npm - @aws-sdk/client-kms - Versions diffs - 3.35.0 → 3.36.0 - Mend

@aws-sdk/client-kms 3.35.0 → 3.36.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (421) hide show

package/dist-cjs/commands/ImportKeyMaterialCommand.js CHANGED Viewed

@@ -6,12 +6,12 @@ const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
 /**
- * <p>Imports key material into an existing symmetric KMS KMS key that was
- *       created without key material. After you successfully import key material into a KMS key, you can
- *         <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material">reimport the same key material</a> into that KMS key, but you cannot import different key
+ * <p>Imports key material into an existing symmetric KMS KMS key that was created without key
+ *       material. After you successfully import key material into a KMS key, you can <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material">reimport
+ *         the same key material</a> into that KMS key, but you cannot import different key
  *       material. </p>
- *          <p>You cannot perform this operation on an asymmetric KMS key or on any KMS key in a different Amazon Web Services account. For more information about creating KMS keys with no key material and
- *       then importing key material, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">Importing Key Material</a> in the
+ *          <p>You cannot perform this operation on an asymmetric KMS key or on any KMS key in a different Amazon Web Services account. For more information about creating KMS keys with no key material
+ *       and then importing key material, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">Importing Key Material</a> in the
  *       <i>Key Management Service Developer Guide</i>.</p>
  *          <p>Before using this operation, call <a>GetParametersForImport</a>. Its response
  *       includes a public key and an import token. Use the public key to encrypt the key material.
@@ -20,8 +20,8 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *          <p>When calling this operation, you must specify the following values:</p>
  *          <ul>
  *             <li>
- *                <p>The key ID or key ARN of a KMS key with no key material. Its <code>Origin</code> must be
- *             <code>EXTERNAL</code>.</p>
+ *                <p>The key ID or key ARN of a KMS key with no key material. Its <code>Origin</code> must
+ *           be <code>EXTERNAL</code>.</p>
  *                <p>To create a KMS key with no key material, call <a>CreateKey</a> and set the
  *           value of its <code>Origin</code> parameter to <code>EXTERNAL</code>. To get the
  *             <code>Origin</code> of a KMS key, call <a>DescribeKey</a>.)</p>
@@ -36,17 +36,17 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *             </li>
  *             <li>
  *                <p>Whether the key material expires and if so, when. If you set an expiration date, KMS
- *           deletes the key material from the KMS key on the specified date, and the KMS key becomes unusable.
- *           To use the KMS key again, you must reimport the same key material. The only way to change an
- *           expiration date is by reimporting the same key material and specifying a new expiration
- *           date. </p>
+ *           deletes the key material from the KMS key on the specified date, and the KMS key becomes
+ *           unusable. To use the KMS key again, you must reimport the same key material. The only way
+ *           to change an expiration date is by reimporting the same key material and specifying a new
+ *           expiration date. </p>
  *             </li>
  *          </ul>
  *          <p>When this operation is successful, the key state of the KMS key changes from
  *         <code>PendingImport</code> to <code>Enabled</code>, and you can use the KMS key.</p>
  *          <p>If this operation fails, use the exception to help determine the problem. If the error is
- *       related to the key material, the import token, or wrapping key, use <a>GetParametersForImport</a> to get a new public key and import token for the KMS key and
- *       repeat the import procedure. For help, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#importing-keys-overview">How To Import Key
+ *       related to the key material, the import token, or wrapping key, use <a>GetParametersForImport</a> to get a new public key and import token for the KMS key
+ *       and repeat the import procedure. For help, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#importing-keys-overview">How To Import Key
  *         Material</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
@@ -121,4 +121,3 @@ class ImportKeyMaterialCommand extends smithy_client_1.Command {
     }
 }
 exports.ImportKeyMaterialCommand = ImportKeyMaterialCommand;
-//# sourceMappingURL=ImportKeyMaterialCommand.js.map

package/dist-cjs/commands/ListAliasesCommand.js CHANGED Viewed

@@ -6,26 +6,29 @@ const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
 /**
- * <p>Gets a list of aliases in the caller's Amazon Web Services account and region. For more information about
- *       aliases, see <a>CreateAlias</a>.</p>
+ * <p>Gets a list of aliases in the caller's Amazon Web Services account and region. For more information
+ *       about aliases, see <a>CreateAlias</a>.</p>
  *          <p>By default, the <code>ListAliases</code> operation returns all aliases in the account and
- *       region. To get only the aliases associated with a particular KMS key, use
- *       the <code>KeyId</code> parameter.</p>
+ *       region. To get only the aliases associated with a particular KMS key, use the
+ *         <code>KeyId</code> parameter.</p>
  *          <p>The <code>ListAliases</code> response can include aliases that you created and associated
- *       with your customer managed keys, and aliases that Amazon Web Services created and associated with Amazon Web Services managed keys in your account. You can recognize Amazon Web Services aliases because their names have the format
- *         <code>aws/<service-name></code>, such as <code>aws/dynamodb</code>.</p>
+ *       with your customer managed keys, and aliases that Amazon Web Services created and associated with Amazon Web Services
+ *       managed keys in your account. You can recognize Amazon Web Services aliases because their names have the
+ *       format <code>aws/<service-name></code>, such as <code>aws/dynamodb</code>.</p>
  *          <p>The response might also include aliases that have no <code>TargetKeyId</code> field. These
- *       are predefined aliases that Amazon Web Services has created but has not yet associated with a KMS key. Aliases
- *       that Amazon Web Services creates in your account, including predefined aliases, do not count against your
- *         <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html#aliases-limit">KMS aliases
+ *       are predefined aliases that Amazon Web Services has created but has not yet associated with a KMS key.
+ *       Aliases that Amazon Web Services creates in your account, including predefined aliases, do not count against
+ *       your <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html#aliases-limit">KMS aliases
  *         quota</a>.</p>
  *          <p>
  *             <b>Cross-account use</b>: No. <code>ListAliases</code> does not
  *       return aliases in other Amazon Web Services accounts.</p>
  *
+ *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ListAliases</a> (IAM policy)</p>
- *          <p>For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access">Controlling access to aliases</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ *          <p>For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access">Controlling access to aliases</a> in the
+ *       <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Related operations:</b>
  *          </p>
@@ -97,4 +100,3 @@ class ListAliasesCommand extends smithy_client_1.Command {
     }
 }
 exports.ListAliasesCommand = ListAliasesCommand;
-//# sourceMappingURL=ListAliasesCommand.js.map

package/dist-cjs/commands/ListGrantsCommand.js CHANGED Viewed

@@ -7,8 +7,8 @@ const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
 /**
  * <p>Gets a list of all grants for the specified KMS key. </p>
- *          <p>You must specify the KMS key in all requests. You can filter the grant list by grant ID
- *       or grantee principal.</p>
+ *          <p>You must specify the KMS key in all requests. You can filter the grant list by grant ID or
+ *       grantee principal.</p>
  *          <p>For detailed information about grants, including grant terminology, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html">Using grants</a> in the
  *         <i>
  *                <i>Key Management Service Developer Guide</i>
@@ -103,4 +103,3 @@ class ListGrantsCommand extends smithy_client_1.Command {
     }
 }
 exports.ListGrantsCommand = ListGrantsCommand;
-//# sourceMappingURL=ListGrantsCommand.js.map

package/dist-cjs/commands/ListKeyPoliciesCommand.js CHANGED Viewed

@@ -6,9 +6,9 @@ const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
 /**
- * <p>Gets the names of the key policies that are attached to a KMS key. This
- *       operation is designed to get policy names that you can use in a <a>GetKeyPolicy</a>
- *       operation. However, the only valid policy name is <code>default</code>. </p>
+ * <p>Gets the names of the key policies that are attached to a KMS key. This operation is
+ *       designed to get policy names that you can use in a <a>GetKeyPolicy</a> operation.
+ *       However, the only valid policy name is <code>default</code>. </p>
  *          <p>
  *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
  *
@@ -80,4 +80,3 @@ class ListKeyPoliciesCommand extends smithy_client_1.Command {
     }
 }
 exports.ListKeyPoliciesCommand = ListKeyPoliciesCommand;
-//# sourceMappingURL=ListKeyPoliciesCommand.js.map

package/dist-cjs/commands/ListKeysCommand.js CHANGED Viewed

@@ -6,8 +6,7 @@ const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
 /**
- * <p>Gets a list of all KMS keys in the caller's Amazon Web Services account and
- *       Region.</p>
+ * <p>Gets a list of all KMS keys in the caller's Amazon Web Services account and Region.</p>
  *          <p>
  *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
  *
@@ -89,4 +88,3 @@ class ListKeysCommand extends smithy_client_1.Command {
     }
 }
 exports.ListKeysCommand = ListKeysCommand;
-//# sourceMappingURL=ListKeysCommand.js.map

package/dist-cjs/commands/ListResourceTagsCommand.js CHANGED Viewed

@@ -92,4 +92,3 @@ class ListResourceTagsCommand extends smithy_client_1.Command {
     }
 }
 exports.ListResourceTagsCommand = ListResourceTagsCommand;
-//# sourceMappingURL=ListResourceTagsCommand.js.map

package/dist-cjs/commands/ListRetirableGrantsCommand.js CHANGED Viewed

@@ -6,11 +6,11 @@ const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
 /**
- * <p>Returns information about all grants in the Amazon Web Services account and Region that have the specified
- *       retiring principal. </p>
+ * <p>Returns information about all grants in the Amazon Web Services account and Region that have the
+ *       specified retiring principal. </p>
  *          <p>You can specify any principal in your Amazon Web Services account. The grants that are returned include
- *       grants for KMS keys in your Amazon Web Services account and other Amazon Web Services accounts. You might use this operation to
- *       determine which grants you may retire. To retire a grant, use the <a>RetireGrant</a> operation.</p>
+ *       grants for KMS keys in your Amazon Web Services account and other Amazon Web Services accounts. You might use this
+ *       operation to determine which grants you may retire. To retire a grant, use the <a>RetireGrant</a> operation.</p>
  *          <p>For detailed information about grants, including grant terminology, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html">Using grants</a> in the
  *         <i>
  *                <i>Key Management Service Developer Guide</i>
@@ -19,11 +19,12 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *          <p>
  *             <b>Cross-account use</b>: You must specify a principal in your
  *       Amazon Web Services account. However, this operation can return grants in any Amazon Web Services account. You do not need
- *       <code>kms:ListRetirableGrants</code> permission (or any other additional permission) in any
+ *         <code>kms:ListRetirableGrants</code> permission (or any other additional permission) in any
  *       Amazon Web Services account other than your own.</p>
  *
  *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ListRetirableGrants</a> (IAM policy) in your Amazon Web Services account.</p>
+ *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ListRetirableGrants</a> (IAM policy) in your
+ *       Amazon Web Services account.</p>
  *          <p>
  *             <b>Related operations:</b>
  *          </p>
@@ -100,4 +101,3 @@ class ListRetirableGrantsCommand extends smithy_client_1.Command {
     }
 }
 exports.ListRetirableGrantsCommand = ListRetirableGrantsCommand;
-//# sourceMappingURL=ListRetirableGrantsCommand.js.map

package/dist-cjs/commands/PutKeyPolicyCommand.js CHANGED Viewed

@@ -71,4 +71,3 @@ class PutKeyPolicyCommand extends smithy_client_1.Command {
     }
 }
 exports.PutKeyPolicyCommand = PutKeyPolicyCommand;
-//# sourceMappingURL=PutKeyPolicyCommand.js.map

package/dist-cjs/commands/ReEncryptCommand.js CHANGED Viewed

@@ -7,39 +7,45 @@ const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
 /**
  * <p>Decrypts ciphertext and then reencrypts it entirely within KMS. You can use this
- *       operation to change the KMS key under which data is encrypted, such as when
- *       you <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-manually">manually rotate</a> a KMS key or change the KMS key that protects a ciphertext. You can also
- *       use it to reencrypt ciphertext under the same KMS key, such as to change the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">encryption
+ *       operation to change the KMS key under which data is encrypted, such as when you <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-manually">manually
+ *         rotate</a> a KMS key or change the KMS key that protects a ciphertext. You can also use
+ *       it to reencrypt ciphertext under the same KMS key, such as to change the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">encryption
  *         context</a> of a ciphertext.</p>
  *          <p>The <code>ReEncrypt</code> operation can decrypt ciphertext that was encrypted by using an
  *       KMS KMS key in an KMS operation, such as <a>Encrypt</a> or <a>GenerateDataKey</a>. It can also decrypt ciphertext that was encrypted by using the
- *       public key of an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks">asymmetric KMS key</a> outside of KMS. However, it cannot decrypt ciphertext
- *       produced by other libraries, such as the <a href="https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/">Amazon Web Services Encryption SDK</a> or <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html">Amazon S3 client-side encryption</a>.
- *       These libraries return a ciphertext format that is incompatible with KMS.</p>
+ *       public key of an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks">asymmetric KMS key</a>
+ *       outside of KMS. However, it cannot decrypt ciphertext produced by other libraries, such as
+ *       the <a href="https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/">Amazon Web Services Encryption SDK</a> or
+ *         <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html">Amazon S3
+ *         client-side encryption</a>. These libraries return a ciphertext format that is
+ *       incompatible with KMS.</p>
  *          <p>When you use the <code>ReEncrypt</code> operation, you need to provide information for the
  *       decrypt operation and the subsequent encrypt operation.</p>
  *          <ul>
  *             <li>
  *                <p>If your ciphertext was encrypted under an asymmetric KMS key, you must use the
- *             <code>SourceKeyId</code> parameter to identify the KMS key that encrypted the ciphertext.
- *           You must also supply the encryption algorithm that was used. This information is required
- *           to decrypt the data.</p>
+ *             <code>SourceKeyId</code> parameter to identify the KMS key that encrypted the
+ *           ciphertext. You must also supply the encryption algorithm that was used. This information
+ *           is required to decrypt the data.</p>
  *             </li>
  *             <li>
- *                <p>If your ciphertext was encrypted under a symmetric KMS key, the <code>SourceKeyId</code>
- *           parameter is optional. KMS can get this information from metadata that it adds to the
- *           symmetric ciphertext blob. This feature adds durability to your implementation by ensuring
- *           that authorized users can decrypt ciphertext decades after it was encrypted, even if
- *           they've lost track of the key ID. However, specifying the source KMS key is always recommended
- *           as a best practice. When you use the <code>SourceKeyId</code> parameter to specify a KMS key,
- *           KMS uses only the KMS key you specify. If the ciphertext was encrypted under a different KMS key, the <code>ReEncrypt</code> operation fails. This practice ensures that you use the KMS key that you intend.</p>
+ *                <p>If your ciphertext was encrypted under a symmetric KMS key, the
+ *             <code>SourceKeyId</code> parameter is optional. KMS can get this information from
+ *           metadata that it adds to the symmetric ciphertext blob. This feature adds durability to
+ *           your implementation by ensuring that authorized users can decrypt ciphertext decades after
+ *           it was encrypted, even if they've lost track of the key ID. However, specifying the source
+ *           KMS key is always recommended as a best practice. When you use the
+ *             <code>SourceKeyId</code> parameter to specify a KMS key, KMS uses only the KMS key you
+ *           specify. If the ciphertext was encrypted under a different KMS key, the
+ *             <code>ReEncrypt</code> operation fails. This practice ensures that you use the KMS key
+ *           that you intend.</p>
  *             </li>
  *             <li>
  *                <p>To reencrypt the data, you must use the <code>DestinationKeyId</code> parameter
  *           specify the KMS key that re-encrypts the data after it is decrypted. You can select a
- *           symmetric or asymmetric KMS key. If the destination KMS key is an asymmetric KMS key, you must also
- *           provide the encryption algorithm. The algorithm that you choose must be compatible with
- *           the KMS key.</p>
+ *           symmetric or asymmetric KMS key. If the destination KMS key is an asymmetric KMS key, you
+ *           must also provide the encryption algorithm. The algorithm that you choose must be
+ *           compatible with the KMS key.</p>
  *
  *                <important>
  *                   <p>When you use an asymmetric KMS key to encrypt or reencrypt data, be sure to record the KMS key and encryption algorithm that you choose. You will be required to provide the same KMS key and encryption algorithm when you decrypt the data. If the KMS key and algorithm do not match the values used to encrypt the data, the decrypt operation fails.</p>
@@ -47,26 +53,26 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *                </important>
  *             </li>
  *          </ul>
- *
- *
- *
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: Yes. The source KMS key and destination KMS key can be in different Amazon Web Services accounts. Either or both KMS keys can be in a different account than
- *       the caller. To specify a KMS key in a different account, you must use its key ARN or alias
- *       ARN.</p>
+ *             <b>Cross-account use</b>: Yes.
+ *       The source KMS key and destination KMS key can be in different Amazon Web Services accounts. Either or both
+ *       KMS keys can be in a different account than the caller. To specify a KMS key in a different
+ *       account, you must use its key ARN or alias ARN.</p>
  *
  *          <p>
  *             <b>Required permissions</b>:</p>
  *          <ul>
  *             <li>
  *                <p>
- *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ReEncryptFrom</a> permission on the source KMS key (key policy)</p>
+ *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ReEncryptFrom</a>
+ *           permission on the source KMS key (key policy)</p>
  *             </li>
  *             <li>
  *                <p>
- *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ReEncryptTo</a> permission on the destination KMS key (key policy)</p>
+ *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ReEncryptTo</a>
+ *           permission on the destination KMS key (key policy)</p>
  *             </li>
  *          </ul>
  *          <p>To permit reencryption from or to a KMS key, include the <code>"kms:ReEncrypt*"</code>
@@ -150,4 +156,3 @@ class ReEncryptCommand extends smithy_client_1.Command {
     }
 }
 exports.ReEncryptCommand = ReEncryptCommand;
-//# sourceMappingURL=ReEncryptCommand.js.map

package/dist-cjs/commands/ReplicateKeyCommand.js CHANGED Viewed

@@ -37,7 +37,7 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *       details about the <code>Creating</code> key state, see <a href="kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the
  *       <i>Key Management Service Developer Guide</i>.</p>
  *          <p>The CloudTrail log of a <code>ReplicateKey</code> operation records a
- *       <code>ReplicateKey</code> operation in the primary key's Region and a <a>CreateKey</a> operation in the replica key's Region.</p>
+ *         <code>ReplicateKey</code> operation in the primary key's Region and a <a>CreateKey</a> operation in the replica key's Region.</p>
  *          <p>If you replicate a multi-Region primary key with imported key material, the replica key is
  *       created with no key material. You must import the same key material that you imported into the
  *       primary key. For details, see <a href="kms/latest/developerguide/multi-region-keys-import.html">Importing key material into multi-Region keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
@@ -45,8 +45,8 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *       operation.</p>
  *          <note>
  *             <p>
- *                <code>ReplicateKey</code> uses different default values for the <code>KeyPolicy</code> and
- *           <code>Tags</code> parameters than those used in the KMS console. For details, see the
+ *                <code>ReplicateKey</code> uses different default values for the <code>KeyPolicy</code>
+ *         and <code>Tags</code> parameters than those used in the KMS console. For details, see the
  *         parameter descriptions.</p>
  *          </note>
  *          <p>
@@ -57,8 +57,8 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *          <ul>
  *             <li>
  *                <p>
- *                   <code>kms:ReplicateKey</code> on the primary key (in the primary key's Region). Include this
- *           permission in the primary key's key policy.</p>
+ *                   <code>kms:ReplicateKey</code> on the primary key (in the primary key's Region).
+ *           Include this permission in the primary key's key policy.</p>
  *             </li>
  *             <li>
  *                <p>
@@ -135,4 +135,3 @@ class ReplicateKeyCommand extends smithy_client_1.Command {
     }
 }
 exports.ReplicateKeyCommand = ReplicateKeyCommand;
-//# sourceMappingURL=ReplicateKeyCommand.js.map

package/dist-cjs/commands/RetireGrantCommand.js CHANGED Viewed

@@ -8,12 +8,13 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
 /**
  * <p>Deletes a grant. Typically, you retire a grant when you no longer need its permissions. To
  *       identify the grant to retire, use a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">grant token</a>, or both the grant ID and a
- *       key identifier (key ID or key ARN) of the KMS key. The <a>CreateGrant</a> operation returns both values.</p>
+ *       key identifier (key ID or key ARN) of the KMS key. The <a>CreateGrant</a> operation
+ *       returns both values.</p>
  *          <p>This operation can be called by the <i>retiring principal</i> for a grant,
  *       by the <i>grantee principal</i> if the grant allows the <code>RetireGrant</code>
  *       operation, and by the Amazon Web Services account (root user) in which the grant is created. It can also be
  *       called by principals to whom permission for retiring a grant is delegated. For details, see
- *       <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete">Retiring and
+ *         <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete">Retiring and
  *         revoking grants</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>For detailed information about grants, including grant terminology, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html">Using grants</a> in the
  *         <i>
@@ -21,11 +22,12 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *             </i>. For examples of working with grants in several
  *       programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html">Programming grants</a>. </p>
  *          <p>
- *             <b>Cross-account use</b>: Yes. You can retire a grant on a KMS key
- *       in a different Amazon Web Services account.</p>
+ *             <b>Cross-account use</b>: Yes. You can retire a grant on a KMS
+ *       key in a different Amazon Web Services account.</p>
  *          <p>
  *             <b>Required permissions:</b>:Permission to retire a grant is
- *       determined primarily by the grant. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete">Retiring and revoking grants</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ *       determined primarily by the grant. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete">Retiring and revoking grants</a> in
+ *       the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Related operations:</b>
  *          </p>
@@ -102,4 +104,3 @@ class RetireGrantCommand extends smithy_client_1.Command {
     }
 }
 exports.RetireGrantCommand = RetireGrantCommand;
-//# sourceMappingURL=RetireGrantCommand.js.map

package/dist-cjs/commands/RevokeGrantCommand.js CHANGED Viewed

@@ -7,8 +7,7 @@ const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
 /**
  * <p>Deletes the specified grant. You revoke a grant to terminate the permissions that the
- *       grant allows. For more
- *       information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/managing-grants.html#grant-delete">Retiring and revoking grants</a> in
+ *       grant allows. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/managing-grants.html#grant-delete">Retiring and revoking grants</a> in
  *       the <i>
  *                <i>Key Management Service Developer Guide</i>
  *             </i>.</p>
@@ -102,4 +101,3 @@ class RevokeGrantCommand extends smithy_client_1.Command {
     }
 }
 exports.RevokeGrantCommand = RevokeGrantCommand;
-//# sourceMappingURL=RevokeGrantCommand.js.map

package/dist-cjs/commands/ScheduleKeyDeletionCommand.js CHANGED Viewed

@@ -6,22 +6,24 @@ const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
 /**
- * <p>Schedules the deletion of a KMS key. By default, KMS applies a waiting
- *       period of 30 days, but you can specify a waiting period of 7-30 days. When this operation is
- *       successful, the key state of the KMS key changes to <code>PendingDeletion</code> and the key can't
- *       be used in any cryptographic operations. It remains in this state for the duration of the
- *       waiting period. Before the waiting period ends, you can use <a>CancelKeyDeletion</a> to cancel the deletion of the KMS key. After the waiting period ends, KMS deletes the KMS key,
+ * <p>Schedules the deletion of a KMS key. By default, KMS applies a waiting period of 30
+ *       days, but you can specify a waiting period of 7-30 days. When this operation is successful,
+ *       the key state of the KMS key changes to <code>PendingDeletion</code> and the key can't be used
+ *       in any cryptographic operations. It remains in this state for the duration of the waiting
+ *       period. Before the waiting period ends, you can use <a>CancelKeyDeletion</a> to
+ *       cancel the deletion of the KMS key. After the waiting period ends, KMS deletes the KMS key,
  *       its key material, and all KMS data associated with it, including all aliases that refer to
  *       it.</p>
  *          <important>
- *             <p>Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key is
- *         deleted, all data that was encrypted under the KMS key is unrecoverable. (The only exception is
- *         a multi-Region replica key.) To prevent the use of a KMS key without deleting it, use <a>DisableKey</a>. </p>
+ *             <p>Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key
+ *         is deleted, all data that was encrypted under the KMS key is unrecoverable. (The only
+ *         exception is a multi-Region replica key.) To prevent the use of a KMS key without deleting
+ *         it, use <a>DisableKey</a>. </p>
  *          </important>
  *          <p>If you schedule deletion of a KMS key from a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>, when the waiting period
- *       expires, <code>ScheduleKeyDeletion</code> deletes the KMS key from KMS. Then KMS makes a best
- *       effort to delete the key material from the associated CloudHSM cluster. However, you might need
- *       to manually <a href="https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key">delete the orphaned key
+ *       expires, <code>ScheduleKeyDeletion</code> deletes the KMS key from KMS. Then KMS makes a
+ *       best effort to delete the key material from the associated CloudHSM cluster. However, you might
+ *       need to manually <a href="https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key">delete the orphaned key
  *         material</a> from the cluster and its backups.</p>
  *          <p>You can schedule the deletion of a multi-Region primary key and its replica keys at any
  *       time. However, KMS will not delete a multi-Region primary key with existing replica keys. If
@@ -30,18 +32,20 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *       operations. This status can continue indefinitely. When the last of its replicas keys is
  *       deleted (not just scheduled), the key state of the primary key changes to
  *         <code>PendingDeletion</code> and its waiting period (<code>PendingWindowInDays</code>)
- *       begins. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html">Deleting multi-Region keys</a> in the <i>Key Management Service Developer Guide</i>. </p>
+ *       begins. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html">Deleting multi-Region keys</a> in the
+ *       <i>Key Management Service Developer Guide</i>. </p>
  *          <p>For more information about scheduling a KMS key for deletion, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html">Deleting KMS keys</a> in the
  *       <i>Key Management Service Developer Guide</i>.</p>
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *
  *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
+ *             <b>Cross-account
+ *         use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
  *
  *
  *          <p>
- *             <b>Required permissions</b>: kms:ScheduleKeyDeletion (key policy)</p>
+ *             <b>Required permissions</b>: kms:ScheduleKeyDeletion (key
+ *       policy)</p>
  *          <p>
  *             <b>Related operations</b>
  *          </p>
@@ -108,4 +112,3 @@ class ScheduleKeyDeletionCommand extends smithy_client_1.Command {
     }
 }
 exports.ScheduleKeyDeletionCommand = ScheduleKeyDeletionCommand;
-//# sourceMappingURL=ScheduleKeyDeletionCommand.js.map

package/dist-cjs/commands/SignCommand.js CHANGED Viewed

@@ -7,20 +7,21 @@ const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
 /**
  * <p>Creates a <a href="https://en.wikipedia.org/wiki/Digital_signature">digital
- *         signature</a> for a message or message digest by using the private key in an asymmetric KMS key. To verify the signature, use the <a>Verify</a> operation, or use the public
- *       key in the same asymmetric KMS key outside of KMS. For information about symmetric and asymmetric KMS keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using Symmetric and Asymmetric KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ *         signature</a> for a message or message digest by using the private key in an asymmetric
+ *       KMS key. To verify the signature, use the <a>Verify</a> operation, or use the
+ *       public key in the same asymmetric KMS key outside of KMS. For information about symmetric and asymmetric KMS keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using Symmetric and Asymmetric KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>Digital signatures are generated and verified by using asymmetric key pair, such as an RSA
- *       or ECC pair that is represented by an asymmetric KMS key. The key owner (or
- *       an authorized user) uses their private key to sign a message. Anyone with the public key can
- *       verify that the message was signed with that particular private key and that the message
- *       hasn't changed since it was signed. </p>
+ *       or ECC pair that is represented by an asymmetric KMS key. The key owner (or an authorized
+ *       user) uses their private key to sign a message. Anyone with the public key can verify that the
+ *       message was signed with that particular private key and that the message hasn't changed since
+ *       it was signed. </p>
  *          <p>To use the <code>Sign</code> operation, provide the following information:</p>
  *          <ul>
  *             <li>
  *                <p>Use the <code>KeyId</code> parameter to identify an asymmetric KMS key with a
  *             <code>KeyUsage</code> value of <code>SIGN_VERIFY</code>. To get the
- *             <code>KeyUsage</code> value of a KMS key, use the <a>DescribeKey</a> operation.
- *           The caller must have <code>kms:Sign</code> permission on the KMS key.</p>
+ *             <code>KeyUsage</code> value of a KMS key, use the <a>DescribeKey</a>
+ *           operation. The caller must have <code>kms:Sign</code> permission on the KMS key.</p>
  *             </li>
  *             <li>
  *                <p>Use the <code>Message</code> parameter to specify the message or message digest to
@@ -42,7 +43,7 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *       then use the public key to verify the signature outside of KMS. </p>
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>
+ *         <p>
  *             <b>Cross-account use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
  *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter.</p>
  *
@@ -102,4 +103,3 @@ class SignCommand extends smithy_client_1.Command {
     }
 }
 exports.SignCommand = SignCommand;
-//# sourceMappingURL=SignCommand.js.map

package/dist-cjs/commands/TagResourceCommand.js CHANGED Viewed

@@ -14,16 +14,18 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *       The tag value can be an empty (null) string. To add a tag, specify a new tag key and a tag
  *       value. To edit a tag, specify an existing tag key and a new tag value.</p>
  *          <p>You can use this operation to tag a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed key</a>, but you cannot
- *       tag an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk">Amazon Web Services managed key</a>, an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk">Amazon Web Services owned key</a>, a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#keystore-concept">custom key store</a>, or
- *       an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#alias-concept">alias</a>.</p>
- *          <p>You can also add tags to a KMS key while creating it (<a>CreateKey</a>) or replicating it (<a>ReplicateKey</a>).</p>
+ *       tag an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk">Amazon Web Services
+ *         managed key</a>, an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk">Amazon Web Services owned key</a>, a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#keystore-concept">custom key
+ *         store</a>, or an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#alias-concept">alias</a>.</p>
+ *          <p>You can also add tags to a KMS key while creating it (<a>CreateKey</a>) or
+ *       replicating it (<a>ReplicateKey</a>).</p>
  *          <p>For information about using tags in KMS, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html">Tagging keys</a>. For general information about
  *       tags, including the format and syntax, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html">Tagging Amazon Web Services resources</a> in the <i>Amazon
  *         Web Services General Reference</i>. </p>
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: No.  You cannot perform this operation on a KMS key in a different Amazon Web Services account. </p>
+ *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. </p>
  *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:TagResource</a> (key policy)</p>
@@ -103,4 +105,3 @@ class TagResourceCommand extends smithy_client_1.Command {
     }
 }
 exports.TagResourceCommand = TagResourceCommand;
-//# sourceMappingURL=TagResourceCommand.js.map

package/dist-cjs/commands/UntagResourceCommand.js CHANGED Viewed

@@ -12,8 +12,8 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *             <p>Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/abac.html">Using ABAC in KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          </note>
  *          <p>When it succeeds, the <code>UntagResource</code> operation doesn't return any output.
- *       Also, if the specified tag key isn't found on the KMS key, it doesn't throw an exception or return
- *       a response. To confirm that the operation worked, use the <a>ListResourceTags</a> operation.</p>
+ *       Also, if the specified tag key isn't found on the KMS key, it doesn't throw an exception or
+ *       return a response. To confirm that the operation worked, use the <a>ListResourceTags</a> operation.</p>
  *
  *          <p>For information about using tags in KMS, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html">Tagging keys</a>. For general information about
  *       tags, including the format and syntax, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html">Tagging Amazon Web Services resources</a> in the <i>Amazon
@@ -21,7 +21,7 @@ const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: No.  You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
+ *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
  *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:UntagResource</a> (key policy)</p>
@@ -101,4 +101,3 @@ class UntagResourceCommand extends smithy_client_1.Command {
     }
 }
 exports.UntagResourceCommand = UntagResourceCommand;
-//# sourceMappingURL=UntagResourceCommand.js.map