npm - @aws-sdk/client-kms - Versions diffs - 3.35.0 → 3.36.0 - Mend

@aws-sdk/client-kms 3.35.0 → 3.36.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (421) hide show

package/dist-cjs/commands/DescribeKeyCommand.js CHANGED Viewed

@@ -6,16 +6,17 @@ const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
 /**
- * <p>Provides detailed information about a KMS key. You can run
- *         <code>DescribeKey</code> on a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed key</a> or an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk">Amazon Web Services managed key</a>.</p>
+ * <p>Provides detailed information about a KMS key. You can run <code>DescribeKey</code> on a
+ *         <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed
+ *         key</a> or an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk">Amazon Web Services managed key</a>.</p>
  *          <p>This detailed information includes the key ARN, creation date (and deletion date, if
  *       applicable), the key state, and the origin and expiration date (if any) of the key material.
  *       It includes fields, like <code>KeySpec</code>, that help you distinguish symmetric from
  *       asymmetric KMS keys. It also provides information that is particularly important to asymmetric
  *       keys, such as the key usage (encryption or signing) and the encryption algorithms or signing
- *       algorithms that the KMS key supports. For KMS keys in custom key stores, it includes information about
- *       the custom key store, such as the key store ID and the CloudHSM cluster ID. For multi-Region
- *       keys, it displays the primary key and all related replica keys. </p>
+ *       algorithms that the KMS key supports. For KMS keys in custom key stores, it includes
+ *       information about the custom key store, such as the key store ID and the CloudHSM cluster ID. For
+ *       multi-Region keys, it displays the primary key and all related replica keys. </p>
  *          <p>
  *             <code>DescribeKey</code> does not return the following information:</p>
  *          <ul>
@@ -24,8 +25,8 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *             </li>
  *             <li>
  *                <p>Whether automatic key rotation is enabled on the KMS key. To get this information, use
- *             <a>GetKeyRotationStatus</a>. Also, some key states prevent a KMS key from being
- *           automatically rotated. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-how-it-works">How Automatic Key Rotation
+ *             <a>GetKeyRotationStatus</a>. Also, some key states prevent a KMS key from
+ *           being automatically rotated. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-how-it-works">How Automatic Key Rotation
  *             Works</a> in <i>Key Management Service Developer Guide</i>.</p>
  *             </li>
  *             <li>
@@ -35,9 +36,10 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *                <p>Key policies and grants on the KMS key. To get this information, use <a>GetKeyPolicy</a> and <a>ListGrants</a>.</p>
  *             </li>
  *          </ul>
- *          <p>If you call the <code>DescribeKey</code> operation on a <i>predefined Amazon Web Services alias</i>, that is, an Amazon Web Services alias with no key ID, KMS creates an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk">Amazon Web Services managed key</a>.
- *       Then, it associates the alias with the new KMS key, and returns the <code>KeyId</code> and
- *         <code>Arn</code> of the new KMS key in the response.</p>
+ *          <p>If you call the <code>DescribeKey</code> operation on a <i>predefined Amazon Web Services
+ *         alias</i>, that is, an Amazon Web Services alias with no key ID, KMS creates an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk">Amazon Web Services managed
+ *         key</a>. Then, it associates the alias with the new KMS key, and returns the
+ *         <code>KeyId</code> and <code>Arn</code> of the new KMS key in the response.</p>
  *          <p>
  *             <b>Cross-account use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
  *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter.</p>
@@ -135,4 +137,3 @@ class DescribeKeyCommand extends smithy_client_1.Command {
     }
 }
 exports.DescribeKeyCommand = DescribeKeyCommand;
-//# sourceMappingURL=DescribeKeyCommand.js.map

package/dist-cjs/commands/DisableKeyCommand.js CHANGED Viewed

@@ -6,14 +6,15 @@ const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
 /**
- * <p>Sets the state of a KMS key to disabled. This change temporarily
- *       prevents use of the KMS key for <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic operations</a>. </p>
- *          <p>For more information about how key state affects the use of a KMS key, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>
+ * <p>Sets the state of a KMS key to disabled. This change temporarily prevents use of the KMS
+ *       key for <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic operations</a>. </p>
+ *          <p>For more information about how key state affects the use of a KMS key, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS
+ *         key</a> in the <i>
  *                <i>Key Management Service Developer Guide</i>
  *             </i>.</p>
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>
+ *         <p>
  *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
  *
  *          <p>
@@ -72,4 +73,3 @@ class DisableKeyCommand extends smithy_client_1.Command {
     }
 }
 exports.DisableKeyCommand = DisableKeyCommand;
-//# sourceMappingURL=DisableKeyCommand.js.map

package/dist-cjs/commands/DisableKeyRotationCommand.js CHANGED Viewed

@@ -12,7 +12,8 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
+ *             <b>Cross-account
+ *         use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
  *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:DisableKeyRotation</a> (key policy)</p>
@@ -82,4 +83,3 @@ class DisableKeyRotationCommand extends smithy_client_1.Command {
     }
 }
 exports.DisableKeyRotationCommand = DisableKeyRotationCommand;
-//# sourceMappingURL=DisableKeyRotationCommand.js.map

package/dist-cjs/commands/DisconnectCustomKeyStoreCommand.js CHANGED Viewed

@@ -7,8 +7,9 @@ const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
 /**
  * <p>Disconnects the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a> from its associated CloudHSM cluster. While a custom key
- *       store is disconnected, you can manage the custom key store and its KMS keys, but you cannot create or use KMS keys in the custom key store. You can reconnect the
- *       custom key store at any time.</p>
+ *       store is disconnected, you can manage the custom key store and its KMS keys, but you cannot
+ *       create or use KMS keys in the custom key store. You can reconnect the custom key store at any
+ *       time.</p>
  *          <note>
  *             <p>While a custom key store is disconnected, all attempts to create KMS keys in the custom key store or to use existing KMS keys in <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic operations</a> will
  *         fail. This action can prevent users from storing and accessing sensitive data.</p>
@@ -22,8 +23,9 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  * combines the convenience and extensive integration of KMS with the isolation and control of a
  * single-tenant key store.</p>
  *
- *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.</p>
+ *         <p>
+ *             <b>Cross-account use</b>: No.
+ *       You cannot perform this operation on a custom key store in a different Amazon Web Services account.</p>
  *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:DisconnectCustomKeyStore</a> (IAM policy)</p>
@@ -108,4 +110,3 @@ class DisconnectCustomKeyStoreCommand extends smithy_client_1.Command {
     }
 }
 exports.DisconnectCustomKeyStoreCommand = DisconnectCustomKeyStoreCommand;
-//# sourceMappingURL=DisconnectCustomKeyStoreCommand.js.map

package/dist-cjs/commands/EnableKeyCommand.js CHANGED Viewed

@@ -6,11 +6,13 @@ const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
 /**
- * <p>Sets the key state of a KMS key to enabled. This allows you to use the KMS key for <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic operations</a>. </p>
+ * <p>Sets the key state of a KMS key to enabled. This allows you to use the KMS key for
+ *       <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic operations</a>. </p>
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
+ *             <b>Cross-account
+ *       use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
  *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:EnableKey</a> (key policy)</p>
@@ -68,4 +70,3 @@ class EnableKeyCommand extends smithy_client_1.Command {
     }
 }
 exports.EnableKeyCommand = EnableKeyCommand;
-//# sourceMappingURL=EnableKeyCommand.js.map

package/dist-cjs/commands/EnableKeyRotationCommand.js CHANGED Viewed

@@ -12,7 +12,8 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
+ *             <b>Cross-account
+ *         use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
  *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:EnableKeyRotation</a> (key policy)</p>
@@ -82,4 +83,3 @@ class EnableKeyRotationCommand extends smithy_client_1.Command {
     }
 }
 exports.EnableKeyRotationCommand = EnableKeyRotationCommand;
-//# sourceMappingURL=EnableKeyRotationCommand.js.map

package/dist-cjs/commands/EncryptCommand.js CHANGED Viewed

@@ -6,19 +6,20 @@ const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
 /**
- * <p>Encrypts plaintext into ciphertext by using a KMS key. The
- *         <code>Encrypt</code> operation has two primary use cases:</p>
+ * <p>Encrypts plaintext into ciphertext by using a KMS key. The <code>Encrypt</code> operation
+ *       has two primary use cases:</p>
  *          <ul>
  *             <li>
  *                <p>You can encrypt small amounts of arbitrary data, such as a personal identifier or
  *           database password, or other sensitive information. </p>
  *             </li>
  *             <li>
- *                <p>You can use the <code>Encrypt</code> operation to move encrypted data from one Amazon Web Services Region to another. For example, in Region A, generate a data key and use the plaintext key to encrypt
- *           your data. Then, in Region A, use the <code>Encrypt</code> operation to encrypt the
- *           plaintext data key under a KMS key in Region B. Now, you can move the encrypted data and the
- *           encrypted data key to Region B. When necessary, you can decrypt the encrypted data key and
- *           the encrypted data entirely within in Region B.</p>
+ *                <p>You can use the <code>Encrypt</code> operation to move encrypted data from one Amazon Web Services
+ *           Region to another. For example, in Region A, generate a data key and use the plaintext key
+ *           to encrypt your data. Then, in Region A, use the <code>Encrypt</code> operation to encrypt
+ *           the plaintext data key under a KMS key in Region B. Now, you can move the encrypted data
+ *           and the encrypted data key to Region B. When necessary, you can decrypt the encrypted data
+ *           key and the encrypted data entirely within in Region B.</p>
  *             </li>
  *          </ul>
  *
@@ -29,10 +30,10 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *       encryption operation. The KMS key must have a <code>KeyUsage</code> value of
  *         <code>ENCRYPT_DECRYPT.</code> To find the <code>KeyUsage</code> of a KMS key, use the <a>DescribeKey</a> operation. </p>
  *
- *          <p>If you use a symmetric KMS key, you can use an encryption context to add additional security
- *       to your encryption operation. If you specify an <code>EncryptionContext</code> when encrypting
- *       data, you must specify the same encryption context (a case-sensitive exact match) when
- *       decrypting the data. Otherwise, the request to decrypt fails with an
+ *          <p>If you use a symmetric KMS key, you can use an encryption context to add additional
+ *       security to your encryption operation. If you specify an <code>EncryptionContext</code> when
+ *       encrypting data, you must specify the same encryption context (a case-sensitive exact match)
+ *       when decrypting the data. Otherwise, the request to decrypt fails with an
  *         <code>InvalidCiphertextException</code>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption
  *         Context</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>If you specify an asymmetric KMS key, you must also specify the encryption algorithm. The
@@ -104,7 +105,8 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
+ *             <b>Cross-account use</b>: Yes.
+ *       To perform this operation with a KMS key in a different Amazon Web Services account, specify
  *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter.</p>
  *
  *          <p>
@@ -180,4 +182,3 @@ class EncryptCommand extends smithy_client_1.Command {
     }
 }
 exports.EncryptCommand = EncryptCommand;
-//# sourceMappingURL=EncryptCommand.js.map

package/dist-cjs/commands/GenerateDataKeyCommand.js CHANGED Viewed

@@ -7,19 +7,19 @@ const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
 /**
  * <p>Generates a unique symmetric data key for client-side encryption. This operation returns a
- *       plaintext copy of the data key and a copy that is encrypted under a KMS key
- *       that you specify. You can use the plaintext key to encrypt your data outside of KMS and
- *       store the encrypted data key with the encrypted data.</p>
+ *       plaintext copy of the data key and a copy that is encrypted under a KMS key that you specify.
+ *       You can use the plaintext key to encrypt your data outside of KMS and store the encrypted
+ *       data key with the encrypted data.</p>
  *
  *          <p>
  *             <code>GenerateDataKey</code> returns a unique data key for each request. The bytes in the
  *       plaintext key are not related to the caller or the KMS key.</p>
  *
- *          <p>To generate a data key, specify the symmetric KMS key that will be used to encrypt the data
- *       key. You cannot use an asymmetric KMS key to generate data keys. To get the type of your KMS key, use
- *       the <a>DescribeKey</a> operation. You must also specify the length of the data key.
- *       Use either the <code>KeySpec</code> or <code>NumberOfBytes</code> parameters (but not both).
- *       For 128-bit and 256-bit data keys, use the <code>KeySpec</code> parameter. </p>
+ *          <p>To generate a data key, specify the symmetric KMS key that will be used to encrypt the
+ *       data key. You cannot use an asymmetric KMS key to generate data keys. To get the type of your
+ *       KMS key, use the <a>DescribeKey</a> operation. You must also specify the length of
+ *       the data key. Use either the <code>KeySpec</code> or <code>NumberOfBytes</code> parameters
+ *       (but not both). For 128-bit and 256-bit data keys, use the <code>KeySpec</code> parameter. </p>
  *
  *          <p>To get only an encrypted copy of the data key, use <a>GenerateDataKeyWithoutPlaintext</a>. To generate an asymmetric data key pair, use
  *       the <a>GenerateDataKeyPair</a> or <a>GenerateDataKeyPairWithoutPlaintext</a> operation. To get a cryptographically secure
@@ -34,11 +34,14 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>How to use your data key</b>
+ *             <b>How to use your data
+ *         key</b>
  *          </p>
- *          <p>We recommend that you use the following pattern to encrypt data locally in your application.
- *       You can write your own code or use a client-side encryption library, such as the <a href="https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/">Amazon Web Services Encryption SDK</a>, the <a href="https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/">Amazon DynamoDB Encryption Client</a>, or
- *         <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html">Amazon S3
+ *          <p>We recommend that you use the following pattern to encrypt data locally in your
+ *       application. You can write your own code or use a client-side encryption library, such as the
+ *         <a href="https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/">Amazon Web Services Encryption SDK</a>, the
+ *         <a href="https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/">Amazon DynamoDB Encryption Client</a>,
+ *       or <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html">Amazon S3
  *         client-side encryption</a> to do these tasks for you.</p>
  *          <p>To encrypt data outside of KMS:</p>
  *          <ol>
@@ -152,4 +155,3 @@ class GenerateDataKeyCommand extends smithy_client_1.Command {
     }
 }
 exports.GenerateDataKeyCommand = GenerateDataKeyCommand;
-//# sourceMappingURL=GenerateDataKeyCommand.js.map

package/dist-cjs/commands/GenerateDataKeyPairCommand.js CHANGED Viewed

@@ -8,20 +8,21 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
 /**
  * <p>Generates a unique asymmetric data key pair. The <code>GenerateDataKeyPair</code>
  *       operation returns a plaintext public key, a plaintext private key, and a copy of the private
- *       key that is encrypted under the symmetric KMS key you specify. You can use the data key pair to
- *       perform asymmetric cryptography and implement digital signatures outside of KMS.</p>
+ *       key that is encrypted under the symmetric KMS key you specify. You can use the data key pair
+ *       to perform asymmetric cryptography and implement digital signatures outside of KMS.</p>
  *
  *          <p>You can use the public key that <code>GenerateDataKeyPair</code> returns to encrypt data
  *       or verify a signature outside of KMS. Then, store the encrypted private key with the data.
  *       When you are ready to decrypt data or sign a message, you can use the <a>Decrypt</a> operation to decrypt the encrypted private key.</p>
  *
- *          <p>To generate a data key pair, you must specify a symmetric KMS key to
- *       encrypt the private key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a
- *       custom key store. To get the type and origin of your KMS key, use the <a>DescribeKey</a> operation. </p>
+ *          <p>To generate a data key pair, you must specify a symmetric KMS key to encrypt the private
+ *       key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a custom key
+ *       store. To get the type and origin of your KMS key, use the <a>DescribeKey</a>
+ *       operation. </p>
  *          <p>Use the <code>KeyPairSpec</code> parameter to choose an RSA or Elliptic Curve (ECC) data
- *       key pair. KMS recommends that your use ECC key pairs for signing, and use RSA key pairs
- *       for either encryption or signing, but not both. However, KMS cannot enforce any restrictions
- *       on the use of data key pairs outside of KMS.</p>
+ *       key pair. KMS recommends that your use ECC key pairs for signing, and use RSA key pairs for
+ *       either encryption or signing, but not both. However, KMS cannot enforce any restrictions on
+ *       the use of data key pairs outside of KMS.</p>
  *
  *          <p>If you are using the data key pair to encrypt data, or for any operation where you don't
  *       immediately need a private key, consider using the <a>GenerateDataKeyPairWithoutPlaintext</a> operation.
@@ -33,10 +34,10 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *
  *          <p>
  *             <code>GenerateDataKeyPair</code> returns a unique data key pair for each request. The
- *       bytes in the keys are not related to the caller or the KMS key that is used to encrypt the private
- *       key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in <a href="https://tools.ietf.org/html/rfc5280">RFC 5280</a>. The
- *       private key is a DER-encoded PKCS8 PrivateKeyInfo, as specified in <a href="https://tools.ietf.org/html/rfc5958">RFC
- *         5958</a>.</p>
+ *       bytes in the keys are not related to the caller or the KMS key that is used to encrypt the
+ *       private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in
+ *         <a href="https://tools.ietf.org/html/rfc5280">RFC 5280</a>. The private key is a
+ *       DER-encoded PKCS8 PrivateKeyInfo, as specified in <a href="https://tools.ietf.org/html/rfc5958">RFC 5958</a>.</p>
  *
  *          <p>You can use the optional encryption context to add additional security to the encryption
  *       operation. If you specify an <code>EncryptionContext</code>, you must specify the same
@@ -46,7 +47,8 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
+ *             <b>Cross-account
+ *         use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
  *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter.</p>
  *
  *          <p>
@@ -132,4 +134,3 @@ class GenerateDataKeyPairCommand extends smithy_client_1.Command {
     }
 }
 exports.GenerateDataKeyPairCommand = GenerateDataKeyPairCommand;
-//# sourceMappingURL=GenerateDataKeyPairCommand.js.map

package/dist-cjs/commands/GenerateDataKeyPairWithoutPlaintextCommand.js CHANGED Viewed

@@ -8,23 +8,24 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
 /**
  * <p>Generates a unique asymmetric data key pair. The
  *         <code>GenerateDataKeyPairWithoutPlaintext</code> operation returns a plaintext public key
- *       and a copy of the private key that is encrypted under the symmetric KMS key you specify. Unlike
- *         <a>GenerateDataKeyPair</a>, this operation does not return a plaintext private
- *       key. </p>
+ *       and a copy of the private key that is encrypted under the symmetric KMS key you specify.
+ *       Unlike <a>GenerateDataKeyPair</a>, this operation does not return a plaintext
+ *       private key. </p>
  *          <p>You can use the public key that <code>GenerateDataKeyPairWithoutPlaintext</code> returns
  *       to encrypt data or verify a signature outside of KMS. Then, store the encrypted private key
  *       with the data. When you are ready to decrypt data or sign a message, you can use the <a>Decrypt</a> operation to decrypt the encrypted private key.</p>
- *          <p>To generate a data key pair, you must specify a symmetric KMS key to
- *       encrypt the private key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a
- *       custom key store. To get the type and origin of your KMS key, use the <a>DescribeKey</a> operation. </p>
+ *          <p>To generate a data key pair, you must specify a symmetric KMS key to encrypt the private
+ *       key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a custom key
+ *       store. To get the type and origin of your KMS key, use the <a>DescribeKey</a>
+ *       operation. </p>
  *          <p>Use the <code>KeyPairSpec</code> parameter to choose an RSA or Elliptic Curve (ECC) data
- *       key pair. KMS recommends that your use ECC key pairs for signing, and use RSA key pairs
- *       for either encryption or signing, but not both. However, KMS cannot enforce any restrictions
- *       on the use of data key pairs outside of KMS.</p>
+ *       key pair. KMS recommends that your use ECC key pairs for signing, and use RSA key pairs for
+ *       either encryption or signing, but not both. However, KMS cannot enforce any restrictions on
+ *       the use of data key pairs outside of KMS.</p>
  *          <p>
  *             <code>GenerateDataKeyPairWithoutPlaintext</code> returns a unique data key pair for each
- *       request. The bytes in the key are not related to the caller or KMS key that is used to encrypt the
- *       private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in
+ *       request. The bytes in the key are not related to the caller or KMS key that is used to encrypt
+ *       the private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in
  *         <a href="https://tools.ietf.org/html/rfc5280">RFC 5280</a>.</p>
  *
  *          <p>You can use the optional encryption context to add additional security to the encryption
@@ -35,11 +36,13 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
+ *             <b>Cross-account
+ *         use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
  *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter.</p>
  *
  *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:GenerateDataKeyPairWithoutPlaintext</a> (key policy)</p>
+ *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:GenerateDataKeyPairWithoutPlaintext</a> (key
+ *       policy)</p>
  *          <p>
  *             <b>Related operations:</b>
  *          </p>
@@ -121,4 +124,3 @@ class GenerateDataKeyPairWithoutPlaintextCommand extends smithy_client_1.Command
     }
 }
 exports.GenerateDataKeyPairWithoutPlaintextCommand = GenerateDataKeyPairWithoutPlaintextCommand;
-//# sourceMappingURL=GenerateDataKeyPairWithoutPlaintextCommand.js.map

package/dist-cjs/commands/GenerateDataKeyWithoutPlaintextCommand.js CHANGED Viewed

@@ -7,8 +7,8 @@ const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
 /**
  * <p>Generates a unique symmetric data key. This operation returns a data key that is encrypted
- *       under a KMS key that you specify. To request an asymmetric data key pair,
- *       use the <a>GenerateDataKeyPair</a> or <a>GenerateDataKeyPairWithoutPlaintext</a> operations.</p>
+ *       under a KMS key that you specify. To request an asymmetric data key pair, use the <a>GenerateDataKeyPair</a> or <a>GenerateDataKeyPairWithoutPlaintext</a>
+ *       operations.</p>
  *          <p>
  *             <code>GenerateDataKeyWithoutPlaintext</code> is identical to the <a>GenerateDataKey</a> operation except that returns only the encrypted copy of the
  *       data key. This operation is useful for systems that need to encrypt data at some point, but
@@ -23,12 +23,12 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *       plaintext data key.</p>
  *          <p>
  *             <code>GenerateDataKeyWithoutPlaintext</code> returns a unique data key for each request.
- *       The bytes in the keys are not related to the caller or KMS key that is used to encrypt the private
- *       key.</p>
+ *       The bytes in the keys are not related to the caller or KMS key that is used to encrypt the
+ *       private key.</p>
  *
- *          <p>To generate a data key, you must specify the symmetric KMS key that is
- *       used to encrypt the data key. You cannot use an asymmetric KMS key to generate a data key. To get
- *       the type of your KMS key, use the <a>DescribeKey</a> operation.</p>
+ *          <p>To generate a data key, you must specify the symmetric KMS key that is used to encrypt the
+ *       data key. You cannot use an asymmetric KMS key to generate a data key. To get the type of your
+ *       KMS key, use the <a>DescribeKey</a> operation.</p>
  *
  *          <p>If the operation succeeds, you will find the encrypted copy of the data key in the
  *         <code>CiphertextBlob</code> field.</p>
@@ -41,11 +41,13 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
+ *             <b>Cross-account
+ *         use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
  *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter.</p>
  *
  *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:GenerateDataKeyWithoutPlaintext</a> (key policy)</p>
+ *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:GenerateDataKeyWithoutPlaintext</a> (key
+ *       policy)</p>
  *          <p>
  *             <b>Related operations:</b>
  *          </p>
@@ -127,4 +129,3 @@ class GenerateDataKeyWithoutPlaintextCommand extends smithy_client_1.Command {
     }
 }
 exports.GenerateDataKeyWithoutPlaintextCommand = GenerateDataKeyWithoutPlaintextCommand;
-//# sourceMappingURL=GenerateDataKeyWithoutPlaintextCommand.js.map

package/dist-cjs/commands/GenerateRandomCommand.js CHANGED Viewed

@@ -11,7 +11,8 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *       the CloudHSM cluster that is associated with a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>, specify the custom key store
  *       ID.</p>
  *          <p>Applications in Amazon Web Services Nitro Enclaves can call this operation by using the <a href="https://github.com/aws/aws-nitro-enclaves-sdk-c">Amazon Web Services Nitro Enclaves Development Kit</a>. For information about the supporting parameters, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html">How Amazon Web Services Nitro Enclaves use KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>For more information about entropy and random number generation, see <a href="https://docs.aws.amazon.com/kms/latest/cryptographic-details/">Key Management Service Cryptographic Details</a>.</p>
+ *          <p>For more information about entropy and random number generation, see
+ *       <a href="https://docs.aws.amazon.com/kms/latest/cryptographic-details/">Key Management Service Cryptographic Details</a>.</p>
  *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:GenerateRandom</a> (IAM policy)</p>
@@ -66,4 +67,3 @@ class GenerateRandomCommand extends smithy_client_1.Command {
     }
 }
 exports.GenerateRandomCommand = GenerateRandomCommand;
-//# sourceMappingURL=GenerateRandomCommand.js.map

package/dist-cjs/commands/GetKeyPolicyCommand.js CHANGED Viewed

@@ -66,4 +66,3 @@ class GetKeyPolicyCommand extends smithy_client_1.Command {
     }
 }
 exports.GetKeyPolicyCommand = GetKeyPolicyCommand;
-//# sourceMappingURL=GetKeyPolicyCommand.js.map

package/dist-cjs/commands/GetKeyRotationStatusCommand.js CHANGED Viewed

@@ -8,7 +8,8 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
 /**
  * <p>Gets a Boolean value that indicates whether <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html">automatic rotation of the key material</a> is
  *       enabled for the specified KMS key.</p>
- *          <p>You cannot enable automatic rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks">asymmetric KMS keys</a>, KMS keys with <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">imported key material</a>, or KMS keys in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>. To enable or disable automatic rotation of a set of related <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#mrk-replica-key">multi-Region keys</a>, set the property on the primary key. The key rotation status for these KMS keys is always <code>false</code>.</p>
+ *          <p>You cannot enable automatic rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks">asymmetric KMS keys</a>, KMS keys with <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">imported key material</a>, or KMS keys in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>. To enable or disable automatic rotation of a set of related <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#mrk-replica-key">multi-Region keys</a>, set the property on the primary key. The key rotation status for these KMS keys is always
+ *       <code>false</code>.</p>
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <ul>
@@ -94,4 +95,3 @@ class GetKeyRotationStatusCommand extends smithy_client_1.Command {
     }
 }
 exports.GetKeyRotationStatusCommand = GetKeyRotationStatusCommand;
-//# sourceMappingURL=GetKeyRotationStatusCommand.js.map

package/dist-cjs/commands/GetParametersForImportCommand.js CHANGED Viewed

@@ -6,16 +6,15 @@ const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
 /**
- * <p>Returns the items you need to import key material into a symmetric, customer managed
- *       KMS key. For more information about importing key material into KMS, see
- *         <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">Importing Key
- *         Material</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ * <p>Returns the items you need to import key material into a symmetric, customer managed KMS
+ *       key. For more information about importing key material into KMS, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">Importing Key Material</a>
+ *       in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>This operation returns a public key and an import token. Use the public key to encrypt the
  *       symmetric key material. Store the import token to send with a subsequent <a>ImportKeyMaterial</a> request.</p>
- *          <p>You must specify the key ID of the symmetric KMS key into which you will import key material.
- *       This KMS key's <code>Origin</code> must be <code>EXTERNAL</code>. You must also specify the
- *       wrapping algorithm and type of wrapping key (public key) that you will use to encrypt the key
- *       material. You cannot perform this operation on an asymmetric KMS key or on any KMS key in a different Amazon Web Services account.</p>
+ *          <p>You must specify the key ID of the symmetric KMS key into which you will import key
+ *       material. This KMS key's <code>Origin</code> must be <code>EXTERNAL</code>. You must also
+ *       specify the wrapping algorithm and type of wrapping key (public key) that you will use to
+ *       encrypt the key material. You cannot perform this operation on an asymmetric KMS key or on any KMS key in a different Amazon Web Services account.</p>
  *          <p>To import key material, you must use the public key and import token from the same
  *       response. These items are valid for 24 hours. The expiration date and time appear in the
  *         <code>GetParametersForImport</code> response. You cannot use an expired token in an <a>ImportKeyMaterial</a> request. If your key and token expire, send another
@@ -93,4 +92,3 @@ class GetParametersForImportCommand extends smithy_client_1.Command {
     }
 }
 exports.GetParametersForImportCommand = GetParametersForImportCommand;
-//# sourceMappingURL=GetParametersForImportCommand.js.map

package/dist-cjs/commands/GetPublicKeyCommand.js CHANGED Viewed

@@ -6,10 +6,11 @@ const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
 /**
- * <p>Returns the public key of an asymmetric KMS key. Unlike the private key of a asymmetric KMS key,
- *       which never leaves KMS unencrypted, callers with <code>kms:GetPublicKey</code> permission
- *       can download the public key of an asymmetric KMS key. You can share the public key to allow others
- *       to encrypt messages and verify signatures outside of KMS. For information about symmetric and asymmetric KMS keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using Symmetric and Asymmetric KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ * <p>Returns the public key of an asymmetric KMS key. Unlike the private key of a asymmetric
+ *       KMS key, which never leaves KMS unencrypted, callers with <code>kms:GetPublicKey</code>
+ *       permission can download the public key of an asymmetric KMS key. You can share the public key
+ *       to allow others to encrypt messages and verify signatures outside of KMS.
+ *       For information about symmetric and asymmetric KMS keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using Symmetric and Asymmetric KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>You do not need to download the public key. Instead, you can use the public key within
  *       KMS by calling the <a>Encrypt</a>, <a>ReEncrypt</a>, or <a>Verify</a> operations with the identifier of an asymmetric KMS key. When you use the
  *       public key within KMS, you benefit from the authentication, authorization, and logging that
@@ -43,7 +44,8 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
+ *             <b>Cross-account use</b>:
+ *       Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
  *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter.</p>
  *
  *          <p>
@@ -102,4 +104,3 @@ class GetPublicKeyCommand extends smithy_client_1.Command {
     }
 }
 exports.GetPublicKeyCommand = GetPublicKeyCommand;
-//# sourceMappingURL=GetPublicKeyCommand.js.map