@aws-sdk/client-kms 3.324.0 → 3.325.0

package/dist-types/commands/DecryptCommand.d.ts

@@ -238,6 +238,49 @@ export interface DecryptCommandOutput extends DecryptResponse, __MetadataBearer
  * // example id: to-decrypt-data-1478281622886
  * ```
  *
+ * @example To decrypt data with an asymmetric encryption KMS key
+ * ```javascript
+ * // The following example decrypts data that was encrypted with an asymmetric encryption KMS key. When the KMS encryption key is asymmetric, you must specify the KMS key ID and the encryption algorithm that was used to encrypt the data.
+ * const input = {
+ *   "CiphertextBlob": "<binary data>",
+ *   "EncryptionAlgorithm": "RSAES_OAEP_SHA_256",
+ *   "KeyId": "0987dcba-09fe-87dc-65ba-ab0987654321"
+ * };
+ * const command = new DecryptCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "EncryptionAlgorithm": "RSAES_OAEP_SHA_256",
+ *   "KeyId": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321",
+ *   "Plaintext": "<binary data>"
+ * }
+ * *\/
+ * // example id: to-decrypt-data-2
+ * ```
+ *
+ * @example To decrypt data for a Nitro enclave
+ * ```javascript
+ * // The following Decrypt example includes the Recipient parameter with a signed attestation document from an AWS Nitro enclave. Instead of returning the decrypted data in plaintext (Plaintext), the operation returns the decrypted data encrypted by the public key from the attestation document (CiphertextForRecipient).
+ * const input = {
+ *   "CiphertextBlob": "<binary data>",
+ *   "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ *   "Recipient": {
+ *     "AttestationDocument": "<attestation document>",
+ *     "KeyEncryptionAlgorithm": "RSAES_OAEP_SHA_256"
+ *   }
+ * };
+ * const command = new DecryptCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "CiphertextForRecipient": "<binary data>",
+ *   "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ *   "Plaintext": ""
+ * }
+ * *\/
+ * // example id: to-decrypt-data-for-a-nitro-enclave-2
+ * ```
+ *
  */
 export declare class DecryptCommand extends $Command<DecryptCommandInput, DecryptCommandOutput, KMSClientResolvedConfig> {
     readonly input: DecryptCommandInput;

package/dist-types/commands/DisconnectCustomKeyStoreCommand.d.ts

@@ -146,6 +146,17 @@ export interface DisconnectCustomKeyStoreCommandOutput extends DisconnectCustomK
  * // example id: to-disconnect-a-custom-key-store-from-its-cloudhsm-cluster-1628627955156
  * ```
  *
+ * @example To disconnect a custom key store from its CloudHSM cluster
+ * ```javascript
+ * // This example disconnects an AWS KMS custom key store from its backing key store. For an AWS CloudHSM key store, it disconnects the key store from its AWS CloudHSM cluster. For an external key store, it disconnects the key store from the external key store proxy that communicates with your external key manager. This operation doesn't return any data. To verify that the custom key store is disconnected, use the <code>DescribeCustomKeyStores</code> operation.
+ * const input = {
+ *   "CustomKeyStoreId": "cks-1234567890abcdef0"
+ * };
+ * const command = new DisconnectCustomKeyStoreCommand(input);
+ * await client.send(command);
+ * // example id: to-disconnect-a-custom-key-store-from-its-cloudhsm-cluster-234abcdefABC
+ * ```
+ *
  */
 export declare class DisconnectCustomKeyStoreCommand extends $Command<DisconnectCustomKeyStoreCommandInput, DisconnectCustomKeyStoreCommandOutput, KMSClientResolvedConfig> {
     readonly input: DisconnectCustomKeyStoreCommandInput;

package/dist-types/commands/EncryptCommand.d.ts

@@ -236,6 +236,26 @@ export interface EncryptCommandOutput extends EncryptResponse, __MetadataBearer
  * // example id: to-encrypt-data-1478906026012
  * ```
  *
+ * @example To encrypt data with an asymmetric encryption KMS key
+ * ```javascript
+ * // The following example encrypts data with the specified RSA asymmetric KMS key. When you encrypt with an asymmetric key, you must specify the encryption algorithm.
+ * const input = {
+ *   "EncryptionAlgorithm": "RSAES_OAEP_SHA_256",
+ *   "KeyId": "0987dcba-09fe-87dc-65ba-ab0987654321",
+ *   "Plaintext": "<binary data>"
+ * };
+ * const command = new EncryptCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "CiphertextBlob": "<binary data>",
+ *   "EncryptionAlgorithm": "RSAES_OAEP_SHA_256",
+ *   "KeyId": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321"
+ * }
+ * *\/
+ * // example id: to-encrypt-data-2
+ * ```
+ *
  */
 export declare class EncryptCommand extends $Command<EncryptCommandInput, EncryptCommandOutput, KMSClientResolvedConfig> {
     readonly input: EncryptCommandInput;

package/dist-types/commands/GenerateDataKeyCommand.d.ts

@@ -233,6 +233,30 @@ export interface GenerateDataKeyCommandOutput extends GenerateDataKeyResponse, _
  * // example id: to-generate-a-data-key-1478912956062
  * ```
  *
+ * @example To generate a data key pair for a Nitro enclave
+ * ```javascript
+ * // The following example includes the Recipient parameter with a signed attestation document from an AWS Nitro enclave. Instead of returning a copy of the data key encrypted by the KMS key and a plaintext copy of the data key, GenerateDataKey returns one copy of the data key encrypted by the KMS key (CiphertextBlob) and one copy of the data key encrypted by the public key from the attestation document (CiphertextForRecipient). The operation doesn't return a plaintext data key.
+ * const input = {
+ *   "KeyId": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ *   "KeySpec": "AES_256",
+ *   "Recipient": {
+ *     "AttestationDocument": "<attestation document>",
+ *     "KeyEncryptionAlgorithm": "RSAES_OAEP_SHA_256"
+ *   }
+ * };
+ * const command = new GenerateDataKeyCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "CiphertextBlob": "<binary data>",
+ *   "CiphertextForRecipient": "<binary data>",
+ *   "KeyId": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ *   "Plaintext": ""
+ * }
+ * *\/
+ * // example id: to-generate-a-data-key-for-a-nitro-enclave-2
+ * ```
+ *
  */
 export declare class GenerateDataKeyCommand extends $Command<GenerateDataKeyCommandInput, GenerateDataKeyCommandOutput, KMSClientResolvedConfig> {
     readonly input: GenerateDataKeyCommandInput;

package/dist-types/commands/GenerateDataKeyPairCommand.d.ts

@@ -216,6 +216,32 @@ export interface GenerateDataKeyPairCommandOutput extends GenerateDataKeyPairRes
  * // example id: to-generate-an-rsa-key-pair-for-encryption-and-decryption-1628619376878
  * ```
  *
+ * @example To generate a data key pair for a Nitro enclave
+ * ```javascript
+ * // The following example includes the Recipient parameter with a signed attestation document from an AWS Nitro enclave. Instead of returning a plaintext copy of the private data key, GenerateDataKeyPair returns a copy of the private data key encrypted by the public key from the attestation document (CiphertextForRecipient). It returns the public data key (PublicKey) and a copy of private data key encrypted under the specified KMS key (PrivateKeyCiphertextBlob), as usual, but plaintext private data key field (PrivateKeyPlaintext) is null or empty.
+ * const input = {
+ *   "KeyId": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ *   "KeyPairSpec": "RSA_3072",
+ *   "Recipient": {
+ *     "AttestationDocument": "<attestation document>",
+ *     "KeyEncryptionAlgorithm": "RSAES_OAEP_SHA_256"
+ *   }
+ * };
+ * const command = new GenerateDataKeyPairCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "CiphertextForRecipient": "<binary data>",
+ *   "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ *   "KeyPairSpec": "RSA_3072",
+ *   "PrivateKeyCiphertextBlob": "<binary data>",
+ *   "PrivateKeyPlaintext": "",
+ *   "PublicKey": "<binary data>"
+ * }
+ * *\/
+ * // example id: to-generate-a-data-key-pair-for-a-nitro-enclave-2
+ * ```
+ *
  */
 export declare class GenerateDataKeyPairCommand extends $Command<GenerateDataKeyPairCommandInput, GenerateDataKeyPairCommandOutput, KMSClientResolvedConfig> {
     readonly input: GenerateDataKeyPairCommandInput;

package/dist-types/commands/GenerateRandomCommand.d.ts

@@ -133,6 +133,27 @@ export interface GenerateRandomCommandOutput extends GenerateRandomResponse, __M
  * // example id: to-generate-random-data-1479163645600
  * ```
  *
+ * @example To generate random data
+ * ```javascript
+ * // The following example includes the Recipient parameter with a signed attestation document from an AWS Nitro enclave. Instead of returning a plaintext (unencrypted) byte string, GenerateRandom returns the byte string encrypted by the public key from the enclave's attestation document.
+ * const input = {
+ *   "NumberOfBytes": 1024,
+ *   "Recipient": {
+ *     "AttestationDocument": "<attestation document>",
+ *     "KeyEncryptionAlgorithm": "RSAES_OAEP_SHA_256"
+ *   }
+ * };
+ * const command = new GenerateRandomCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "CiphertextForRecipient": "<binary data>",
+ *   "Plaintext": ""
+ * }
+ * *\/
+ * // example id: to-generate-random-data-2
+ * ```
+ *
  */
 export declare class GenerateRandomCommand extends $Command<GenerateRandomCommandInput, GenerateRandomCommandOutput, KMSClientResolvedConfig> {
     readonly input: GenerateRandomCommandInput;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-kms",
   "description": "AWS SDK for JavaScript Kms Client for Node.js, Browser and React Native",
-  "version": "3.324.0",
+  "version": "3.325.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "tsc -p tsconfig.cjs.json",
@@ -21,33 +21,33 @@
   "dependencies": {
     "@aws-crypto/sha256-browser": "3.0.0",
     "@aws-crypto/sha256-js": "3.0.0",
-    "@aws-sdk/client-sts": "3.321.1",
+    "@aws-sdk/client-sts": "3.325.0",
     "@aws-sdk/config-resolver": "3.310.0",
-    "@aws-sdk/credential-provider-node": "3.321.1",
+    "@aws-sdk/credential-provider-node": "3.325.0",
     "@aws-sdk/fetch-http-handler": "3.310.0",
     "@aws-sdk/hash-node": "3.310.0",
     "@aws-sdk/invalid-dependency": "3.310.0",
-    "@aws-sdk/middleware-content-length": "3.310.0",
-    "@aws-sdk/middleware-endpoint": "3.310.0",
-    "@aws-sdk/middleware-host-header": "3.310.0",
-    "@aws-sdk/middleware-logger": "3.310.0",
-    "@aws-sdk/middleware-recursion-detection": "3.310.0",
-    "@aws-sdk/middleware-retry": "3.310.0",
-    "@aws-sdk/middleware-serde": "3.310.0",
-    "@aws-sdk/middleware-signing": "3.310.0",
-    "@aws-sdk/middleware-stack": "3.310.0",
-    "@aws-sdk/middleware-user-agent": "3.319.0",
+    "@aws-sdk/middleware-content-length": "3.325.0",
+    "@aws-sdk/middleware-endpoint": "3.325.0",
+    "@aws-sdk/middleware-host-header": "3.325.0",
+    "@aws-sdk/middleware-logger": "3.325.0",
+    "@aws-sdk/middleware-recursion-detection": "3.325.0",
+    "@aws-sdk/middleware-retry": "3.325.0",
+    "@aws-sdk/middleware-serde": "3.325.0",
+    "@aws-sdk/middleware-signing": "3.325.0",
+    "@aws-sdk/middleware-stack": "3.325.0",
+    "@aws-sdk/middleware-user-agent": "3.325.0",
     "@aws-sdk/node-config-provider": "3.310.0",
     "@aws-sdk/node-http-handler": "3.321.1",
     "@aws-sdk/protocol-http": "3.310.0",
-    "@aws-sdk/smithy-client": "3.316.0",
+    "@aws-sdk/smithy-client": "3.325.0",
     "@aws-sdk/types": "3.310.0",
     "@aws-sdk/url-parser": "3.310.0",
     "@aws-sdk/util-base64": "3.310.0",
     "@aws-sdk/util-body-length-browser": "3.310.0",
     "@aws-sdk/util-body-length-node": "3.310.0",
-    "@aws-sdk/util-defaults-mode-browser": "3.316.0",
-    "@aws-sdk/util-defaults-mode-node": "3.316.0",
+    "@aws-sdk/util-defaults-mode-browser": "3.325.0",
+    "@aws-sdk/util-defaults-mode-node": "3.325.0",
     "@aws-sdk/util-endpoints": "3.319.0",
     "@aws-sdk/util-retry": "3.310.0",
     "@aws-sdk/util-user-agent-browser": "3.310.0",