dist-types}/commands/ReplicateKeyCommand.d.ts +7 -7
- package/{dist/types → dist-types}/commands/RetireGrantCommand.d.ts +9 -7
- package/{dist/types → dist-types}/commands/RevokeGrantCommand.d.ts +3 -4
- package/{dist/types → dist-types}/commands/ScheduleKeyDeletionCommand.d.ts +21 -17
- package/{dist/types → dist-types}/commands/SignCommand.d.ts +12 -11
- package/{dist/types → dist-types}/commands/TagResourceCommand.d.ts +8 -6
- package/{dist/types → dist-types}/commands/UntagResourceCommand.d.ts +5 -5
- package/{dist/types → dist-types}/commands/UpdateAliasCommand.d.ts +17 -13
- package/{dist/types → dist-types}/commands/UpdateCustomKeyStoreCommand.d.ts +19 -19
- package/{dist/types → dist-types}/commands/UpdateKeyDescriptionCommand.d.ts +5 -5
- package/{dist/types → dist-types}/commands/UpdatePrimaryRegionCommand.d.ts +3 -3
- package/{dist/types → dist-types}/commands/VerifyCommand.d.ts +7 -7
- package/{dist/types → dist-types}/endpoints.d.ts +0 -0
- package/{index.ts → dist-types/index.d.ts} +0 -0
- package/{models/index.ts → dist-types/models/index.d.ts} +0 -0
- package/{dist/types → dist-types}/models/models_0.d.ts +296 -249
- package/{dist/types → dist-types}/pagination/Interfaces.d.ts +1 -1
- package/{dist/types → dist-types}/pagination/ListAliasesPaginator.d.ts +1 -1
- package/{dist/types → dist-types}/pagination/ListGrantsPaginator.d.ts +1 -1
- package/{dist/types → dist-types}/pagination/ListKeyPoliciesPaginator.d.ts +1 -1
- package/{dist/types → dist-types}/pagination/ListKeysPaginator.d.ts +1 -1
- package/{dist/types → dist-types}/protocols/Aws_json1_1.d.ts +2 -2
- package/{dist/types → dist-types}/runtimeConfig.browser.d.ts +1 -0
- package/{dist/types → dist-types}/runtimeConfig.d.ts +2 -1
- package/{dist/types/ts3.4 → dist-types}/runtimeConfig.native.d.ts +36 -35
- package/{dist/types → dist-types}/runtimeConfig.shared.d.ts +0 -0
- package/{dist/types → dist-types}/ts3.4/KMS.d.ts +398 -336
- package/{dist/types → dist-types}/ts3.4/KMSClient.d.ts +16 -15
- package/{dist/types → dist-types}/ts3.4/commands/CancelKeyDeletionCommand.d.ts +8 -6
- package/{dist/types → dist-types}/ts3.4/commands/ConnectCustomKeyStoreCommand.d.ts +5 -5
- package/{dist/types → dist-types}/ts3.4/commands/CreateAliasCommand.d.ts +13 -9
- package/{dist/types → dist-types}/ts3.4/commands/CreateCustomKeyStoreCommand.d.ts +2 -2
- package/{dist/types → dist-types}/ts3.4/commands/CreateGrantCommand.d.ts +16 -13
- package/{dist/types → dist-types}/ts3.4/commands/CreateKeyCommand.d.ts +18 -16
- package/{dist/types → dist-types}/ts3.4/commands/DecryptCommand.d.ts +26 -23
- package/{dist/types → dist-types}/ts3.4/commands/DeleteAliasCommand.d.ts +13 -9
- package/{dist/types → dist-types}/ts3.4/commands/DeleteCustomKeyStoreCommand.d.ts +12 -13
- package/{dist/types → dist-types}/ts3.4/commands/DeleteImportedKeyMaterialCommand.d.ts +7 -8
- package/{dist/types → dist-types}/ts3.4/commands/DescribeCustomKeyStoresCommand.d.ts +6 -6
- package/{dist/types → dist-types}/ts3.4/commands/DescribeKeyCommand.d.ts +14 -12
- package/{dist/types → dist-types}/ts3.4/commands/DisableKeyCommand.d.ts +7 -6
- package/{dist/types → dist-types}/ts3.4/commands/DisableKeyRotationCommand.d.ts +4 -3
- package/{dist/types → dist-types}/ts3.4/commands/DisconnectCustomKeyStoreCommand.d.ts +8 -6
- package/{dist/types → dist-types}/ts3.4/commands/EnableKeyCommand.d.ts +6 -4
- package/{dist/types → dist-types}/ts3.4/commands/EnableKeyRotationCommand.d.ts +4 -3
- package/{dist/types → dist-types}/ts3.4/commands/EncryptCommand.d.ts +16 -14
- package/{dist/types → dist-types}/ts3.4/commands/GenerateDataKeyCommand.d.ts +17 -14
- package/{dist/types → dist-types}/ts3.4/commands/GenerateDataKeyPairCommand.d.ts +17 -15
- package/{dist/types → dist-types}/ts3.4/commands/GenerateDataKeyPairWithoutPlaintextCommand.d.ts +18 -15
- package/{dist/types → dist-types}/ts3.4/commands/GenerateDataKeyWithoutPlaintextCommand.d.ts +13 -11
- package/{dist/types → dist-types}/ts3.4/commands/GenerateRandomCommand.d.ts +4 -3
- package/{dist/types → dist-types}/ts3.4/commands/GetKeyPolicyCommand.d.ts +2 -2
- package/{dist/types → dist-types}/ts3.4/commands/GetKeyRotationStatusCommand.d.ts +4 -3
- package/{dist/types → dist-types}/ts3.4/commands/GetParametersForImportCommand.d.ts +9 -10
- package/{dist/types → dist-types}/ts3.4/commands/GetPublicKeyCommand.d.ts +9 -7
- package/{dist/types → dist-types}/ts3.4/commands/ImportKeyMaterialCommand.d.ts +15 -15
- package/{dist/types → dist-types}/ts3.4/commands/ListAliasesCommand.d.ts +15 -12
- package/{dist/types → dist-types}/ts3.4/commands/ListGrantsCommand.d.ts +4 -4
- package/{dist/types → dist-types}/ts3.4/commands/ListKeyPoliciesCommand.d.ts +5 -5
- package/{dist/types → dist-types}/ts3.4/commands/ListKeysCommand.d.ts +3 -4
- package/{dist/types → dist-types}/ts3.4/commands/ListResourceTagsCommand.d.ts +2 -2
- package/{dist/types → dist-types}/ts3.4/commands/ListRetirableGrantsCommand.d.ts +9 -8
- package/{dist/types → dist-types}/ts3.4/commands/PutKeyPolicyCommand.d.ts +2 -2
- package/{dist/types → dist-types}/ts3.4/commands/ReEncryptCommand.d.ts +35 -29
- package/{dist/types → dist-types}/ts3.4/commands/ReplicateKeyCommand.d.ts +7 -7
- package/{dist/types → dist-types}/ts3.4/commands/RetireGrantCommand.d.ts +9 -7
- package/{dist/types → dist-types}/ts3.4/commands/RevokeGrantCommand.d.ts +3 -4
- package/{dist/types → dist-types}/ts3.4/commands/ScheduleKeyDeletionCommand.d.ts +21 -17
- package/{dist/types → dist-types}/ts3.4/commands/SignCommand.d.ts +12 -11
- package/{dist/types → dist-types}/ts3.4/commands/TagResourceCommand.d.ts +8 -6
- package/{dist/types → dist-types}/ts3.4/commands/UntagResourceCommand.d.ts +5 -5
- package/{dist/types → dist-types}/ts3.4/commands/UpdateAliasCommand.d.ts +17 -13
- package/{dist/types → dist-types}/ts3.4/commands/UpdateCustomKeyStoreCommand.d.ts +19 -19
- package/{dist/types → dist-types}/ts3.4/commands/UpdateKeyDescriptionCommand.d.ts +5 -5
- package/{dist/types → dist-types}/ts3.4/commands/UpdatePrimaryRegionCommand.d.ts +3 -3
- package/{dist/types → dist-types}/ts3.4/commands/VerifyCommand.d.ts +7 -7
- package/{dist/types → dist-types}/ts3.4/endpoints.d.ts +0 -0
- package/{dist/types → dist-types}/ts3.4/index.d.ts +0 -0
- package/{dist/types → dist-types}/ts3.4/models/index.d.ts +0 -0
- package/{dist/types → dist-types}/ts3.4/models/models_0.d.ts +296 -249
- package/{dist/types → dist-types}/ts3.4/pagination/Interfaces.d.ts +1 -1
- package/{dist/types → dist-types}/ts3.4/pagination/ListAliasesPaginator.d.ts +1 -1
- package/{dist/types → dist-types}/ts3.4/pagination/ListGrantsPaginator.d.ts +1 -1
- package/{dist/types → dist-types}/ts3.4/pagination/ListKeyPoliciesPaginator.d.ts +1 -1
- package/{dist/types → dist-types}/ts3.4/pagination/ListKeysPaginator.d.ts +1 -1
- package/{dist/types → dist-types}/ts3.4/protocols/Aws_json1_1.d.ts +2 -2
- package/{dist/types → dist-types}/ts3.4/runtimeConfig.browser.d.ts +1 -0
- package/{dist/types → dist-types}/ts3.4/runtimeConfig.d.ts +2 -1
- package/{dist/types → dist-types/ts3.4}/runtimeConfig.native.d.ts +36 -35
- package/{dist/types → dist-types}/ts3.4/runtimeConfig.shared.d.ts +0 -0
- package/package.json +52 -49
- package/KMS.ts +0 -4018
- package/KMSClient.ts +0 -515
- package/commands/CancelKeyDeletionCommand.ts +0 -105
- package/commands/ConnectCustomKeyStoreCommand.ts +0 -155
- package/commands/CreateAliasCommand.ts +0 -147
- package/commands/CreateCustomKeyStoreCommand.ts +0 -143
- package/commands/CreateGrantCommand.ts +0 -153
- package/commands/CreateKeyCommand.ts +0 -209
- package/commands/DecryptCommand.ts +0 -172
- package/commands/DeleteAliasCommand.ts +0 -137
- package/commands/DeleteCustomKeyStoreCommand.ts +0 -149
- package/commands/DeleteImportedKeyMaterialCommand.ts +0 -127
- package/commands/DescribeCustomKeyStoresCommand.ts +0 -147
- package/commands/DescribeKeyCommand.ts +0 -171
- package/commands/DisableKeyCommand.ts +0 -108
- package/commands/DisableKeyRotationCommand.ts +0 -118
- package/commands/DisconnectCustomKeyStoreCommand.ts +0 -144
- package/commands/EnableKeyCommand.ts +0 -97
- package/commands/EnableKeyRotationCommand.ts +0 -118
- package/commands/EncryptCommand.ts +0 -209
- package/commands/GenerateDataKeyCommand.ts +0 -188
- package/commands/GenerateDataKeyPairCommand.ts +0 -168
- package/commands/GenerateDataKeyPairWithoutPlaintextCommand.ts +0 -168
- package/commands/GenerateDataKeyWithoutPlaintextCommand.ts +0 -171
- package/commands/GenerateRandomCommand.ts +0 -102
- package/commands/GetKeyPolicyCommand.ts +0 -102
- package/commands/GetKeyRotationStatusCommand.ts +0 -130
- package/commands/GetParametersForImportCommand.ts +0 -129
- package/commands/GetPublicKeyCommand.ts +0 -138
- package/commands/ImportKeyMaterialCommand.ts +0 -157
- package/commands/ListAliasesCommand.ts +0 -133
- package/commands/ListGrantsCommand.ts +0 -139
- package/commands/ListKeyPoliciesCommand.ts +0 -116
- package/commands/ListKeysCommand.ts +0 -118
- package/commands/ListResourceTagsCommand.ts +0 -128
- package/commands/ListRetirableGrantsCommand.ts +0 -136
- package/commands/PutKeyPolicyCommand.ts +0 -107
- package/commands/ReEncryptCommand.ts +0 -179
- package/commands/ReplicateKeyCommand.ts +0 -171
- package/commands/RetireGrantCommand.ts +0 -138
- package/commands/RevokeGrantCommand.ts +0 -138
- package/commands/ScheduleKeyDeletionCommand.ts +0 -144
- package/commands/SignCommand.ts +0 -131
- package/commands/TagResourceCommand.ts +0 -139
- package/commands/UntagResourceCommand.ts +0 -137
- package/commands/UpdateAliasCommand.ts +0 -152
- package/commands/UpdateCustomKeyStoreCommand.ts +0 -166
- package/commands/UpdateKeyDescriptionCommand.ts +0 -117
- package/commands/UpdatePrimaryRegionCommand.ts +0 -159
- package/commands/VerifyCommand.ts +0 -117
- package/dist/cjs/KMS.js.map +0 -1
- package/dist/cjs/KMSClient.js.map +0 -1
- package/dist/cjs/commands/CancelKeyDeletionCommand.js.map +0 -1
- package/dist/cjs/commands/ConnectCustomKeyStoreCommand.js.map +0 -1
- package/dist/cjs/commands/CreateAliasCommand.js.map +0 -1
- package/dist/cjs/commands/CreateCustomKeyStoreCommand.js.map +0 -1
- package/dist/cjs/commands/CreateGrantCommand.js.map +0 -1
- package/dist/cjs/commands/CreateKeyCommand.js.map +0 -1
- package/dist/cjs/commands/DecryptCommand.js.map +0 -1
- package/dist/cjs/commands/DeleteAliasCommand.js.map +0 -1
- package/dist/cjs/commands/DeleteCustomKeyStoreCommand.js.map +0 -1
- package/dist/cjs/commands/DeleteImportedKeyMaterialCommand.js.map +0 -1
- package/dist/cjs/commands/DescribeCustomKeyStoresCommand.js.map +0 -1
- package/dist/cjs/commands/DescribeKeyCommand.js.map +0 -1
- package/dist/cjs/commands/DisableKeyCommand.js.map +0 -1
- package/dist/cjs/commands/DisableKeyRotationCommand.js.map +0 -1
- package/dist/cjs/commands/DisconnectCustomKeyStoreCommand.js.map +0 -1
- package/dist/cjs/commands/EnableKeyCommand.js.map +0 -1
- package/dist/cjs/commands/EnableKeyRotationCommand.js.map +0 -1
- package/dist/cjs/commands/EncryptCommand.js.map +0 -1
- package/dist/cjs/commands/GenerateDataKeyCommand.js.map +0 -1
- package/dist/cjs/commands/GenerateDataKeyPairCommand.js.map +0 -1
- package/dist/cjs/commands/GenerateDataKeyPairWithoutPlaintextCommand.js.map +0 -1
- package/dist/cjs/commands/GenerateDataKeyWithoutPlaintextCommand.js.map +0 -1
- package/dist/cjs/commands/GenerateRandomCommand.js.map +0 -1
- package/dist/cjs/commands/GetKeyPolicyCommand.js.map +0 -1
- package/dist/cjs/commands/GetKeyRotationStatusCommand.js.map +0 -1
- package/dist/cjs/commands/GetParametersForImportCommand.js.map +0 -1
- package/dist/cjs/commands/GetPublicKeyCommand.js.map +0 -1
- package/dist/cjs/commands/ImportKeyMaterialCommand.js.map +0 -1
- package/dist/cjs/commands/ListAliasesCommand.js.map +0 -1
- package/dist/cjs/commands/ListGrantsCommand.js.map +0 -1
- package/dist/cjs/commands/ListKeyPoliciesCommand.js.map +0 -1
- package/dist/cjs/commands/ListKeysCommand.js.map +0 -1
- package/dist/cjs/commands/ListResourceTagsCommand.js.map +0 -1
- package/dist/cjs/commands/ListRetirableGrantsCommand.js.map +0 -1
- package/dist/cjs/commands/PutKeyPolicyCommand.js.map +0 -1
- package/dist/cjs/commands/ReEncryptCommand.js.map +0 -1
- package/dist/cjs/commands/ReplicateKeyCommand.js.map +0 -1
- package/dist/cjs/commands/RetireGrantCommand.js.map +0 -1
- package/dist/cjs/commands/RevokeGrantCommand.js.map +0 -1
- package/dist/cjs/commands/ScheduleKeyDeletionCommand.js.map +0 -1
- package/dist/cjs/commands/SignCommand.js.map +0 -1
- package/dist/cjs/commands/TagResourceCommand.js.map +0 -1
- package/dist/cjs/commands/UntagResourceCommand.js.map +0 -1
- package/dist/cjs/commands/UpdateAliasCommand.js.map +0 -1
- package/dist/cjs/commands/UpdateCustomKeyStoreCommand.js.map +0 -1
- package/dist/cjs/commands/UpdateKeyDescriptionCommand.js.map +0 -1
- package/dist/cjs/commands/UpdatePrimaryRegionCommand.js.map +0 -1
- package/dist/cjs/commands/VerifyCommand.js.map +0 -1
- package/dist/cjs/endpoints.js.map +0 -1
- package/dist/cjs/index.js.map +0 -1
- package/dist/cjs/models/index.js.map +0 -1
- package/dist/cjs/models/models_0.js.map +0 -1
- package/dist/cjs/package.json +0 -91
- package/dist/cjs/pagination/Interfaces.js.map +0 -1
- package/dist/cjs/pagination/ListAliasesPaginator.js.map +0 -1
- package/dist/cjs/pagination/ListGrantsPaginator.js.map +0 -1
- package/dist/cjs/pagination/ListKeyPoliciesPaginator.js.map +0 -1
- package/dist/cjs/pagination/ListKeysPaginator.js.map +0 -1
- package/dist/cjs/protocols/Aws_json1_1.js.map +0 -1
- package/dist/cjs/runtimeConfig.browser.js.map +0 -1
- package/dist/cjs/runtimeConfig.js.map +0 -1
- package/dist/cjs/runtimeConfig.native.js.map +0 -1
- package/dist/cjs/runtimeConfig.shared.js.map +0 -1
- package/dist/es/KMS.js.map +0 -1
- package/dist/es/KMSClient.js +0 -134
- package/dist/es/KMSClient.js.map +0 -1
- package/dist/es/commands/CancelKeyDeletionCommand.js +0 -76
- package/dist/es/commands/CancelKeyDeletionCommand.js.map +0 -1
- package/dist/es/commands/ConnectCustomKeyStoreCommand.js +0 -126
- package/dist/es/commands/ConnectCustomKeyStoreCommand.js.map +0 -1
- package/dist/es/commands/CreateAliasCommand.js +0 -118
- package/dist/es/commands/CreateAliasCommand.js.map +0 -1
- package/dist/es/commands/CreateCustomKeyStoreCommand.js +0 -114
- package/dist/es/commands/CreateCustomKeyStoreCommand.js.map +0 -1
- package/dist/es/commands/CreateGrantCommand.js +0 -124
- package/dist/es/commands/CreateGrantCommand.js.map +0 -1
- package/dist/es/commands/CreateKeyCommand.js +0 -187
- package/dist/es/commands/CreateKeyCommand.js.map +0 -1
- package/dist/es/commands/DecryptCommand.js +0 -150
- package/dist/es/commands/DecryptCommand.js.map +0 -1
- package/dist/es/commands/DeleteAliasCommand.js +0 -108
- package/dist/es/commands/DeleteAliasCommand.js.map +0 -1
- package/dist/es/commands/DeleteCustomKeyStoreCommand.js +0 -120
- package/dist/es/commands/DeleteCustomKeyStoreCommand.js.map +0 -1
- package/dist/es/commands/DeleteImportedKeyMaterialCommand.js +0 -95
- package/dist/es/commands/DeleteImportedKeyMaterialCommand.js.map +0 -1
- package/dist/es/commands/DescribeCustomKeyStoresCommand.js +0 -118
- package/dist/es/commands/DescribeCustomKeyStoresCommand.js.map +0 -1
- package/dist/es/commands/DescribeKeyCommand.js +0 -142
- package/dist/es/commands/DescribeKeyCommand.js.map +0 -1
- package/dist/es/commands/DisableKeyCommand.js +0 -79
- package/dist/es/commands/DisableKeyCommand.js.map +0 -1
- package/dist/es/commands/DisableKeyRotationCommand.js +0 -89
- package/dist/es/commands/DisableKeyRotationCommand.js.map +0 -1
- package/dist/es/commands/DisconnectCustomKeyStoreCommand.js +0 -115
- package/dist/es/commands/DisconnectCustomKeyStoreCommand.js.map +0 -1
- package/dist/es/commands/EnableKeyCommand.js +0 -75
- package/dist/es/commands/EnableKeyCommand.js.map +0 -1
- package/dist/es/commands/EnableKeyRotationCommand.js +0 -89
- package/dist/es/commands/EnableKeyRotationCommand.js.map +0 -1
- package/dist/es/commands/EncryptCommand.js +0 -187
- package/dist/es/commands/EncryptCommand.js.map +0 -1
- package/dist/es/commands/GenerateDataKeyCommand.js +0 -159
- package/dist/es/commands/GenerateDataKeyCommand.js.map +0 -1
- package/dist/es/commands/GenerateDataKeyPairCommand.js +0 -139
- package/dist/es/commands/GenerateDataKeyPairCommand.js.map +0 -1
- package/dist/es/commands/GenerateDataKeyPairWithoutPlaintextCommand.js +0 -128
- package/dist/es/commands/GenerateDataKeyPairWithoutPlaintextCommand.js.map +0 -1
- package/dist/es/commands/GenerateDataKeyWithoutPlaintextCommand.js +0 -134
- package/dist/es/commands/GenerateDataKeyWithoutPlaintextCommand.js.map +0 -1
- package/dist/es/commands/GenerateRandomCommand.js +0 -73
- package/dist/es/commands/GenerateRandomCommand.js.map +0 -1
- package/dist/es/commands/GetKeyPolicyCommand.js.map +0 -1
- package/dist/es/commands/GetKeyRotationStatusCommand.js +0 -101
- package/dist/es/commands/GetKeyRotationStatusCommand.js.map +0 -1
- package/dist/es/commands/GetParametersForImportCommand.js +0 -100
- package/dist/es/commands/GetParametersForImportCommand.js.map +0 -1
- package/dist/es/commands/GetPublicKeyCommand.js +0 -109
- package/dist/es/commands/GetPublicKeyCommand.js.map +0 -1
- package/dist/es/commands/ImportKeyMaterialCommand.js +0 -128
- package/dist/es/commands/ImportKeyMaterialCommand.js.map +0 -1
- package/dist/es/commands/ListAliasesCommand.js +0 -104
- package/dist/es/commands/ListAliasesCommand.js.map +0 -1
- package/dist/es/commands/ListGrantsCommand.js +0 -110
- package/dist/es/commands/ListGrantsCommand.js.map +0 -1
- package/dist/es/commands/ListKeyPoliciesCommand.js +0 -87
- package/dist/es/commands/ListKeyPoliciesCommand.js.map +0 -1
- package/dist/es/commands/ListKeysCommand.js +0 -96
- package/dist/es/commands/ListKeysCommand.js.map +0 -1
- package/dist/es/commands/ListResourceTagsCommand.js +0 -99
- package/dist/es/commands/ListResourceTagsCommand.js.map +0 -1
- package/dist/es/commands/ListRetirableGrantsCommand.js +0 -107
- package/dist/es/commands/ListRetirableGrantsCommand.js.map +0 -1
- package/dist/es/commands/PutKeyPolicyCommand.js +0 -78
- package/dist/es/commands/PutKeyPolicyCommand.js.map +0 -1
- package/dist/es/commands/ReEncryptCommand.js +0 -157
- package/dist/es/commands/ReEncryptCommand.js.map +0 -1
- package/dist/es/commands/ReplicateKeyCommand.js +0 -142
- package/dist/es/commands/ReplicateKeyCommand.js.map +0 -1
- package/dist/es/commands/RetireGrantCommand.js +0 -109
- package/dist/es/commands/RetireGrantCommand.js.map +0 -1
- package/dist/es/commands/RevokeGrantCommand.js +0 -109
- package/dist/es/commands/RevokeGrantCommand.js.map +0 -1
- package/dist/es/commands/ScheduleKeyDeletionCommand.js +0 -115
- package/dist/es/commands/ScheduleKeyDeletionCommand.js.map +0 -1
- package/dist/es/commands/SignCommand.js +0 -109
- package/dist/es/commands/SignCommand.js.map +0 -1
- package/dist/es/commands/TagResourceCommand.js +0 -110
- package/dist/es/commands/TagResourceCommand.js.map +0 -1
- package/dist/es/commands/UntagResourceCommand.js +0 -108
- package/dist/es/commands/UntagResourceCommand.js.map +0 -1
- package/dist/es/commands/UpdateAliasCommand.js +0 -123
- package/dist/es/commands/UpdateAliasCommand.js.map +0 -1
- package/dist/es/commands/UpdateCustomKeyStoreCommand.js +0 -137
- package/dist/es/commands/UpdateCustomKeyStoreCommand.js.map +0 -1
- package/dist/es/commands/UpdateKeyDescriptionCommand.js +0 -88
- package/dist/es/commands/UpdateKeyDescriptionCommand.js.map +0 -1
- package/dist/es/commands/UpdatePrimaryRegionCommand.js +0 -130
- package/dist/es/commands/UpdatePrimaryRegionCommand.js.map +0 -1
- package/dist/es/commands/VerifyCommand.js +0 -95
- package/dist/es/commands/VerifyCommand.js.map +0 -1
- package/dist/es/endpoints.js.map +0 -1
- package/dist/es/index.js +0 -57
- package/dist/es/index.js.map +0 -1
- package/dist/es/models/index.js +0 -2
- package/dist/es/models/index.js.map +0 -1
- package/dist/es/models/models_0.js.map +0 -1
- package/dist/es/package.json +0 -91
- package/dist/es/pagination/Interfaces.js +0 -2
- package/dist/es/pagination/Interfaces.js.map +0 -1
- package/dist/es/pagination/ListAliasesPaginator.js.map +0 -1
- package/dist/es/pagination/ListGrantsPaginator.js.map +0 -1
- package/dist/es/pagination/ListKeyPoliciesPaginator.js.map +0 -1
- package/dist/es/pagination/ListKeysPaginator.js.map +0 -1
- package/dist/es/protocols/Aws_json1_1.js.map +0 -1
- package/dist/es/runtimeConfig.browser.js.map +0 -1
- package/dist/es/runtimeConfig.js.map +0 -1
- package/dist/es/runtimeConfig.native.js.map +0 -1
- package/dist/es/runtimeConfig.shared.js.map +0 -1
- package/endpoints.ts +0 -62
- package/jest.config.js +0 -4
- package/models/models_0.ts +0 -4742
- package/pagination/Interfaces.ts +0 -7
- package/pagination/ListAliasesPaginator.ts +0 -54
- package/pagination/ListGrantsPaginator.ts +0 -54
- package/pagination/ListKeyPoliciesPaginator.ts +0 -58
- package/pagination/ListKeysPaginator.ts +0 -54
- package/protocols/Aws_json1_1.ts +0 -7631
- package/runtimeConfig.browser.ts +0 -40
- package/runtimeConfig.native.ts +0 -16
- package/runtimeConfig.shared.ts +0 -16
- package/runtimeConfig.ts +0 -45
- package/tsconfig.es.json +0 -12
- package/tsconfig.json +0 -32
|
@@ -21,11 +21,13 @@ export interface AliasListEntry {
|
|
|
21
21
|
*/
|
|
22
22
|
TargetKeyId?: string;
|
|
23
23
|
/**
|
|
24
|
-
* <p>Date and time that the alias was most recently created in the account and Region.
|
|
24
|
+
* <p>Date and time that the alias was most recently created in the account and Region.
|
|
25
|
+
* Formatted as Unix time.</p>
|
|
25
26
|
*/
|
|
26
27
|
CreationDate?: Date;
|
|
27
28
|
/**
|
|
28
|
-
* <p>Date and time that the alias was most recently associated with a KMS key in the account
|
|
29
|
+
* <p>Date and time that the alias was most recently associated with a KMS key in the account
|
|
30
|
+
* and Region. Formatted as Unix time.</p>
|
|
29
31
|
*/
|
|
30
32
|
LastUpdatedDate?: Date;
|
|
31
33
|
}
|
|
@@ -53,6 +55,7 @@ export declare namespace AlreadyExistsException {
|
|
|
53
55
|
export interface CancelKeyDeletionRequest {
|
|
54
56
|
/**
|
|
55
57
|
* <p>Identifies the KMS key whose deletion is being canceled.</p>
|
|
58
|
+
*
|
|
56
59
|
* <p>Specify the key ID or key ARN of the KMS key.</p>
|
|
57
60
|
* <p>For example:</p>
|
|
58
61
|
* <ul>
|
|
@@ -135,7 +138,8 @@ export declare namespace KMSInternalException {
|
|
|
135
138
|
/**
|
|
136
139
|
* <p>The request was rejected because the state of the specified resource is not valid for this
|
|
137
140
|
* request.</p>
|
|
138
|
-
* <p>For more information about how key state affects the use of a KMS key, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS
|
|
141
|
+
* <p>For more information about how key state affects the use of a KMS key, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS
|
|
142
|
+
* key</a> in the <i>
|
|
139
143
|
* <i>Key Management Service Developer Guide</i>
|
|
140
144
|
* </i>.</p>
|
|
141
145
|
*/
|
|
@@ -373,21 +377,22 @@ export interface CreateAliasRequest {
|
|
|
373
377
|
/**
|
|
374
378
|
* <p>Specifies the alias name. This value must begin with <code>alias/</code> followed by a
|
|
375
379
|
* name, such as <code>alias/ExampleAlias</code>. </p>
|
|
376
|
-
* <p>The <code>AliasName</code> value must be string of 1-256 characters. It can contain only
|
|
377
|
-
* forward slashes (/), underscores (_), and dashes (-). The alias name
|
|
378
|
-
*
|
|
380
|
+
* <p>The <code>AliasName</code> value must be string of 1-256 characters. It can contain only
|
|
381
|
+
* alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). The alias name
|
|
382
|
+
* cannot begin with <code>alias/aws/</code>. The <code>alias/aws/</code> prefix is reserved for
|
|
383
|
+
* <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk">Amazon Web Services managed
|
|
384
|
+
* keys</a>.</p>
|
|
379
385
|
*/
|
|
380
386
|
AliasName: string | undefined;
|
|
381
387
|
/**
|
|
382
|
-
* <p>Associates the alias with the specified <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed key</a>. The KMS key must
|
|
383
|
-
* in the same Amazon Web Services Region. </p>
|
|
388
|
+
* <p>Associates the alias with the specified <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed key</a>. The KMS key must
|
|
389
|
+
* be in the same Amazon Web Services Region. </p>
|
|
384
390
|
* <p>A valid key ID is required. If you supply a null or empty string value, this operation
|
|
385
391
|
* returns an error.</p>
|
|
386
392
|
* <p>For help finding the key ID and ARN, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn">Finding the Key ID and
|
|
387
393
|
* ARN</a> in the <i>
|
|
388
394
|
* <i>Key Management Service Developer Guide</i>
|
|
389
395
|
* </i>.</p>
|
|
390
|
-
*
|
|
391
396
|
* <p>Specify the key ID or key ARN of the KMS key.</p>
|
|
392
397
|
* <p>For example:</p>
|
|
393
398
|
* <ul>
|
|
@@ -441,7 +446,8 @@ export declare namespace LimitExceededException {
|
|
|
441
446
|
}
|
|
442
447
|
export interface CreateCustomKeyStoreRequest {
|
|
443
448
|
/**
|
|
444
|
-
* <p>Specifies a friendly name for the custom key store. The name must be unique in your
|
|
449
|
+
* <p>Specifies a friendly name for the custom key store. The name must be unique in your
|
|
450
|
+
* Amazon Web Services account.</p>
|
|
445
451
|
*/
|
|
446
452
|
CustomKeyStoreName: string | undefined;
|
|
447
453
|
/**
|
|
@@ -581,8 +587,8 @@ export declare enum GrantOperation {
|
|
|
581
587
|
}
|
|
582
588
|
export interface CreateGrantRequest {
|
|
583
589
|
/**
|
|
584
|
-
* <p>Identifies the KMS key for the grant. The grant gives principals permission to use this
|
|
585
|
-
*
|
|
590
|
+
* <p>Identifies the KMS key for the grant. The grant gives principals permission to use this
|
|
591
|
+
* KMS key.</p>
|
|
586
592
|
* <p>Specify the key ID or key ARN of the KMS key. To specify a KMS key in a
|
|
587
593
|
* different Amazon Web Services account, you must use the key ARN.</p>
|
|
588
594
|
* <p>For example:</p>
|
|
@@ -601,42 +607,47 @@ export interface CreateGrantRequest {
|
|
|
601
607
|
KeyId: string | undefined;
|
|
602
608
|
/**
|
|
603
609
|
* <p>The identity that gets the permissions specified in the grant.</p>
|
|
604
|
-
* <p>To specify the principal, use the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of an
|
|
605
|
-
*
|
|
606
|
-
*
|
|
610
|
+
* <p>To specify the principal, use the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of an
|
|
611
|
+
* Amazon Web Services principal. Valid Amazon Web Services principals include Amazon Web Services accounts (root), IAM users, IAM roles,
|
|
612
|
+
* federated users, and assumed role users. For examples of the ARN syntax to use for specifying
|
|
613
|
+
* a principal, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam">Amazon Web Services Identity and Access
|
|
607
614
|
* Management (IAM)</a> in the Example ARNs section of the <i>Amazon Web Services General
|
|
608
|
-
*
|
|
615
|
+
* Reference</i>.</p>
|
|
609
616
|
*/
|
|
610
617
|
GranteePrincipal: string | undefined;
|
|
611
618
|
/**
|
|
612
619
|
* <p>The principal that has permission to use the <a>RetireGrant</a> operation to
|
|
613
620
|
* retire the grant. </p>
|
|
614
|
-
* <p>To specify the principal, use the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of an
|
|
615
|
-
*
|
|
616
|
-
*
|
|
617
|
-
* <
|
|
621
|
+
* <p>To specify the principal, use the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of an
|
|
622
|
+
* Amazon Web Services principal. Valid Amazon Web Services principals include Amazon Web Services accounts (root), IAM users, federated
|
|
623
|
+
* users, and assumed role users. For examples of the ARN syntax to use for specifying a
|
|
624
|
+
* principal, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam">Amazon Web Services Identity and Access
|
|
625
|
+
* Management (IAM)</a> in the Example ARNs section of the <i>Amazon Web Services General
|
|
626
|
+
* Reference</i>.</p>
|
|
618
627
|
* <p>The grant determines the retiring principal. Other principals might have permission to
|
|
619
628
|
* retire the grant or revoke the grant. For details, see <a>RevokeGrant</a> and
|
|
620
|
-
*
|
|
629
|
+
* <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete">Retiring and
|
|
630
|
+
* revoking grants</a> in the <i>Key Management Service Developer Guide</i>. </p>
|
|
621
631
|
*/
|
|
622
632
|
RetiringPrincipal?: string;
|
|
623
633
|
/**
|
|
624
634
|
* <p>A list of operations that the grant permits. </p>
|
|
625
|
-
* <p>The operation must be supported on the KMS key. For example, you cannot create a grant for
|
|
626
|
-
* symmetric KMS key that allows the <a>Sign</a> operation, or a grant for an
|
|
627
|
-
*
|
|
628
|
-
* <
|
|
635
|
+
* <p>The operation must be supported on the KMS key. For example, you cannot create a grant for
|
|
636
|
+
* a symmetric KMS key that allows the <a>Sign</a> operation, or a grant for an
|
|
637
|
+
* asymmetric KMS key that allows the <a>GenerateDataKey</a> operation. If you try,
|
|
638
|
+
* KMS returns a <code>ValidationError</code> exception. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-grant-operations">Grant
|
|
639
|
+
* operations</a> in the <i>Key Management Service Developer Guide</i>.</p>
|
|
629
640
|
*/
|
|
630
641
|
Operations: (GrantOperation | string)[] | undefined;
|
|
631
642
|
/**
|
|
632
643
|
* <p>Specifies a grant constraint. </p>
|
|
633
644
|
* <p>KMS supports the <code>EncryptionContextEquals</code> and
|
|
634
|
-
*
|
|
645
|
+
* <code>EncryptionContextSubset</code> grant constraints. Each constraint value can include up
|
|
635
646
|
* to 8 encryption context pairs. The encryption context value in each constraint cannot exceed
|
|
636
647
|
* 384 characters.</p>
|
|
637
648
|
* <p>These grant constraints allow the permissions in the grant only when the encryption
|
|
638
649
|
* context in the request matches (<code>EncryptionContextEquals</code>) or includes
|
|
639
|
-
*
|
|
650
|
+
* (<code>EncryptionContextSubset</code>) the encryption context specified in this structure.
|
|
640
651
|
* For information about grant constraints, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/create-grant-overview.html#grant-constraints">Using grant
|
|
641
652
|
* constraints</a> in the <i>Key Management Service Developer Guide</i>. For more information about encryption context,
|
|
642
653
|
* see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption
|
|
@@ -655,15 +666,15 @@ export interface CreateGrantRequest {
|
|
|
655
666
|
*/
|
|
656
667
|
GrantTokens?: string[];
|
|
657
668
|
/**
|
|
658
|
-
* <p>A friendly name for the grant. Use this value to prevent the unintended
|
|
659
|
-
*
|
|
669
|
+
* <p>A friendly name for the grant. Use this value to prevent the unintended creation of
|
|
670
|
+
* duplicate grants when retrying this request.</p>
|
|
660
671
|
* <p>When this value is absent, all <code>CreateGrant</code> requests result in a new grant
|
|
661
672
|
* with a unique <code>GrantId</code> even if all the supplied parameters are identical. This can
|
|
662
673
|
* result in unintended duplicates when you retry the <code>CreateGrant</code> request.</p>
|
|
663
674
|
* <p>When this value is present, you can retry a <code>CreateGrant</code> request with
|
|
664
675
|
* identical parameters; if the grant already exists, the original <code>GrantId</code> is
|
|
665
676
|
* returned without creating a new grant. Note that the returned grant token is unique with every
|
|
666
|
-
*
|
|
677
|
+
* <code>CreateGrant</code> request, even when a duplicate <code>GrantId</code> is returned.
|
|
667
678
|
* All grant tokens for the same grant ID can be used interchangeably.</p>
|
|
668
679
|
*/
|
|
669
680
|
Name?: string;
|
|
@@ -753,8 +764,8 @@ export declare enum OriginType {
|
|
|
753
764
|
/**
|
|
754
765
|
* <p>A key-value pair. A tag consists of a tag key and a tag value. Tag keys and tag values are
|
|
755
766
|
* both required, but tag values can be empty (null) strings.</p>
|
|
756
|
-
* <p>For information about the rules that apply to tag keys and tag values, see <a href="https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html">User-Defined Tag Restrictions</a> in the <i>Amazon Web Services Billing and Cost Management
|
|
757
|
-
* Guide</i>.</p>
|
|
767
|
+
* <p>For information about the rules that apply to tag keys and tag values, see <a href="https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html">User-Defined Tag Restrictions</a> in the <i>Amazon Web Services Billing and Cost Management
|
|
768
|
+
* User Guide</i>.</p>
|
|
758
769
|
*/
|
|
759
770
|
export interface Tag {
|
|
760
771
|
/**
|
|
@@ -780,21 +791,23 @@ export interface CreateKeyRequest {
|
|
|
780
791
|
* <li>
|
|
781
792
|
* <p>If you don't set <code>BypassPolicyLockoutSafetyCheck</code> to true, the key policy
|
|
782
793
|
* must allow the principal that is making the <code>CreateKey</code> request to make a
|
|
783
|
-
* subsequent <a>PutKeyPolicy</a> request on the KMS key. This reduces the risk
|
|
784
|
-
* the KMS key becomes unmanageable. For more information, refer to the scenario in the
|
|
794
|
+
* subsequent <a>PutKeyPolicy</a> request on the KMS key. This reduces the risk
|
|
795
|
+
* that the KMS key becomes unmanageable. For more information, refer to the scenario in the
|
|
796
|
+
* <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam">Default Key Policy</a> section of the <i>
|
|
785
797
|
* <i>Key Management Service Developer Guide</i>
|
|
786
798
|
* </i>.</p>
|
|
787
799
|
* </li>
|
|
788
800
|
* <li>
|
|
789
801
|
* <p>Each statement in the key policy must contain one or more principals. The principals
|
|
790
|
-
* in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services
|
|
791
|
-
* (for example, an IAM user or role), you might need to enforce a delay before
|
|
792
|
-
* new principal in a key policy because the new principal might not be
|
|
793
|
-
* to KMS. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency">Changes that I make are not always immediately visible</a> in the <i>Amazon Web Services
|
|
802
|
+
* in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services
|
|
803
|
+
* principal (for example, an IAM user or role), you might need to enforce a delay before
|
|
804
|
+
* including the new principal in a key policy because the new principal might not be
|
|
805
|
+
* immediately visible to KMS. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency">Changes that I make are not always immediately visible</a> in the <i>Amazon Web Services
|
|
806
|
+
* Identity and Access Management User Guide</i>.</p>
|
|
794
807
|
* </li>
|
|
795
808
|
* </ul>
|
|
796
|
-
* <p>If you do not provide a key policy, KMS attaches a default key policy to the KMS key.
|
|
797
|
-
* more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default">Default Key Policy</a> in the
|
|
809
|
+
* <p>If you do not provide a key policy, KMS attaches a default key policy to the KMS key.
|
|
810
|
+
* For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default">Default Key Policy</a> in the
|
|
798
811
|
* <i>Key Management Service Developer Guide</i>. </p>
|
|
799
812
|
* <p>The key policy size quota is 32 kilobytes (32768 bytes).</p>
|
|
800
813
|
* <p>For help writing and formatting a JSON policy document, see the <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html">IAM JSON Policy Reference</a> in the <i>
|
|
@@ -804,26 +817,28 @@ export interface CreateKeyRequest {
|
|
|
804
817
|
Policy?: string;
|
|
805
818
|
/**
|
|
806
819
|
* <p>A description of the KMS key.</p>
|
|
807
|
-
* <p>Use a description that helps you decide whether the KMS key is
|
|
808
|
-
*
|
|
820
|
+
* <p>Use a description that helps you decide whether the KMS key is appropriate for a task. The
|
|
821
|
+
* default value is an empty string (no description).</p>
|
|
809
822
|
* <p>To set or change the description after the key is created, use <a>UpdateKeyDescription</a>.</p>
|
|
810
823
|
*/
|
|
811
824
|
Description?: string;
|
|
812
825
|
/**
|
|
813
826
|
* <p>Determines the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic operations</a> for which you can use the KMS key. The default value is
|
|
814
|
-
* <code>ENCRYPT_DECRYPT</code>. This parameter is required only for asymmetric KMS keys. You
|
|
815
|
-
* change the <code>KeyUsage</code> value after the KMS key is created.</p>
|
|
827
|
+
* <code>ENCRYPT_DECRYPT</code>. This parameter is required only for asymmetric KMS keys. You
|
|
828
|
+
* can't change the <code>KeyUsage</code> value after the KMS key is created.</p>
|
|
816
829
|
* <p>Select only one valid value.</p>
|
|
817
830
|
* <ul>
|
|
818
831
|
* <li>
|
|
819
|
-
* <p>For symmetric KMS keys, omit the parameter or specify
|
|
832
|
+
* <p>For symmetric KMS keys, omit the parameter or specify
|
|
833
|
+
* <code>ENCRYPT_DECRYPT</code>.</p>
|
|
820
834
|
* </li>
|
|
821
835
|
* <li>
|
|
822
836
|
* <p>For asymmetric KMS keys with RSA key material, specify <code>ENCRYPT_DECRYPT</code> or
|
|
823
837
|
* <code>SIGN_VERIFY</code>.</p>
|
|
824
838
|
* </li>
|
|
825
839
|
* <li>
|
|
826
|
-
* <p>For asymmetric KMS keys with ECC key material, specify
|
|
840
|
+
* <p>For asymmetric KMS keys with ECC key material, specify
|
|
841
|
+
* <code>SIGN_VERIFY</code>.</p>
|
|
827
842
|
* </li>
|
|
828
843
|
* </ul>
|
|
829
844
|
*/
|
|
@@ -832,13 +847,15 @@ export interface CreateKeyRequest {
|
|
|
832
847
|
* @deprecated
|
|
833
848
|
*
|
|
834
849
|
* <p>Instead, use the <code>KeySpec</code> parameter.</p>
|
|
835
|
-
* <p>The <code>KeySpec</code> and <code>CustomerMasterKeySpec</code> parameters work the same
|
|
850
|
+
* <p>The <code>KeySpec</code> and <code>CustomerMasterKeySpec</code> parameters work the same
|
|
851
|
+
* way. Only the names differ. We recommend that you use <code>KeySpec</code> parameter in your
|
|
852
|
+
* code. However, to avoid breaking changes, KMS will support both parameters.</p>
|
|
836
853
|
*/
|
|
837
854
|
CustomerMasterKeySpec?: CustomerMasterKeySpec | string;
|
|
838
855
|
/**
|
|
839
|
-
* <p>Specifies the type of KMS key to create. The default value,
|
|
840
|
-
* creates a KMS key with a 256-bit symmetric key for encryption
|
|
841
|
-
* key spec for your KMS key, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html">How to Choose Your KMS key
|
|
856
|
+
* <p>Specifies the type of KMS key to create. The default value,
|
|
857
|
+
* <code>SYMMETRIC_DEFAULT</code>, creates a KMS key with a 256-bit symmetric key for encryption
|
|
858
|
+
* and decryption. For help choosing a key spec for your KMS key, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html">How to Choose Your KMS key
|
|
842
859
|
* Configuration</a> in the <i>
|
|
843
860
|
* <i>Key Management Service Developer Guide</i>
|
|
844
861
|
* </i>.</p>
|
|
@@ -852,10 +869,10 @@ export interface CreateKeyRequest {
|
|
|
852
869
|
* <important>
|
|
853
870
|
* <p>
|
|
854
871
|
* <a href="http://aws.amazon.com/kms/features/#AWS_Service_Integration">Amazon Web Services services that
|
|
855
|
-
*
|
|
856
|
-
* services do not support asymmetric KMS keys. For help determining whether a KMS key is
|
|
857
|
-
* asymmetric, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/find-symm-asymm.html">Identifying Symmetric and Asymmetric
|
|
858
|
-
*
|
|
872
|
+
* are integrated with KMS</a> use symmetric KMS keys to protect your data. These
|
|
873
|
+
* services do not support asymmetric KMS keys. For help determining whether a KMS key is
|
|
874
|
+
* symmetric or asymmetric, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/find-symm-asymm.html">Identifying Symmetric and Asymmetric
|
|
875
|
+
* KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
|
|
859
876
|
* </important>
|
|
860
877
|
* <p>KMS supports the following key specs for KMS keys:</p>
|
|
861
878
|
* <ul>
|
|
@@ -919,27 +936,28 @@ export interface CreateKeyRequest {
|
|
|
919
936
|
*/
|
|
920
937
|
KeySpec?: KeySpec | string;
|
|
921
938
|
/**
|
|
922
|
-
* <p>The source of the key material for the KMS key. You cannot change the origin after you
|
|
923
|
-
* the KMS key. The default is <code>AWS_KMS</code>, which means that KMS creates the
|
|
924
|
-
* material.</p>
|
|
939
|
+
* <p>The source of the key material for the KMS key. You cannot change the origin after you
|
|
940
|
+
* create the KMS key. The default is <code>AWS_KMS</code>, which means that KMS creates the
|
|
941
|
+
* key material.</p>
|
|
925
942
|
* <p>To create a KMS key with no key material (for imported key material), set the value to
|
|
926
943
|
* <code>EXTERNAL</code>. For more information about importing key material into KMS, see
|
|
927
944
|
* <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">Importing Key
|
|
928
|
-
* Material</a> in the <i>Key Management Service Developer Guide</i>. This value is valid only for symmetric KMS
|
|
929
|
-
*
|
|
930
|
-
*
|
|
945
|
+
* Material</a> in the <i>Key Management Service Developer Guide</i>. This value is valid only for symmetric KMS
|
|
946
|
+
* keys.</p>
|
|
947
|
+
* <p>To create a KMS key in an KMS <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a> and create its key material in the
|
|
948
|
+
* associated CloudHSM cluster, set this value to <code>AWS_CLOUDHSM</code>. You must also use the
|
|
931
949
|
* <code>CustomKeyStoreId</code> parameter to identify the custom key store. This value is
|
|
932
950
|
* valid only for symmetric KMS keys.</p>
|
|
933
951
|
*/
|
|
934
952
|
Origin?: OriginType | string;
|
|
935
953
|
/**
|
|
936
|
-
* <p>Creates the KMS key in the specified <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a> and the key material in its
|
|
937
|
-
* CloudHSM cluster. To create a KMS key in a custom key store, you must also specify the
|
|
954
|
+
* <p>Creates the KMS key in the specified <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a> and the key material in its
|
|
955
|
+
* associated CloudHSM cluster. To create a KMS key in a custom key store, you must also specify the
|
|
938
956
|
* <code>Origin</code> parameter with a value of <code>AWS_CLOUDHSM</code>. The CloudHSM cluster
|
|
939
957
|
* that is associated with the custom key store must have at least two active HSMs, each in a
|
|
940
958
|
* different Availability Zone in the Region.</p>
|
|
941
|
-
* <p>This parameter is valid only for symmetric KMS keys and regional KMS keys. You cannot
|
|
942
|
-
* asymmetric KMS key or a multi-Region key in a custom key store.</p>
|
|
959
|
+
* <p>This parameter is valid only for symmetric KMS keys and regional KMS keys. You cannot
|
|
960
|
+
* create an asymmetric KMS key or a multi-Region key in a custom key store.</p>
|
|
943
961
|
* <p>To find the ID of a custom key store, use the <a>DescribeCustomKeyStores</a> operation.</p>
|
|
944
962
|
* <p>The response includes the custom key store ID and the ID of the CloudHSM cluster.</p>
|
|
945
963
|
* <p>This operation is part of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">Custom Key Store feature</a> feature in KMS, which
|
|
@@ -950,8 +968,8 @@ export interface CreateKeyRequest {
|
|
|
950
968
|
/**
|
|
951
969
|
* <p>A flag to indicate whether to bypass the key policy lockout safety check.</p>
|
|
952
970
|
* <important>
|
|
953
|
-
* <p>Setting this value to true increases the risk that the KMS key becomes unmanageable. Do
|
|
954
|
-
* set this value to true indiscriminately.</p>
|
|
971
|
+
* <p>Setting this value to true increases the risk that the KMS key becomes unmanageable. Do
|
|
972
|
+
* not set this value to true indiscriminately.</p>
|
|
955
973
|
* <p>For more information, refer to the scenario in the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam">Default Key Policy</a> section in the <i>
|
|
956
974
|
* <i>Key Management Service Developer Guide</i>
|
|
957
975
|
* </i>.</p>
|
|
@@ -962,16 +980,16 @@ export interface CreateKeyRequest {
|
|
|
962
980
|
*/
|
|
963
981
|
BypassPolicyLockoutSafetyCheck?: boolean;
|
|
964
982
|
/**
|
|
965
|
-
* <p>Assigns one or more tags to the KMS key. Use this parameter to tag the KMS key when it is
|
|
966
|
-
* To tag an existing KMS key, use the <a>TagResource</a> operation.</p>
|
|
983
|
+
* <p>Assigns one or more tags to the KMS key. Use this parameter to tag the KMS key when it is
|
|
984
|
+
* created. To tag an existing KMS key, use the <a>TagResource</a> operation.</p>
|
|
967
985
|
* <note>
|
|
968
986
|
* <p>Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/abac.html">Using ABAC in KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
|
|
969
987
|
* </note>
|
|
970
988
|
* <p>To use this parameter, you must have <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:TagResource</a> permission in an IAM policy.</p>
|
|
971
989
|
* <p>Each tag consists of a tag key and a tag value. Both the tag key and the tag value are
|
|
972
990
|
* required, but the tag value can be an empty (null) string. You cannot have more than one tag
|
|
973
|
-
* on a KMS key with the same tag key. If you specify an existing tag key with a different tag
|
|
974
|
-
* KMS replaces the current tag value with the specified one.</p>
|
|
991
|
+
* on a KMS key with the same tag key. If you specify an existing tag key with a different tag
|
|
992
|
+
* value, KMS replaces the current tag value with the specified one.</p>
|
|
975
993
|
* <p>When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation
|
|
976
994
|
* report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details,
|
|
977
995
|
* see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html">Tagging Keys</a>.</p>
|
|
@@ -980,9 +998,9 @@ export interface CreateKeyRequest {
|
|
|
980
998
|
/**
|
|
981
999
|
* <p>Creates a multi-Region primary key that you can replicate into other Amazon Web Services Regions. You
|
|
982
1000
|
* cannot change this value after you create the KMS key. </p>
|
|
983
|
-
* <p>For a multi-Region key, set this parameter to <code>True</code>. For a single-Region KMS
|
|
984
|
-
* omit this parameter or set it to <code>False</code>. The default value is
|
|
985
|
-
*
|
|
1001
|
+
* <p>For a multi-Region key, set this parameter to <code>True</code>. For a single-Region KMS
|
|
1002
|
+
* key, omit this parameter or set it to <code>False</code>. The default value is
|
|
1003
|
+
* <code>False</code>.</p>
|
|
986
1004
|
* <p>This operation supports <i>multi-Region keys</i>, an KMS feature that lets you create multiple
|
|
987
1005
|
* interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key
|
|
988
1006
|
* material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt
|
|
@@ -1048,24 +1066,25 @@ export declare namespace MultiRegionKey {
|
|
|
1048
1066
|
const filterSensitiveLog: (obj: MultiRegionKey) => any;
|
|
1049
1067
|
}
|
|
1050
1068
|
/**
|
|
1051
|
-
* <p>Describes the configuration of this multi-Region key. This field appears only when the KMS
|
|
1052
|
-
* is a primary or replica of a multi-Region key.</p>
|
|
1069
|
+
* <p>Describes the configuration of this multi-Region key. This field appears only when the KMS
|
|
1070
|
+
* key is a primary or replica of a multi-Region key.</p>
|
|
1053
1071
|
* <p>For more information about any listed KMS key, use the <a>DescribeKey</a>
|
|
1054
1072
|
* operation.</p>
|
|
1055
1073
|
*/
|
|
1056
1074
|
export interface MultiRegionConfiguration {
|
|
1057
1075
|
/**
|
|
1058
|
-
* <p>Indicates whether the KMS key is a <code>PRIMARY</code> or <code>REPLICA</code>
|
|
1076
|
+
* <p>Indicates whether the KMS key is a <code>PRIMARY</code> or <code>REPLICA</code>
|
|
1077
|
+
* key.</p>
|
|
1059
1078
|
*/
|
|
1060
1079
|
MultiRegionKeyType?: MultiRegionKeyType | string;
|
|
1061
1080
|
/**
|
|
1062
|
-
* <p>Displays the key ARN and Region of the primary key. This field includes the current KMS
|
|
1063
|
-
* it is the primary key.</p>
|
|
1081
|
+
* <p>Displays the key ARN and Region of the primary key. This field includes the current KMS
|
|
1082
|
+
* key if it is the primary key.</p>
|
|
1064
1083
|
*/
|
|
1065
1084
|
PrimaryKey?: MultiRegionKey;
|
|
1066
1085
|
/**
|
|
1067
|
-
* <p>displays the key ARNs and Regions of all replica keys. This field includes the current KMS
|
|
1068
|
-
* if it is a replica key.</p>
|
|
1086
|
+
* <p>displays the key ARNs and Regions of all replica keys. This field includes the current KMS
|
|
1087
|
+
* key if it is a replica key.</p>
|
|
1069
1088
|
*/
|
|
1070
1089
|
ReplicaKeys?: MultiRegionKey[];
|
|
1071
1090
|
}
|
|
@@ -1100,8 +1119,7 @@ export interface KeyMetadata {
|
|
|
1100
1119
|
*/
|
|
1101
1120
|
KeyId: string | undefined;
|
|
1102
1121
|
/**
|
|
1103
|
-
* <p>The Amazon Resource Name (ARN) of the KMS key. For examples, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms">Key Management Service
|
|
1104
|
-
* (KMS)</a> in the Example ARNs section of the <i>Amazon Web Services General
|
|
1122
|
+
* <p>The Amazon Resource Name (ARN) of the KMS key. For examples, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms">Key Management Service (KMS)</a> in the Example ARNs section of the <i>Amazon Web Services General
|
|
1105
1123
|
* Reference</i>.</p>
|
|
1106
1124
|
*/
|
|
1107
1125
|
Arn?: string;
|
|
@@ -1110,8 +1128,8 @@ export interface KeyMetadata {
|
|
|
1110
1128
|
*/
|
|
1111
1129
|
CreationDate?: Date;
|
|
1112
1130
|
/**
|
|
1113
|
-
* <p>Specifies whether the KMS key is enabled. When <code>KeyState</code> is
|
|
1114
|
-
*
|
|
1131
|
+
* <p>Specifies whether the KMS key is enabled. When <code>KeyState</code> is
|
|
1132
|
+
* <code>Enabled</code> this value is true, otherwise it is false.</p>
|
|
1115
1133
|
*/
|
|
1116
1134
|
Enabled?: boolean;
|
|
1117
1135
|
/**
|
|
@@ -1124,12 +1142,13 @@ export interface KeyMetadata {
|
|
|
1124
1142
|
KeyUsage?: KeyUsageType | string;
|
|
1125
1143
|
/**
|
|
1126
1144
|
* <p>The current status of the KMS key.</p>
|
|
1127
|
-
* <p>For more information about how key state affects the use of a KMS key, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS
|
|
1128
|
-
*
|
|
1145
|
+
* <p>For more information about how key state affects the use of a KMS key, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS
|
|
1146
|
+
* key</a> in the <i>Key Management Service Developer Guide</i>.</p>
|
|
1129
1147
|
*/
|
|
1130
1148
|
KeyState?: KeyState | string;
|
|
1131
1149
|
/**
|
|
1132
|
-
* <p>The date and time after which KMS deletes this KMS key. This value is present only when
|
|
1150
|
+
* <p>The date and time after which KMS deletes this KMS key. This value is present only when
|
|
1151
|
+
* the KMS key is scheduled for deletion, that is, when its <code>KeyState</code> is
|
|
1133
1152
|
* <code>PendingDeletion</code>.</p>
|
|
1134
1153
|
* <p>When the primary key in a multi-Region key is scheduled for deletion but still has replica
|
|
1135
1154
|
* keys, its key state is <code>PendingReplicaDeletion</code> and the length of its waiting
|
|
@@ -1138,29 +1157,29 @@ export interface KeyMetadata {
|
|
|
1138
1157
|
DeletionDate?: Date;
|
|
1139
1158
|
/**
|
|
1140
1159
|
* <p>The time at which the imported key material expires. When the key material expires, KMS
|
|
1141
|
-
* deletes the key material and the KMS key becomes unusable. This value is present only for KMS
|
|
1142
|
-
* whose <code>Origin</code> is <code>EXTERNAL</code> and whose <code>ExpirationModel</code>
|
|
1143
|
-
*
|
|
1160
|
+
* deletes the key material and the KMS key becomes unusable. This value is present only for KMS
|
|
1161
|
+
* keys whose <code>Origin</code> is <code>EXTERNAL</code> and whose <code>ExpirationModel</code>
|
|
1162
|
+
* is <code>KEY_MATERIAL_EXPIRES</code>, otherwise this value is omitted.</p>
|
|
1144
1163
|
*/
|
|
1145
1164
|
ValidTo?: Date;
|
|
1146
1165
|
/**
|
|
1147
|
-
* <p>The source of the key material for the KMS key. When this value is <code>AWS_KMS</code>,
|
|
1148
|
-
* created the key material. When this value is <code>EXTERNAL</code>, the key material was
|
|
1149
|
-
* imported or the KMS key doesn't have any key material. When
|
|
1150
|
-
*
|
|
1151
|
-
*
|
|
1166
|
+
* <p>The source of the key material for the KMS key. When this value is <code>AWS_KMS</code>,
|
|
1167
|
+
* KMS created the key material. When this value is <code>EXTERNAL</code>, the key material was
|
|
1168
|
+
* imported or the KMS key doesn't have any key material. When this value is
|
|
1169
|
+
* <code>AWS_CLOUDHSM</code>, the key material was created in the CloudHSM cluster associated with
|
|
1170
|
+
* a custom key store.</p>
|
|
1152
1171
|
*/
|
|
1153
1172
|
Origin?: OriginType | string;
|
|
1154
1173
|
/**
|
|
1155
|
-
* <p>A unique identifier for the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a> that contains the KMS key. This value is
|
|
1156
|
-
* only when the KMS key is created in a custom key store.</p>
|
|
1174
|
+
* <p>A unique identifier for the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a> that contains the KMS key. This value is
|
|
1175
|
+
* present only when the KMS key is created in a custom key store.</p>
|
|
1157
1176
|
*/
|
|
1158
1177
|
CustomKeyStoreId?: string;
|
|
1159
1178
|
/**
|
|
1160
|
-
* <p>The cluster ID of the CloudHSM cluster that contains the key material for the KMS key. When
|
|
1161
|
-
* create a KMS key in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>, KMS creates the key material for the KMS key in
|
|
1162
|
-
* associated CloudHSM cluster. This value is present only when the KMS key is created in a
|
|
1163
|
-
* store.</p>
|
|
1179
|
+
* <p>The cluster ID of the CloudHSM cluster that contains the key material for the KMS key. When
|
|
1180
|
+
* you create a KMS key in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>, KMS creates the key material for the KMS key in
|
|
1181
|
+
* the associated CloudHSM cluster. This value is present only when the KMS key is created in a
|
|
1182
|
+
* custom key store.</p>
|
|
1164
1183
|
*/
|
|
1165
1184
|
CloudHsmClusterId?: string;
|
|
1166
1185
|
/**
|
|
@@ -1169,15 +1188,17 @@ export interface KeyMetadata {
|
|
|
1169
1188
|
*/
|
|
1170
1189
|
ExpirationModel?: ExpirationModelType | string;
|
|
1171
1190
|
/**
|
|
1172
|
-
* <p>The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or
|
|
1173
|
-
* <i>Key Management Service Developer Guide</i>.</p>
|
|
1191
|
+
* <p>The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or
|
|
1192
|
+
* Amazon Web Services managed. For more information about the difference, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys">KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
|
|
1174
1193
|
*/
|
|
1175
1194
|
KeyManager?: KeyManagerType | string;
|
|
1176
1195
|
/**
|
|
1177
1196
|
* @deprecated
|
|
1178
1197
|
*
|
|
1179
1198
|
* <p>Instead, use the <code>KeySpec</code> field.</p>
|
|
1180
|
-
* <p>The <code>KeySpec</code> and <code>CustomerMasterKeySpec</code> fields have the same
|
|
1199
|
+
* <p>The <code>KeySpec</code> and <code>CustomerMasterKeySpec</code> fields have the same
|
|
1200
|
+
* value. We recommend that you use the <code>KeySpec</code> field in your code. However, to
|
|
1201
|
+
* avoid breaking changes, KMS will support both fields.</p>
|
|
1181
1202
|
*/
|
|
1182
1203
|
CustomerMasterKeySpec?: CustomerMasterKeySpec | string;
|
|
1183
1204
|
/**
|
|
@@ -1192,8 +1213,8 @@ export interface KeyMetadata {
|
|
|
1192
1213
|
*/
|
|
1193
1214
|
EncryptionAlgorithms?: (EncryptionAlgorithmSpec | string)[];
|
|
1194
1215
|
/**
|
|
1195
|
-
* <p>The signing algorithms that the KMS key supports. You cannot use the KMS key with other
|
|
1196
|
-
* algorithms within KMS.</p>
|
|
1216
|
+
* <p>The signing algorithms that the KMS key supports. You cannot use the KMS key with other
|
|
1217
|
+
* signing algorithms within KMS.</p>
|
|
1197
1218
|
* <p>This field appears only when the <code>KeyUsage</code> of the KMS key is
|
|
1198
1219
|
* <code>SIGN_VERIFY</code>.</p>
|
|
1199
1220
|
*/
|
|
@@ -1213,8 +1234,8 @@ export interface KeyMetadata {
|
|
|
1213
1234
|
* <ul>
|
|
1214
1235
|
* <li>
|
|
1215
1236
|
* <p>
|
|
1216
|
-
* <code>MultiRegionKeyType</code> indicates whether the KMS key is a
|
|
1217
|
-
* <code>REPLICA</code> key.</p>
|
|
1237
|
+
* <code>MultiRegionKeyType</code> indicates whether the KMS key is a
|
|
1238
|
+
* <code>PRIMARY</code> or <code>REPLICA</code> key.</p>
|
|
1218
1239
|
* </li>
|
|
1219
1240
|
* <li>
|
|
1220
1241
|
* <p>
|
|
@@ -1232,9 +1253,9 @@ export interface KeyMetadata {
|
|
|
1232
1253
|
/**
|
|
1233
1254
|
* <p>The waiting period before the primary key in a multi-Region key is deleted. This waiting
|
|
1234
1255
|
* period begins when the last of its replica keys is deleted. This value is present only when
|
|
1235
|
-
* the <code>KeyState</code> of the KMS key is <code>PendingReplicaDeletion</code>. That
|
|
1236
|
-
* that the KMS key is the primary key in a multi-Region key, it is scheduled for
|
|
1237
|
-
* still has existing replica keys.</p>
|
|
1256
|
+
* the <code>KeyState</code> of the KMS key is <code>PendingReplicaDeletion</code>. That
|
|
1257
|
+
* indicates that the KMS key is the primary key in a multi-Region key, it is scheduled for
|
|
1258
|
+
* deletion, and it still has existing replica keys.</p>
|
|
1238
1259
|
* <p>When a single-Region KMS key or a multi-Region replica key is scheduled for deletion, its
|
|
1239
1260
|
* deletion date is displayed in the <code>DeletionDate</code> field. However, when the primary
|
|
1240
1261
|
* key in a multi-Region key is scheduled for deletion, its waiting period doesn't begin until
|
|
@@ -1308,8 +1329,10 @@ export declare namespace UnsupportedOperationException {
|
|
|
1308
1329
|
const filterSensitiveLog: (obj: UnsupportedOperationException) => any;
|
|
1309
1330
|
}
|
|
1310
1331
|
/**
|
|
1311
|
-
* <p>The request was rejected because the custom key store contains KMS keys. After verifying
|
|
1312
|
-
*
|
|
1332
|
+
* <p>The request was rejected because the custom key store contains KMS keys. After verifying
|
|
1333
|
+
* that you do not need to use the KMS keys, use the <a>ScheduleKeyDeletion</a>
|
|
1334
|
+
* operation to delete the KMS keys. After they are deleted, you can delete the custom key
|
|
1335
|
+
* store.</p>
|
|
1313
1336
|
*/
|
|
1314
1337
|
export interface CustomKeyStoreHasCMKsException extends __SmithyException, $MetadataBearer {
|
|
1315
1338
|
name: "CustomKeyStoreHasCMKsException";
|
|
@@ -1347,8 +1370,8 @@ export interface CustomKeyStoresListEntry {
|
|
|
1347
1370
|
TrustAnchorCertificate?: string;
|
|
1348
1371
|
/**
|
|
1349
1372
|
* <p>Indicates whether the custom key store is connected to its CloudHSM cluster.</p>
|
|
1350
|
-
* <p>You can create and use KMS keys in your custom key stores only when its connection state
|
|
1351
|
-
*
|
|
1373
|
+
* <p>You can create and use KMS keys in your custom key stores only when its connection state
|
|
1374
|
+
* is <code>CONNECTED</code>.</p>
|
|
1352
1375
|
* <p>The value is <code>DISCONNECTED</code> if the key store has never been connected or you
|
|
1353
1376
|
* use the <a>DisconnectCustomKeyStore</a> operation to disconnect it. If the value is
|
|
1354
1377
|
* <code>CONNECTED</code> but you are having trouble using the custom key store, make sure that
|
|
@@ -1480,13 +1503,13 @@ export interface DecryptRequest {
|
|
|
1480
1503
|
*/
|
|
1481
1504
|
GrantTokens?: string[];
|
|
1482
1505
|
/**
|
|
1483
|
-
* <p>Specifies the KMS key that KMS uses to decrypt the ciphertext. Enter a
|
|
1484
|
-
* key
|
|
1506
|
+
* <p>Specifies the KMS key that KMS uses to decrypt the ciphertext. Enter a key ID of the KMS
|
|
1507
|
+
* key that was used to encrypt the ciphertext. </p>
|
|
1485
1508
|
*
|
|
1486
|
-
* <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS
|
|
1487
|
-
* If you used a symmetric KMS key, KMS can get the KMS key from metadata that it adds to
|
|
1488
|
-
* symmetric ciphertext blob. However, it is always recommended as a best practice. This
|
|
1489
|
-
* ensures that you use the KMS key that you intend.</p>
|
|
1509
|
+
* <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS
|
|
1510
|
+
* key. If you used a symmetric KMS key, KMS can get the KMS key from metadata that it adds to
|
|
1511
|
+
* the symmetric ciphertext blob. However, it is always recommended as a best practice. This
|
|
1512
|
+
* practice ensures that you use the KMS key that you intend.</p>
|
|
1490
1513
|
*
|
|
1491
1514
|
* <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
|
|
1492
1515
|
* <p>For example:</p>
|
|
@@ -1515,9 +1538,9 @@ export interface DecryptRequest {
|
|
|
1515
1538
|
* <p>Specifies the encryption algorithm that will be used to decrypt the ciphertext. Specify
|
|
1516
1539
|
* the same algorithm that was used to encrypt the data. If you specify a different algorithm,
|
|
1517
1540
|
* the <code>Decrypt</code> operation fails.</p>
|
|
1518
|
-
* <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS
|
|
1519
|
-
* The default value, <code>SYMMETRIC_DEFAULT</code>, represents the only supported
|
|
1520
|
-
* that is valid for symmetric KMS keys.</p>
|
|
1541
|
+
* <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS
|
|
1542
|
+
* key. The default value, <code>SYMMETRIC_DEFAULT</code>, represents the only supported
|
|
1543
|
+
* algorithm that is valid for symmetric KMS keys.</p>
|
|
1521
1544
|
*/
|
|
1522
1545
|
EncryptionAlgorithm?: EncryptionAlgorithmSpec | string;
|
|
1523
1546
|
}
|
|
@@ -1550,8 +1573,8 @@ export declare namespace DecryptResponse {
|
|
|
1550
1573
|
/**
|
|
1551
1574
|
* <p>The request was rejected because the specified KMS key cannot decrypt the data. The
|
|
1552
1575
|
* <code>KeyId</code> in a <a>Decrypt</a> request and the <code>SourceKeyId</code>
|
|
1553
|
-
* in a <a>ReEncrypt</a> request must identify the same KMS key that was used to
|
|
1554
|
-
* the ciphertext.</p>
|
|
1576
|
+
* in a <a>ReEncrypt</a> request must identify the same KMS key that was used to
|
|
1577
|
+
* encrypt the ciphertext.</p>
|
|
1555
1578
|
*/
|
|
1556
1579
|
export interface IncorrectKeyException extends __SmithyException, $MetadataBearer {
|
|
1557
1580
|
name: "IncorrectKeyException";
|
|
@@ -1592,15 +1615,15 @@ export declare namespace InvalidCiphertextException {
|
|
|
1592
1615
|
* </li>
|
|
1593
1616
|
* <li>
|
|
1594
1617
|
* <p>The encryption algorithm or signing algorithm specified for the operation is
|
|
1595
|
-
* incompatible with the type of key material in the KMS key
|
|
1596
|
-
* <code>(KeySpec</code>).</p>
|
|
1618
|
+
* incompatible with the type of key material in the KMS key <code>(KeySpec</code>).</p>
|
|
1597
1619
|
* </li>
|
|
1598
1620
|
* </ul>
|
|
1599
1621
|
* <p>For encrypting, decrypting, re-encrypting, and generating data keys, the
|
|
1600
1622
|
* <code>KeyUsage</code> must be <code>ENCRYPT_DECRYPT</code>. For signing and verifying, the
|
|
1601
1623
|
* <code>KeyUsage</code> must be <code>SIGN_VERIFY</code>. To find the <code>KeyUsage</code> of
|
|
1602
1624
|
* a KMS key, use the <a>DescribeKey</a> operation.</p>
|
|
1603
|
-
* <p>To find the encryption or signing algorithms supported for a particular KMS key, use the
|
|
1625
|
+
* <p>To find the encryption or signing algorithms supported for a particular KMS key, use the
|
|
1626
|
+
* <a>DescribeKey</a> operation.</p>
|
|
1604
1627
|
*/
|
|
1605
1628
|
export interface InvalidKeyUsageException extends __SmithyException, $MetadataBearer {
|
|
1606
1629
|
name: "InvalidKeyUsageException";
|
|
@@ -1614,8 +1637,8 @@ export declare namespace InvalidKeyUsageException {
|
|
|
1614
1637
|
const filterSensitiveLog: (obj: InvalidKeyUsageException) => any;
|
|
1615
1638
|
}
|
|
1616
1639
|
/**
|
|
1617
|
-
* <p>The request was rejected because the specified KMS key was not available. You can retry
|
|
1618
|
-
* request.</p>
|
|
1640
|
+
* <p>The request was rejected because the specified KMS key was not available. You can retry
|
|
1641
|
+
* the request.</p>
|
|
1619
1642
|
*/
|
|
1620
1643
|
export interface KeyUnavailableException extends __SmithyException, $MetadataBearer {
|
|
1621
1644
|
name: "KeyUnavailableException";
|
|
@@ -1665,6 +1688,7 @@ export interface DeleteImportedKeyMaterialRequest {
|
|
|
1665
1688
|
/**
|
|
1666
1689
|
* <p>Identifies the KMS key from which you are deleting imported key material. The
|
|
1667
1690
|
* <code>Origin</code> of the KMS key must be <code>EXTERNAL</code>.</p>
|
|
1691
|
+
*
|
|
1668
1692
|
* <p>Specify the key ID or key ARN of the KMS key.</p>
|
|
1669
1693
|
* <p>For example:</p>
|
|
1670
1694
|
* <ul>
|
|
@@ -1766,9 +1790,10 @@ export declare namespace InvalidMarkerException {
|
|
|
1766
1790
|
export interface DescribeKeyRequest {
|
|
1767
1791
|
/**
|
|
1768
1792
|
* <p>Describes the specified KMS key. </p>
|
|
1769
|
-
* <p>If you specify a predefined Amazon Web Services alias (an Amazon Web Services alias with no key ID), KMS associates
|
|
1770
|
-
* alias with an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html##aws-managed-cmk">Amazon Web Services managed key</a> and returns its
|
|
1771
|
-
*
|
|
1793
|
+
* <p>If you specify a predefined Amazon Web Services alias (an Amazon Web Services alias with no key ID), KMS associates
|
|
1794
|
+
* the alias with an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html##aws-managed-cmk">Amazon Web Services managed key</a> and returns its
|
|
1795
|
+
* <code>KeyId</code> and <code>Arn</code> in the response.</p>
|
|
1796
|
+
*
|
|
1772
1797
|
* <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
|
|
1773
1798
|
* <p>For example:</p>
|
|
1774
1799
|
* <ul>
|
|
@@ -1844,10 +1869,9 @@ export declare namespace DisableKeyRequest {
|
|
|
1844
1869
|
}
|
|
1845
1870
|
export interface DisableKeyRotationRequest {
|
|
1846
1871
|
/**
|
|
1847
|
-
* <p>Identifies a symmetric KMS key. You cannot enable or disable automatic
|
|
1848
|
-
*
|
|
1849
|
-
*
|
|
1850
|
-
* material</a>, or KMS keys in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>.</p>
|
|
1872
|
+
* <p>Identifies a symmetric KMS key. You cannot enable or disable automatic rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html#asymmetric-cmks">asymmetric
|
|
1873
|
+
* KMS keys</a>, KMS keys with <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">imported key material</a>, or KMS keys in a
|
|
1874
|
+
* <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>.</p>
|
|
1851
1875
|
* <p>Specify the key ID or key ARN of the KMS key.</p>
|
|
1852
1876
|
* <p>For example:</p>
|
|
1853
1877
|
* <ul>
|
|
@@ -1918,7 +1942,6 @@ export declare namespace EnableKeyRequest {
|
|
|
1918
1942
|
export interface EnableKeyRotationRequest {
|
|
1919
1943
|
/**
|
|
1920
1944
|
* <p>Identifies a symmetric KMS key. You cannot enable automatic rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks">asymmetric KMS keys</a>, KMS keys with <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">imported key material</a>, or KMS keys in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>. To enable or disable automatic rotation of a set of related <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#mrk-replica-key">multi-Region keys</a>, set the property on the primary key.</p>
|
|
1921
|
-
*
|
|
1922
1945
|
* <p>Specify the key ID or key ARN of the KMS key.</p>
|
|
1923
1946
|
* <p>For example:</p>
|
|
1924
1947
|
* <ul>
|
|
@@ -1944,6 +1967,7 @@ export declare namespace EnableKeyRotationRequest {
|
|
|
1944
1967
|
export interface EncryptRequest {
|
|
1945
1968
|
/**
|
|
1946
1969
|
* <p>Identifies the KMS key to use in the encryption operation.</p>
|
|
1970
|
+
*
|
|
1947
1971
|
* <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
|
|
1948
1972
|
* <p>For example:</p>
|
|
1949
1973
|
* <ul>
|
|
@@ -1992,8 +2016,8 @@ export interface EncryptRequest {
|
|
|
1992
2016
|
* <p>Specifies the encryption algorithm that KMS will use to encrypt the plaintext message.
|
|
1993
2017
|
* The algorithm must be compatible with the KMS key that you specify.</p>
|
|
1994
2018
|
* <p>This parameter is required only for asymmetric KMS keys. The default value,
|
|
1995
|
-
* <code>SYMMETRIC_DEFAULT</code>, is the algorithm used for symmetric KMS keys. If you are
|
|
1996
|
-
* an asymmetric KMS key, we recommend RSAES_OAEP_SHA_256.</p>
|
|
2019
|
+
* <code>SYMMETRIC_DEFAULT</code>, is the algorithm used for symmetric KMS keys. If you are
|
|
2020
|
+
* using an asymmetric KMS key, we recommend RSAES_OAEP_SHA_256.</p>
|
|
1997
2021
|
*/
|
|
1998
2022
|
EncryptionAlgorithm?: EncryptionAlgorithmSpec | string;
|
|
1999
2023
|
}
|
|
@@ -2137,8 +2161,9 @@ export interface GenerateDataKeyPairRequest {
|
|
|
2137
2161
|
[key: string]: string;
|
|
2138
2162
|
};
|
|
2139
2163
|
/**
|
|
2140
|
-
* <p>Specifies the symmetric KMS key that encrypts the private key in the data key pair. You
|
|
2141
|
-
* specify an asymmetric KMS key or a KMS key in a custom key store. To get the type and
|
|
2164
|
+
* <p>Specifies the symmetric KMS key that encrypts the private key in the data key pair. You
|
|
2165
|
+
* cannot specify an asymmetric KMS key or a KMS key in a custom key store. To get the type and
|
|
2166
|
+
* origin of your KMS key, use the <a>DescribeKey</a> operation.</p>
|
|
2142
2167
|
*
|
|
2143
2168
|
* <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
|
|
2144
2169
|
* <p>For example:</p>
|
|
@@ -2222,9 +2247,10 @@ export interface GenerateDataKeyPairWithoutPlaintextRequest {
|
|
|
2222
2247
|
[key: string]: string;
|
|
2223
2248
|
};
|
|
2224
2249
|
/**
|
|
2225
|
-
* <p>Specifies the KMS key that encrypts the private key in the data key pair. You must specify
|
|
2226
|
-
* symmetric KMS key. You cannot use an asymmetric KMS key or a KMS key in a custom key store.
|
|
2227
|
-
* type and origin of your KMS key, use the <a>DescribeKey</a> operation.
|
|
2250
|
+
* <p>Specifies the KMS key that encrypts the private key in the data key pair. You must specify
|
|
2251
|
+
* a symmetric KMS key. You cannot use an asymmetric KMS key or a KMS key in a custom key store.
|
|
2252
|
+
* To get the type and origin of your KMS key, use the <a>DescribeKey</a> operation.
|
|
2253
|
+
* </p>
|
|
2228
2254
|
* <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
|
|
2229
2255
|
* <p>For example:</p>
|
|
2230
2256
|
* <ul>
|
|
@@ -2292,8 +2318,8 @@ export declare namespace GenerateDataKeyPairWithoutPlaintextResponse {
|
|
|
2292
2318
|
}
|
|
2293
2319
|
export interface GenerateDataKeyWithoutPlaintextRequest {
|
|
2294
2320
|
/**
|
|
2295
|
-
* <p>The identifier of the symmetric KMS key that encrypts the data
|
|
2296
|
-
*
|
|
2321
|
+
* <p>The identifier of the symmetric KMS key that encrypts the data key.</p>
|
|
2322
|
+
*
|
|
2297
2323
|
* <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
|
|
2298
2324
|
* <p>For example:</p>
|
|
2299
2325
|
* <ul>
|
|
@@ -2441,6 +2467,7 @@ export declare namespace GetKeyPolicyResponse {
|
|
|
2441
2467
|
export interface GetKeyRotationStatusRequest {
|
|
2442
2468
|
/**
|
|
2443
2469
|
* <p>Gets the rotation status for the specified KMS key.</p>
|
|
2470
|
+
*
|
|
2444
2471
|
* <p>Specify the key ID or key ARN of the KMS key. To specify a KMS key in a
|
|
2445
2472
|
* different Amazon Web Services account, you must use the key ARN.</p>
|
|
2446
2473
|
* <p>For example:</p>
|
|
@@ -2483,6 +2510,7 @@ export interface GetParametersForImportRequest {
|
|
|
2483
2510
|
/**
|
|
2484
2511
|
* <p>The identifier of the symmetric KMS key into which you will import key material. The
|
|
2485
2512
|
* <code>Origin</code> of the KMS key must be <code>EXTERNAL</code>.</p>
|
|
2513
|
+
*
|
|
2486
2514
|
* <p>Specify the key ID or key ARN of the KMS key.</p>
|
|
2487
2515
|
* <p>For example:</p>
|
|
2488
2516
|
* <ul>
|
|
@@ -2517,8 +2545,7 @@ export declare namespace GetParametersForImportRequest {
|
|
|
2517
2545
|
}
|
|
2518
2546
|
export interface GetParametersForImportResponse {
|
|
2519
2547
|
/**
|
|
2520
|
-
* <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the KMS key to use in a subsequent <a>ImportKeyMaterial</a>
|
|
2521
|
-
* request. This is the same KMS key specified in the <code>GetParametersForImport</code>
|
|
2548
|
+
* <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the KMS key to use in a subsequent <a>ImportKeyMaterial</a> request. This is the same KMS key specified in the <code>GetParametersForImport</code>
|
|
2522
2549
|
* request.</p>
|
|
2523
2550
|
*/
|
|
2524
2551
|
KeyId?: string;
|
|
@@ -2586,7 +2613,8 @@ export declare namespace GetPublicKeyRequest {
|
|
|
2586
2613
|
}
|
|
2587
2614
|
export interface GetPublicKeyResponse {
|
|
2588
2615
|
/**
|
|
2589
|
-
* <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the asymmetric KMS key from which the public key was
|
|
2616
|
+
* <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the asymmetric KMS key from which the public key was
|
|
2617
|
+
* downloaded.</p>
|
|
2590
2618
|
*/
|
|
2591
2619
|
KeyId?: string;
|
|
2592
2620
|
/**
|
|
@@ -2599,8 +2627,11 @@ export interface GetPublicKeyResponse {
|
|
|
2599
2627
|
/**
|
|
2600
2628
|
* @deprecated
|
|
2601
2629
|
*
|
|
2602
|
-
* <p>Instead, use the <code>KeySpec</code> field in the <code>GetPublicKey</code>
|
|
2603
|
-
*
|
|
2630
|
+
* <p>Instead, use the <code>KeySpec</code> field in the <code>GetPublicKey</code>
|
|
2631
|
+
* response.</p>
|
|
2632
|
+
* <p>The <code>KeySpec</code> and <code>CustomerMasterKeySpec</code> fields have the same
|
|
2633
|
+
* value. We recommend that you use the <code>KeySpec</code> field in your code. However, to
|
|
2634
|
+
* avoid breaking changes, KMS will support both fields.</p>
|
|
2604
2635
|
*/
|
|
2605
2636
|
CustomerMasterKeySpec?: CustomerMasterKeySpec | string;
|
|
2606
2637
|
/**
|
|
@@ -2690,10 +2721,9 @@ export declare namespace GrantListEntry {
|
|
|
2690
2721
|
}
|
|
2691
2722
|
export interface ImportKeyMaterialRequest {
|
|
2692
2723
|
/**
|
|
2693
|
-
* <p>The identifier of the symmetric KMS key that receives the imported key material. The KMS
|
|
2694
|
-
*
|
|
2695
|
-
* the <code>KeyID</code> parameter of the corresponding <a>GetParametersForImport</a>
|
|
2696
|
-
* request.</p>
|
|
2724
|
+
* <p>The identifier of the symmetric KMS key that receives the imported key material. The KMS
|
|
2725
|
+
* key's <code>Origin</code> must be <code>EXTERNAL</code>. This must be the same KMS key
|
|
2726
|
+
* specified in the <code>KeyID</code> parameter of the corresponding <a>GetParametersForImport</a> request.</p>
|
|
2697
2727
|
* <p>Specify the key ID or key ARN of the KMS key.</p>
|
|
2698
2728
|
* <p>For example:</p>
|
|
2699
2729
|
* <ul>
|
|
@@ -2722,9 +2752,9 @@ export interface ImportKeyMaterialRequest {
|
|
|
2722
2752
|
EncryptedKeyMaterial: Uint8Array | undefined;
|
|
2723
2753
|
/**
|
|
2724
2754
|
* <p>The time at which the imported key material expires. When the key material expires, KMS
|
|
2725
|
-
* deletes the key material and the KMS key becomes unusable. You must omit this parameter when
|
|
2726
|
-
*
|
|
2727
|
-
* Otherwise it is required.</p>
|
|
2755
|
+
* deletes the key material and the KMS key becomes unusable. You must omit this parameter when
|
|
2756
|
+
* the <code>ExpirationModel</code> parameter is set to
|
|
2757
|
+
* <code>KEY_MATERIAL_DOES_NOT_EXPIRE</code>. Otherwise it is required.</p>
|
|
2728
2758
|
*/
|
|
2729
2759
|
ValidTo?: Date;
|
|
2730
2760
|
/**
|
|
@@ -2830,10 +2860,10 @@ export declare namespace KMSInvalidSignatureException {
|
|
|
2830
2860
|
}
|
|
2831
2861
|
export interface ListAliasesRequest {
|
|
2832
2862
|
/**
|
|
2833
|
-
* <p>Lists only aliases that are associated with the specified KMS key. Enter a KMS key in your
|
|
2863
|
+
* <p>Lists only aliases that are associated with the specified KMS key. Enter a KMS key in your
|
|
2864
|
+
* Amazon Web Services account. </p>
|
|
2834
2865
|
* <p>This parameter is optional. If you omit it, <code>ListAliases</code> returns all aliases
|
|
2835
2866
|
* in the account and Region.</p>
|
|
2836
|
-
*
|
|
2837
2867
|
* <p>Specify the key ID or key ARN of the KMS key.</p>
|
|
2838
2868
|
* <p>For example:</p>
|
|
2839
2869
|
* <ul>
|
|
@@ -2910,8 +2940,8 @@ export interface ListGrantsRequest {
|
|
|
2910
2940
|
*/
|
|
2911
2941
|
Marker?: string;
|
|
2912
2942
|
/**
|
|
2913
|
-
* <p>Returns only grants for the specified KMS key. This parameter is
|
|
2914
|
-
*
|
|
2943
|
+
* <p>Returns only grants for the specified KMS key. This parameter is required.</p>
|
|
2944
|
+
*
|
|
2915
2945
|
* <p>Specify the key ID or key ARN of the KMS key. To specify a KMS key in a
|
|
2916
2946
|
* different Amazon Web Services account, you must use the key ARN.</p>
|
|
2917
2947
|
* <p>For example:</p>
|
|
@@ -3164,10 +3194,13 @@ export interface ListRetirableGrantsRequest {
|
|
|
3164
3194
|
*/
|
|
3165
3195
|
Marker?: string;
|
|
3166
3196
|
/**
|
|
3167
|
-
* <p>The retiring principal for which to list grants. Enter a principal in your
|
|
3168
|
-
*
|
|
3169
|
-
*
|
|
3170
|
-
*
|
|
3197
|
+
* <p>The retiring principal for which to list grants. Enter a principal in your
|
|
3198
|
+
* Amazon Web Services account.</p>
|
|
3199
|
+
* <p>To specify the retiring principal, use the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of an
|
|
3200
|
+
* Amazon Web Services principal. Valid Amazon Web Services principals include Amazon Web Services accounts (root), IAM users, federated
|
|
3201
|
+
* users, and assumed role users. For examples of the ARN syntax for specifying a principal, see
|
|
3202
|
+
* <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam">Amazon Web Services Identity and Access Management (IAM)</a> in the Example ARNs section of the
|
|
3203
|
+
* <i>Amazon Web Services General Reference</i>.</p>
|
|
3171
3204
|
*/
|
|
3172
3205
|
RetiringPrincipal: string | undefined;
|
|
3173
3206
|
}
|
|
@@ -3210,14 +3243,17 @@ export interface PutKeyPolicyRequest {
|
|
|
3210
3243
|
* <li>
|
|
3211
3244
|
* <p>If you don't set <code>BypassPolicyLockoutSafetyCheck</code> to true, the key policy
|
|
3212
3245
|
* must allow the principal that is making the <code>PutKeyPolicy</code> request to make a
|
|
3213
|
-
* subsequent <code>PutKeyPolicy</code> request on the KMS key. This reduces the risk that
|
|
3246
|
+
* subsequent <code>PutKeyPolicy</code> request on the KMS key. This reduces the risk that
|
|
3247
|
+
* the KMS key becomes unmanageable. For more information, refer to the scenario in the
|
|
3248
|
+
* <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam">Default Key Policy</a> section of the <i>Key Management Service Developer Guide</i>.</p>
|
|
3214
3249
|
* </li>
|
|
3215
3250
|
* <li>
|
|
3216
3251
|
* <p>Each statement in the key policy must contain one or more principals. The principals
|
|
3217
|
-
* in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services
|
|
3218
|
-
* (for example, an IAM user or role), you might need to enforce a delay before
|
|
3219
|
-
* new principal in a key policy because the new principal might not be
|
|
3220
|
-
* to KMS. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency">Changes that I make are not always immediately visible</a> in the <i>Amazon Web Services
|
|
3252
|
+
* in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services
|
|
3253
|
+
* principal (for example, an IAM user or role), you might need to enforce a delay before
|
|
3254
|
+
* including the new principal in a key policy because the new principal might not be
|
|
3255
|
+
* immediately visible to KMS. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency">Changes that I make are not always immediately visible</a> in the <i>Amazon Web Services
|
|
3256
|
+
* Identity and Access Management User Guide</i>.</p>
|
|
3221
3257
|
* </li>
|
|
3222
3258
|
* </ul>
|
|
3223
3259
|
* <p>The key policy cannot exceed 32 kilobytes (32768 bytes). For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html">Resource Quotas</a> in the
|
|
@@ -3227,8 +3263,8 @@ export interface PutKeyPolicyRequest {
|
|
|
3227
3263
|
/**
|
|
3228
3264
|
* <p>A flag to indicate whether to bypass the key policy lockout safety check.</p>
|
|
3229
3265
|
* <important>
|
|
3230
|
-
* <p>Setting this value to true increases the risk that the KMS key becomes unmanageable. Do
|
|
3231
|
-
* set this value to true indiscriminately.</p>
|
|
3266
|
+
* <p>Setting this value to true increases the risk that the KMS key becomes unmanageable. Do
|
|
3267
|
+
* not set this value to true indiscriminately.</p>
|
|
3232
3268
|
* <p>For more information, refer to the scenario in the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam">Default Key Policy</a> section in the <i>Key Management Service Developer Guide</i>.</p>
|
|
3233
3269
|
* </important>
|
|
3234
3270
|
* <p>Use this parameter only when you intend to prevent the principal that is making the
|
|
@@ -3260,13 +3296,12 @@ export interface ReEncryptRequest {
|
|
|
3260
3296
|
[key: string]: string;
|
|
3261
3297
|
};
|
|
3262
3298
|
/**
|
|
3263
|
-
* <p>Specifies the KMS key that
|
|
3264
|
-
*
|
|
3265
|
-
*
|
|
3266
|
-
*
|
|
3267
|
-
*
|
|
3268
|
-
*
|
|
3269
|
-
* ensures that you use the KMS key that you intend.</p>
|
|
3299
|
+
* <p>Specifies the KMS key that KMS will use to decrypt the ciphertext before it is
|
|
3300
|
+
* re-encrypted. Enter a key ID of the KMS key that was used to encrypt the ciphertext.</p>
|
|
3301
|
+
* <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS
|
|
3302
|
+
* key. If you used a symmetric KMS key, KMS can get the KMS key from metadata that it adds to
|
|
3303
|
+
* the symmetric ciphertext blob. However, it is always recommended as a best practice. This
|
|
3304
|
+
* practice ensures that you use the KMS key that you intend.</p>
|
|
3270
3305
|
*
|
|
3271
3306
|
* <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
|
|
3272
3307
|
* <p>For example:</p>
|
|
@@ -3292,10 +3327,10 @@ export interface ReEncryptRequest {
|
|
|
3292
3327
|
*/
|
|
3293
3328
|
SourceKeyId?: string;
|
|
3294
3329
|
/**
|
|
3295
|
-
* <p>A unique identifier for the KMS key that is used to reencrypt the data. Specify a
|
|
3296
|
-
* asymmetric KMS key with a <code>KeyUsage</code> value of
|
|
3297
|
-
* <code>KeyUsage</code> value of a KMS key, use the
|
|
3298
|
-
*
|
|
3330
|
+
* <p>A unique identifier for the KMS key that is used to reencrypt the data. Specify a
|
|
3331
|
+
* symmetric or asymmetric KMS key with a <code>KeyUsage</code> value of
|
|
3332
|
+
* <code>ENCRYPT_DECRYPT</code>. To find the <code>KeyUsage</code> value of a KMS key, use the
|
|
3333
|
+
* <a>DescribeKey</a> operation.</p>
|
|
3299
3334
|
* <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
|
|
3300
3335
|
* <p>For example:</p>
|
|
3301
3336
|
* <ul>
|
|
@@ -3321,7 +3356,8 @@ export interface ReEncryptRequest {
|
|
|
3321
3356
|
DestinationKeyId: string | undefined;
|
|
3322
3357
|
/**
|
|
3323
3358
|
* <p>Specifies that encryption context to use when the reencrypting the data.</p>
|
|
3324
|
-
* <p>A destination encryption context is valid only when the destination KMS key is a symmetric
|
|
3359
|
+
* <p>A destination encryption context is valid only when the destination KMS key is a symmetric
|
|
3360
|
+
* KMS key. The standard ciphertext format for asymmetric KMS keys does not include fields for
|
|
3325
3361
|
* metadata.</p>
|
|
3326
3362
|
* <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represents additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is optional when encrypting with a symmetric KMS key, but it is highly recommended.</p>
|
|
3327
3363
|
* <p>For more information, see
|
|
@@ -3337,14 +3373,16 @@ export interface ReEncryptRequest {
|
|
|
3337
3373
|
* used for symmetric KMS keys.</p>
|
|
3338
3374
|
* <p>Specify the same algorithm that was used to encrypt the ciphertext. If you specify a
|
|
3339
3375
|
* different algorithm, the decrypt attempt fails.</p>
|
|
3340
|
-
* <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS
|
|
3376
|
+
* <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS
|
|
3377
|
+
* key.</p>
|
|
3341
3378
|
*/
|
|
3342
3379
|
SourceEncryptionAlgorithm?: EncryptionAlgorithmSpec | string;
|
|
3343
3380
|
/**
|
|
3344
3381
|
* <p>Specifies the encryption algorithm that KMS will use to reecrypt the data after it has
|
|
3345
3382
|
* decrypted it. The default value, <code>SYMMETRIC_DEFAULT</code>, represents the encryption
|
|
3346
3383
|
* algorithm used for symmetric KMS keys.</p>
|
|
3347
|
-
* <p>This parameter is required only when the destination KMS key is an asymmetric KMS
|
|
3384
|
+
* <p>This parameter is required only when the destination KMS key is an asymmetric KMS
|
|
3385
|
+
* key.</p>
|
|
3348
3386
|
*/
|
|
3349
3387
|
DestinationEncryptionAlgorithm?: EncryptionAlgorithmSpec | string;
|
|
3350
3388
|
/**
|
|
@@ -3391,8 +3429,9 @@ export declare namespace ReEncryptResponse {
|
|
|
3391
3429
|
}
|
|
3392
3430
|
export interface ReplicateKeyRequest {
|
|
3393
3431
|
/**
|
|
3394
|
-
* <p>Identifies the multi-Region primary key that is being replicated. To determine whether a
|
|
3395
|
-
*
|
|
3432
|
+
* <p>Identifies the multi-Region primary key that is being replicated. To determine whether a
|
|
3433
|
+
* KMS key is a multi-Region primary key, use the <a>DescribeKey</a> operation to
|
|
3434
|
+
* check the value of the <code>MultiRegionKeyType</code> property.</p>
|
|
3396
3435
|
*
|
|
3397
3436
|
* <p>Specify the key ID or key ARN of a multi-Region primary key.</p>
|
|
3398
3437
|
* <p>For example:</p>
|
|
@@ -3425,7 +3464,9 @@ export interface ReplicateKeyRequest {
|
|
|
3425
3464
|
*/
|
|
3426
3465
|
ReplicaRegion: string | undefined;
|
|
3427
3466
|
/**
|
|
3428
|
-
* <p>The key policy to attach to the KMS key. This parameter is optional. If you do not provide
|
|
3467
|
+
* <p>The key policy to attach to the KMS key. This parameter is optional. If you do not provide
|
|
3468
|
+
* a key policy, KMS attaches the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default">default key policy</a> to the
|
|
3469
|
+
* KMS key.</p>
|
|
3429
3470
|
* <p>The key policy is not a shared property of multi-Region keys. You can specify the same key
|
|
3430
3471
|
* policy or a different key policy for each key in a set of related multi-Region keys. KMS
|
|
3431
3472
|
* does not synchronize this property.</p>
|
|
@@ -3433,18 +3474,19 @@ export interface ReplicateKeyRequest {
|
|
|
3433
3474
|
* <ul>
|
|
3434
3475
|
* <li>
|
|
3435
3476
|
* <p>If you don't set <code>BypassPolicyLockoutSafetyCheck</code> to true, the key policy
|
|
3436
|
-
* must give the caller <code>kms:PutKeyPolicy</code> permission on the replica key. This
|
|
3437
|
-
* risk that the KMS key becomes unmanageable. For more information, refer to the
|
|
3438
|
-
*
|
|
3477
|
+
* must give the caller <code>kms:PutKeyPolicy</code> permission on the replica key. This
|
|
3478
|
+
* reduces the risk that the KMS key becomes unmanageable. For more information, refer to the
|
|
3479
|
+
* scenario in the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam">Default Key Policy</a> section of the <i>
|
|
3439
3480
|
* <i>Key Management Service Developer Guide</i>
|
|
3440
3481
|
* </i>.</p>
|
|
3441
3482
|
* </li>
|
|
3442
3483
|
* <li>
|
|
3443
3484
|
* <p>Each statement in the key policy must contain one or more principals. The principals
|
|
3444
|
-
* in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services
|
|
3445
|
-
* (for example, an IAM user or role), you might need to enforce a delay before
|
|
3446
|
-
* new principal in a key policy because the new principal might not be
|
|
3447
|
-
* to KMS. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency">Changes that I make are not always immediately visible</a> in the
|
|
3485
|
+
* in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services
|
|
3486
|
+
* principal (for example, an IAM user or role), you might need to enforce a delay before
|
|
3487
|
+
* including the new principal in a key policy because the new principal might not be
|
|
3488
|
+
* immediately visible to KMS. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency">Changes that I make are not always immediately visible</a> in the
|
|
3489
|
+
* <i>
|
|
3448
3490
|
* <i>Identity and Access Management User Guide</i>
|
|
3449
3491
|
* </i>.</p>
|
|
3450
3492
|
* </li>
|
|
@@ -3457,8 +3499,8 @@ export interface ReplicateKeyRequest {
|
|
|
3457
3499
|
/**
|
|
3458
3500
|
* <p>A flag to indicate whether to bypass the key policy lockout safety check.</p>
|
|
3459
3501
|
* <important>
|
|
3460
|
-
* <p>Setting this value to true increases the risk that the KMS key becomes unmanageable. Do
|
|
3461
|
-
* set this value to true indiscriminately.</p>
|
|
3502
|
+
* <p>Setting this value to true increases the risk that the KMS key becomes unmanageable. Do
|
|
3503
|
+
* not set this value to true indiscriminately.</p>
|
|
3462
3504
|
* <p>For more information, refer to the scenario in the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam">Default Key Policy</a> section in the <i>Key Management Service Developer Guide</i>.</p>
|
|
3463
3505
|
* </important>
|
|
3464
3506
|
* <p>Use this parameter only when you intend to prevent the principal that is making the
|
|
@@ -3467,26 +3509,29 @@ export interface ReplicateKeyRequest {
|
|
|
3467
3509
|
*/
|
|
3468
3510
|
BypassPolicyLockoutSafetyCheck?: boolean;
|
|
3469
3511
|
/**
|
|
3470
|
-
* <p>A description of the KMS key. The default value is an empty string (no
|
|
3512
|
+
* <p>A description of the KMS key. The default value is an empty string (no
|
|
3513
|
+
* description).</p>
|
|
3471
3514
|
* <p>The description is not a shared property of multi-Region keys. You can specify the same
|
|
3472
|
-
* description or a different description for each key in a set of related multi-Region keys.
|
|
3515
|
+
* description or a different description for each key in a set of related multi-Region keys.
|
|
3516
|
+
* KMS does not synchronize this property.</p>
|
|
3473
3517
|
*/
|
|
3474
3518
|
Description?: string;
|
|
3475
3519
|
/**
|
|
3476
|
-
* <p>Assigns one or more tags to the replica key. Use this parameter to tag the KMS key when it
|
|
3477
|
-
*
|
|
3478
|
-
*
|
|
3520
|
+
* <p>Assigns one or more tags to the replica key. Use this parameter to tag the KMS key when it
|
|
3521
|
+
* is created. To tag an existing KMS key, use the <a>TagResource</a>
|
|
3522
|
+
* operation.</p>
|
|
3523
|
+
* <note>
|
|
3479
3524
|
* <p>Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/abac.html">Using ABAC in KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
|
|
3480
3525
|
* </note>
|
|
3481
|
-
*
|
|
3526
|
+
* <p>To use this parameter, you must have <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:TagResource</a> permission in an IAM policy.</p>
|
|
3482
3527
|
* <p>Tags are not a shared property of multi-Region keys. You can specify the same tags or
|
|
3483
|
-
* different tags for each key in a set of related multi-Region keys. KMS does not
|
|
3484
|
-
*
|
|
3485
|
-
*
|
|
3486
|
-
*
|
|
3487
|
-
*
|
|
3488
|
-
*
|
|
3489
|
-
*
|
|
3528
|
+
* different tags for each key in a set of related multi-Region keys. KMS does not synchronize
|
|
3529
|
+
* this property.</p>
|
|
3530
|
+
* <p>Each tag consists of a tag key and a tag value. Both the tag key and the tag value are
|
|
3531
|
+
* required, but the tag value can be an empty (null) string. You cannot have more than one tag
|
|
3532
|
+
* on a KMS key with the same tag key. If you specify an existing tag key with a different tag
|
|
3533
|
+
* value, KMS replaces the current tag value with the specified one.</p>
|
|
3534
|
+
* <p>When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation
|
|
3490
3535
|
* report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details,
|
|
3491
3536
|
* see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html">Tagging Keys</a>.</p>
|
|
3492
3537
|
*/
|
|
@@ -3500,9 +3545,9 @@ export declare namespace ReplicateKeyRequest {
|
|
|
3500
3545
|
}
|
|
3501
3546
|
export interface ReplicateKeyResponse {
|
|
3502
3547
|
/**
|
|
3503
|
-
* <p>Displays details about the new replica key, including its Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key
|
|
3504
|
-
*
|
|
3505
|
-
* replica keys.</p>
|
|
3548
|
+
* <p>Displays details about the new replica key, including its Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) and
|
|
3549
|
+
* <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">key state</a>. It also
|
|
3550
|
+
* includes the ARN and Amazon Web Services Region of its primary key and other replica keys.</p>
|
|
3506
3551
|
*/
|
|
3507
3552
|
ReplicaKeyMetadata?: KeyMetadata;
|
|
3508
3553
|
/**
|
|
@@ -3527,7 +3572,7 @@ export interface RetireGrantRequest {
|
|
|
3527
3572
|
* <p>Identifies the grant to be retired. You can use a grant token to identify a new grant even
|
|
3528
3573
|
* before it has achieved eventual consistency.</p>
|
|
3529
3574
|
* <p>Only the <a>CreateGrant</a> operation returns a grant token. For details, see
|
|
3530
|
-
*
|
|
3575
|
+
* <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">Grant token</a>
|
|
3531
3576
|
* and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-eventual-consistency">Eventual consistency</a> in the <i>Key Management Service Developer Guide</i>.</p>
|
|
3532
3577
|
*/
|
|
3533
3578
|
GrantToken?: string;
|
|
@@ -3539,7 +3584,7 @@ export interface RetireGrantRequest {
|
|
|
3539
3584
|
KeyId?: string;
|
|
3540
3585
|
/**
|
|
3541
3586
|
* <p>Identifies the grant to retire. To get the grant ID, use <a>CreateGrant</a>,
|
|
3542
|
-
*
|
|
3587
|
+
* <a>ListGrants</a>, or <a>ListRetirableGrants</a>.</p>
|
|
3543
3588
|
* <ul>
|
|
3544
3589
|
* <li>
|
|
3545
3590
|
* <p>Grant ID Example -
|
|
@@ -3557,8 +3602,8 @@ export declare namespace RetireGrantRequest {
|
|
|
3557
3602
|
}
|
|
3558
3603
|
export interface RevokeGrantRequest {
|
|
3559
3604
|
/**
|
|
3560
|
-
* <p>A unique identifier for the KMS key associated with the grant. To get
|
|
3561
|
-
*
|
|
3605
|
+
* <p>A unique identifier for the KMS key associated with the grant. To get the key ID and key
|
|
3606
|
+
* ARN for a KMS key, use <a>ListKeys</a> or <a>DescribeKey</a>.</p>
|
|
3562
3607
|
*
|
|
3563
3608
|
* <p>Specify the key ID or key ARN of the KMS key. To specify a KMS key in a
|
|
3564
3609
|
* different Amazon Web Services account, you must use the key ARN.</p>
|
|
@@ -3578,7 +3623,7 @@ export interface RevokeGrantRequest {
|
|
|
3578
3623
|
KeyId: string | undefined;
|
|
3579
3624
|
/**
|
|
3580
3625
|
* <p>Identifies the grant to revoke. To get the grant ID, use <a>CreateGrant</a>,
|
|
3581
|
-
*
|
|
3626
|
+
* <a>ListGrants</a>, or <a>ListRetirableGrants</a>.</p>
|
|
3582
3627
|
*/
|
|
3583
3628
|
GrantId: string | undefined;
|
|
3584
3629
|
}
|
|
@@ -3591,7 +3636,6 @@ export declare namespace RevokeGrantRequest {
|
|
|
3591
3636
|
export interface ScheduleKeyDeletionRequest {
|
|
3592
3637
|
/**
|
|
3593
3638
|
* <p>The unique identifier of the KMS key to delete.</p>
|
|
3594
|
-
*
|
|
3595
3639
|
* <p>Specify the key ID or key ARN of the KMS key.</p>
|
|
3596
3640
|
* <p>For example:</p>
|
|
3597
3641
|
* <ul>
|
|
@@ -3610,8 +3654,9 @@ export interface ScheduleKeyDeletionRequest {
|
|
|
3610
3654
|
/**
|
|
3611
3655
|
* <p>The waiting period, specified in number of days. After the waiting period ends, KMS
|
|
3612
3656
|
* deletes the KMS key.</p>
|
|
3613
|
-
* <p>If the KMS key is a multi-Region primary key with replicas, the waiting period begins when
|
|
3614
|
-
* last of its replica keys is deleted. Otherwise, the waiting period begins
|
|
3657
|
+
* <p>If the KMS key is a multi-Region primary key with replicas, the waiting period begins when
|
|
3658
|
+
* the last of its replica keys is deleted. Otherwise, the waiting period begins
|
|
3659
|
+
* immediately.</p>
|
|
3615
3660
|
* <p>This value is optional. If you include a value, it must be between 7 and 30, inclusive. If
|
|
3616
3661
|
* you do not include a value, it defaults to 30.</p>
|
|
3617
3662
|
*/
|
|
@@ -3630,21 +3675,22 @@ export interface ScheduleKeyDeletionResponse {
|
|
|
3630
3675
|
KeyId?: string;
|
|
3631
3676
|
/**
|
|
3632
3677
|
* <p>The date and time after which KMS deletes the KMS key.</p>
|
|
3633
|
-
* <p>If the KMS key is a multi-Region primary key with replica keys, this field does not
|
|
3634
|
-
* The deletion date for the primary key isn't known until its last replica key is
|
|
3678
|
+
* <p>If the KMS key is a multi-Region primary key with replica keys, this field does not
|
|
3679
|
+
* appear. The deletion date for the primary key isn't known until its last replica key is
|
|
3635
3680
|
* deleted.</p>
|
|
3636
3681
|
*/
|
|
3637
3682
|
DeletionDate?: Date;
|
|
3638
3683
|
/**
|
|
3639
3684
|
* <p>The current status of the KMS key.</p>
|
|
3640
|
-
* <p>For more information about how key state affects the use of a KMS key, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS
|
|
3641
|
-
*
|
|
3685
|
+
* <p>For more information about how key state affects the use of a KMS key, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS
|
|
3686
|
+
* key</a> in the <i>Key Management Service Developer Guide</i>.</p>
|
|
3642
3687
|
*/
|
|
3643
3688
|
KeyState?: KeyState | string;
|
|
3644
3689
|
/**
|
|
3645
3690
|
* <p>The waiting period before the KMS key is deleted. </p>
|
|
3646
|
-
* <p>If the KMS key is a multi-Region primary key with replicas, the waiting period begins when
|
|
3647
|
-
* last of its replica keys is deleted. Otherwise, the waiting period begins
|
|
3691
|
+
* <p>If the KMS key is a multi-Region primary key with replicas, the waiting period begins when
|
|
3692
|
+
* the last of its replica keys is deleted. Otherwise, the waiting period begins
|
|
3693
|
+
* immediately.</p>
|
|
3648
3694
|
*/
|
|
3649
3695
|
PendingWindowInDays?: number;
|
|
3650
3696
|
}
|
|
@@ -3656,10 +3702,9 @@ export declare namespace ScheduleKeyDeletionResponse {
|
|
|
3656
3702
|
}
|
|
3657
3703
|
export interface SignRequest {
|
|
3658
3704
|
/**
|
|
3659
|
-
* <p>Identifies an asymmetric KMS key. KMS uses the private key in the asymmetric KMS key to
|
|
3660
|
-
* message. The <code>KeyUsage</code> type of the KMS key must be
|
|
3661
|
-
*
|
|
3662
|
-
*
|
|
3705
|
+
* <p>Identifies an asymmetric KMS key. KMS uses the private key in the asymmetric KMS key to
|
|
3706
|
+
* sign the message. The <code>KeyUsage</code> type of the KMS key must be
|
|
3707
|
+
* <code>SIGN_VERIFY</code>. To find the <code>KeyUsage</code> of a KMS key, use the <a>DescribeKey</a> operation.</p>
|
|
3663
3708
|
* <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
|
|
3664
3709
|
* <p>For example:</p>
|
|
3665
3710
|
* <ul>
|
|
@@ -3704,7 +3749,8 @@ export interface SignRequest {
|
|
|
3704
3749
|
GrantTokens?: string[];
|
|
3705
3750
|
/**
|
|
3706
3751
|
* <p>Specifies the signing algorithm to use when signing the message. </p>
|
|
3707
|
-
* <p>Choose an algorithm that is compatible with the type and size of the specified asymmetric
|
|
3752
|
+
* <p>Choose an algorithm that is compatible with the type and size of the specified asymmetric
|
|
3753
|
+
* KMS key.</p>
|
|
3708
3754
|
*/
|
|
3709
3755
|
SigningAlgorithm: SigningAlgorithmSpec | string | undefined;
|
|
3710
3756
|
}
|
|
@@ -3822,11 +3868,11 @@ export interface UpdateAliasRequest {
|
|
|
3822
3868
|
*/
|
|
3823
3869
|
AliasName: string | undefined;
|
|
3824
3870
|
/**
|
|
3825
|
-
* <p>Identifies the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed key</a> to associate with the alias. You don't have permission
|
|
3826
|
-
*
|
|
3827
|
-
* <p>The KMS key must be in the same Amazon Web Services account and Region as the alias. Also, the new
|
|
3828
|
-
* must be the same type as the current target KMS key (both symmetric or both
|
|
3829
|
-
* must have the same key usage. </p>
|
|
3871
|
+
* <p>Identifies the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed key</a> to associate with the alias. You don't have permission to
|
|
3872
|
+
* associate an alias with an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk">Amazon Web Services managed key</a>.</p>
|
|
3873
|
+
* <p>The KMS key must be in the same Amazon Web Services account and Region as the alias. Also, the new
|
|
3874
|
+
* target KMS key must be the same type as the current target KMS key (both symmetric or both
|
|
3875
|
+
* asymmetric) and they must have the same key usage. </p>
|
|
3830
3876
|
* <p>Specify the key ID or key ARN of the KMS key.</p>
|
|
3831
3877
|
* <p>For example:</p>
|
|
3832
3878
|
* <ul>
|
|
@@ -3840,8 +3886,8 @@ export interface UpdateAliasRequest {
|
|
|
3840
3886
|
* </li>
|
|
3841
3887
|
* </ul>
|
|
3842
3888
|
* <p>To get the key ID and key ARN for a KMS key, use <a>ListKeys</a> or <a>DescribeKey</a>.</p>
|
|
3843
|
-
* <p>To
|
|
3844
|
-
* is mapped to the correct KMS key, use <a>ListAliases</a>.</p>
|
|
3889
|
+
* <p>To
|
|
3890
|
+
* verify that the alias is mapped to the correct KMS key, use <a>ListAliases</a>.</p>
|
|
3845
3891
|
*/
|
|
3846
3892
|
TargetKeyId: string | undefined;
|
|
3847
3893
|
}
|
|
@@ -3897,6 +3943,7 @@ export declare namespace UpdateCustomKeyStoreResponse {
|
|
|
3897
3943
|
export interface UpdateKeyDescriptionRequest {
|
|
3898
3944
|
/**
|
|
3899
3945
|
* <p>Updates the description of the specified KMS key.</p>
|
|
3946
|
+
*
|
|
3900
3947
|
* <p>Specify the key ID or key ARN of the KMS key.</p>
|
|
3901
3948
|
* <p>For example:</p>
|
|
3902
3949
|
* <ul>
|
|
@@ -3927,7 +3974,6 @@ export interface UpdatePrimaryRegionRequest {
|
|
|
3927
3974
|
/**
|
|
3928
3975
|
* <p>Identifies the current primary key. When the operation completes, this KMS key will be a
|
|
3929
3976
|
* replica key.</p>
|
|
3930
|
-
*
|
|
3931
3977
|
* <p>Specify the key ID or key ARN of a multi-Region primary key.</p>
|
|
3932
3978
|
* <p>For example:</p>
|
|
3933
3979
|
* <ul>
|
|
@@ -3944,8 +3990,9 @@ export interface UpdatePrimaryRegionRequest {
|
|
|
3944
3990
|
*/
|
|
3945
3991
|
KeyId: string | undefined;
|
|
3946
3992
|
/**
|
|
3947
|
-
* <p>The Amazon Web Services Region of the new primary key. Enter the Region ID, such as
|
|
3948
|
-
*
|
|
3993
|
+
* <p>The Amazon Web Services Region of the new primary key. Enter the Region ID, such as
|
|
3994
|
+
* <code>us-east-1</code> or <code>ap-southeast-2</code>. There must be an existing replica key
|
|
3995
|
+
* in this Region. </p>
|
|
3949
3996
|
* <p>When the operation completes, the multi-Region key in this Region will be the primary
|
|
3950
3997
|
* key.</p>
|
|
3951
3998
|
*/
|
|
@@ -3959,9 +4006,9 @@ export declare namespace UpdatePrimaryRegionRequest {
|
|
|
3959
4006
|
}
|
|
3960
4007
|
export interface VerifyRequest {
|
|
3961
4008
|
/**
|
|
3962
|
-
* <p>Identifies the asymmetric KMS key that will be used to verify the signature. This must be
|
|
3963
|
-
* same KMS key that was used to generate the signature. If you specify a different KMS key,
|
|
3964
|
-
* signature verification fails.</p>
|
|
4009
|
+
* <p>Identifies the asymmetric KMS key that will be used to verify the signature. This must be
|
|
4010
|
+
* the same KMS key that was used to generate the signature. If you specify a different KMS key,
|
|
4011
|
+
* the signature verification fails.</p>
|
|
3965
4012
|
* <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
|
|
3966
4013
|
* <p>For example:</p>
|
|
3967
4014
|
* <ul>
|