@aws-sdk/client-kms 3.36.0 → 3.39.0

package/dist-types/ts3.4/commands/CreateKeyCommand.d.ts

@@ -6,153 +6,11 @@ export interface CreateKeyCommandInput extends CreateKeyRequest {
 }
 export interface CreateKeyCommandOutput extends CreateKeyResponse, __MetadataBearer {
 }
-/**
- * <p>Creates a unique customer managed <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms-keys">KMS key</a> in your Amazon Web Services account and
- *       Region.</p>
- *          <note>
- *             <p>KMS is replacing the term <i>customer master key (CMK)</i> with <i>KMS key</i> and <i>KMS key</i>. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.</p>
- *          </note>
- *
- *          <p>You can use the <code>CreateKey</code> operation to create symmetric or asymmetric KMS
- *       keys.</p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <b>Symmetric KMS keys</b> contain a 256-bit symmetric key
- *           that never leaves KMS unencrypted. To use the KMS key, you must call KMS. You can use
- *           a symmetric KMS key to encrypt and decrypt small amounts of data, but they are typically
- *           used to generate <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys">data keys</a> and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-key-pairs">data keys pairs</a>. For details,
- *           see <a>GenerateDataKey</a> and <a>GenerateDataKeyPair</a>.</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <b>Asymmetric KMS keys</b> can contain an RSA key pair or an
- *           Elliptic Curve (ECC) key pair. The private key in an asymmetric KMS key never leaves KMS
- *           unencrypted. However, you can use the <a>GetPublicKey</a> operation to download
- *           the public key so it can be used outside of KMS. KMS keys with RSA key pairs can be used
- *           to encrypt or decrypt data or sign and verify messages (but not both). KMS keys with ECC
- *           key pairs can be used only to sign and verify messages.</p>
- *             </li>
- *          </ul>
- *          <p>For information about symmetric and asymmetric KMS keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using Symmetric and Asymmetric KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *
- *
- *          <p>To create different types of KMS keys, use the following guidance:</p>
- *
- *          <dl>
- *             <dt>Asymmetric KMS keys</dt>
- *             <dd>
- *                <p>To create an asymmetric KMS key, use the <code>KeySpec</code> parameter to specify
- *             the type of key material in the KMS key. Then, use the <code>KeyUsage</code> parameter
- *             to determine whether the KMS key will be used to encrypt and decrypt or sign and verify.
- *             You can't change these properties after the KMS key is created.</p>
- *                <p> </p>
- *             </dd>
- *             <dt>Symmetric KMS keys</dt>
- *             <dd>
- *                <p>When creating a symmetric KMS key, you don't need to specify the
- *               <code>KeySpec</code> or <code>KeyUsage</code> parameters. The default value for
- *               <code>KeySpec</code>, <code>SYMMETRIC_DEFAULT</code>, and the default value for
- *               <code>KeyUsage</code>, <code>ENCRYPT_DECRYPT</code>, are the only valid values for
- *             symmetric KMS keys. </p>
- *                <p> </p>
- *             </dd>
- *             <dt>Multi-Region primary keys</dt>
- *             <dt>Imported key material</dt>
- *             <dd>
- *                <p>To create a multi-Region <i>primary key</i> in the local Amazon Web Services Region,
- *             use the <code>MultiRegion</code> parameter with a value of <code>True</code>. To create
- *             a multi-Region <i>replica key</i>, that is, a KMS key with the same key ID
- *             and key material as a primary key, but in a different Amazon Web Services Region, use the <a>ReplicateKey</a> operation. To change a replica key to a primary key, and its
- *             primary key to a replica key, use the <a>UpdatePrimaryRegion</a>
- *             operation.</p>
- *                <p>This operation supports <i>multi-Region keys</i>, an KMS feature that lets you create multiple
- *       interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key
- *       material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt
- *       it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html">Using multi-Region keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *                <p>You can create symmetric and asymmetric multi-Region keys and multi-Region keys with
- *             imported key material. You cannot create multi-Region keys in a custom key store.</p>
- *                <p> </p>
- *             </dd>
- *             <dd>
- *                <p>To import your own key material, begin by creating a symmetric KMS key with no key
- *             material. To do this, use the <code>Origin</code> parameter of <code>CreateKey</code>
- *             with a value of <code>EXTERNAL</code>. Next, use <a>GetParametersForImport</a> operation to get a public key and import token, and use the public key to encrypt
- *             your key material. Then, use <a>ImportKeyMaterial</a> with your import token
- *             to import the key material. For step-by-step instructions, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">Importing Key Material</a> in the <i>
- *                      <i>Key Management Service Developer Guide</i>
- *                   </i>. You
- *             cannot import the key material into an asymmetric KMS key.</p>
- *                <p>To create a multi-Region primary key with imported key material, use the
- *               <code>Origin</code> parameter of <code>CreateKey</code> with a value of
- *               <code>EXTERNAL</code> and the <code>MultiRegion</code> parameter with a value of
- *               <code>True</code>. To create replicas of the multi-Region primary key, use the <a>ReplicateKey</a> operation. For more information about multi-Region keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html">Using multi-Region keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *                <p> </p>
- *             </dd>
- *             <dt>Custom key store</dt>
- *             <dd>
- *                <p>To create a symmetric KMS key in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>, use the
- *               <code>CustomKeyStoreId</code> parameter to specify the custom key store. You must also
- *             use the <code>Origin</code> parameter with a value of <code>AWS_CLOUDHSM</code>. The
- *             CloudHSM cluster that is associated with the custom key store must have at least two active
- *             HSMs in different Availability Zones in the Amazon Web Services Region. </p>
- *                <p>You cannot create an asymmetric KMS key in a custom key store. For information about
- *             custom key stores in KMS see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">Using Custom Key Stores</a> in
- *             the <i>
- *                      <i>Key Management Service Developer Guide</i>
- *                   </i>.</p>
- *             </dd>
- *          </dl>
- *          <p>
- *             <b>Cross-account use</b>: No. You cannot use this operation to
- *       create a KMS key in a different Amazon Web Services account.</p>
- *
- *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:CreateKey</a> (IAM policy). To use the
- *         <code>Tags</code> parameter, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:TagResource</a> (IAM policy). For examples and information about related
- *       permissions, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policy-example-create-key">Allow a user to create
- *         KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>DescribeKey</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>ListKeys</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>ScheduleKeyDeletion</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, CreateKeyCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, CreateKeyCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new CreateKeyCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link CreateKeyCommandInput} for command's `input` shape.
- * @see {@link CreateKeyCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
+
 export declare class CreateKeyCommand extends $Command<CreateKeyCommandInput, CreateKeyCommandOutput, KMSClientResolvedConfig> {
     readonly input: CreateKeyCommandInput;
     constructor(input: CreateKeyCommandInput);
-    /**
-     * @internal
-     */
+    
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: KMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<CreateKeyCommandInput, CreateKeyCommandOutput>;
     private serialize;
     private deserialize;

package/dist-types/ts3.4/commands/DecryptCommand.d.ts

@@ -6,117 +6,11 @@ export interface DecryptCommandInput extends DecryptRequest {
 }
 export interface DecryptCommandOutput extends DecryptResponse, __MetadataBearer {
 }
-/**
- * <p>Decrypts ciphertext that was encrypted by a KMS key using any of the following
- *       operations:</p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>Encrypt</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKey</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKeyPair</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKeyWithoutPlaintext</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKeyPairWithoutPlaintext</a>
- *                </p>
- *             </li>
- *          </ul>
- *          <p>You can use this operation to decrypt ciphertext that was encrypted under a symmetric or
- *       asymmetric KMS key. When the KMS key is asymmetric, you must specify the KMS key and the
- *       encryption algorithm that was used to encrypt the ciphertext. For information about symmetric and asymmetric KMS keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using Symmetric and Asymmetric KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>The Decrypt operation also decrypts ciphertext that was encrypted outside of KMS by the
- *       public key in an KMS asymmetric KMS key. However, it cannot decrypt ciphertext produced by
- *       other libraries, such as the <a href="https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/">Amazon Web Services
- *         Encryption SDK</a> or <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html">Amazon S3 client-side encryption</a>.
- *       These libraries return a ciphertext format that is incompatible with KMS.</p>
- *          <p>If the ciphertext was encrypted under a symmetric KMS key, the <code>KeyId</code>
- *       parameter is optional. KMS can get this information from metadata that it adds to the
- *       symmetric ciphertext blob. This feature adds durability to your implementation by ensuring
- *       that authorized users can decrypt ciphertext decades after it was encrypted, even if they've
- *       lost track of the key ID. However, specifying the KMS key is always recommended as a best
- *       practice. When you use the <code>KeyId</code> parameter to specify a KMS key, KMS only uses
- *       the KMS key you specify. If the ciphertext was encrypted under a different KMS key, the
- *         <code>Decrypt</code> operation fails. This practice ensures that you use the KMS key that
- *       you intend.</p>
- *          <p>Whenever possible, use key policies to give users permission to call the
- *         <code>Decrypt</code> operation on a particular KMS key, instead of using IAM policies.
- *       Otherwise, you might create an IAM user policy that gives the user <code>Decrypt</code>
- *       permission on all KMS keys. This user could decrypt ciphertext that was encrypted by KMS keys
- *       in other accounts if the key policy for the cross-account KMS key permits it. If you must use
- *       an IAM policy for <code>Decrypt</code> permissions, limit the user to particular KMS keys or
- *       particular trusted accounts. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policies-best-practices">Best practices for IAM
- *         policies</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>Applications in Amazon Web Services Nitro Enclaves can call this operation by using the <a href="https://github.com/aws/aws-nitro-enclaves-sdk-c">Amazon Web Services Nitro Enclaves Development Kit</a>. For information about the supporting parameters, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html">How Amazon Web Services Nitro Enclaves use KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>The KMS key that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>
- *             <b>Cross-account
- *         use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
- *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter. </p>
- *
- *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:Decrypt</a> (key policy)</p>
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>Encrypt</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKey</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKeyPair</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>ReEncrypt</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, DecryptCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, DecryptCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new DecryptCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link DecryptCommandInput} for command's `input` shape.
- * @see {@link DecryptCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
+
 export declare class DecryptCommand extends $Command<DecryptCommandInput, DecryptCommandOutput, KMSClientResolvedConfig> {
     readonly input: DecryptCommandInput;
     constructor(input: DecryptCommandInput);
-    /**
-     * @internal
-     */
+    
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: KMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<DecryptCommandInput, DecryptCommandOutput>;
     private serialize;
     private deserialize;

package/dist-types/ts3.4/commands/DeleteAliasCommand.d.ts

@@ -6,76 +6,11 @@ export interface DeleteAliasCommandInput extends DeleteAliasRequest {
 }
 export interface DeleteAliasCommandOutput extends __MetadataBearer {
 }
-/**
- * <p>Deletes the specified alias. </p>
- *          <note>
- *             <p>Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/abac.html">Using ABAC in KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          </note>
- *          <p>Because an alias is not a property of a KMS key, you can delete and change the aliases of
- *       a KMS key without affecting the KMS key. Also, aliases do not appear in the response from the
- *         <a>DescribeKey</a> operation. To get the aliases of all KMS keys, use the <a>ListAliases</a> operation. </p>
- *          <p>Each KMS key can have multiple aliases. To change the alias of a KMS key, use <a>DeleteAlias</a> to delete the current alias and <a>CreateAlias</a> to
- *       create a new alias. To associate an existing alias with a different KMS key, call <a>UpdateAlias</a>.</p>
- *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on an alias in a different Amazon Web Services account.</p>
- *          <p>
- *             <b>Required permissions</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:DeleteAlias</a> on
- *           the alias (IAM policy).</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:DeleteAlias</a> on
- *           the KMS key (key policy).</p>
- *             </li>
- *          </ul>
- *          <p>For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access">Controlling access to aliases</a> in the
- *       <i>Key Management Service Developer Guide</i>.</p>
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>CreateAlias</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>ListAliases</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>UpdateAlias</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, DeleteAliasCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, DeleteAliasCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new DeleteAliasCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link DeleteAliasCommandInput} for command's `input` shape.
- * @see {@link DeleteAliasCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
+
 export declare class DeleteAliasCommand extends $Command<DeleteAliasCommandInput, DeleteAliasCommandOutput, KMSClientResolvedConfig> {
     readonly input: DeleteAliasCommandInput;
     constructor(input: DeleteAliasCommandInput);
-    /**
-     * @internal
-     */
+    
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: KMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<DeleteAliasCommandInput, DeleteAliasCommandOutput>;
     private serialize;
     private deserialize;

package/dist-types/ts3.4/commands/DeleteCustomKeyStoreCommand.d.ts

@@ -6,83 +6,11 @@ export interface DeleteCustomKeyStoreCommandInput extends DeleteCustomKeyStoreRe
 }
 export interface DeleteCustomKeyStoreCommandOutput extends DeleteCustomKeyStoreResponse, __MetadataBearer {
 }
-/**
- * <p>Deletes a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>. This operation does not delete the CloudHSM cluster that is
- *       associated with the custom key store, or affect any users or keys in the cluster.</p>
- *          <p>The custom key store that you delete cannot contain any KMS <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys">KMS keys</a>. Before deleting the key store,
- *       verify that you will never need to use any of the KMS keys in the key store for any
- *       <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic operations</a>. Then, use <a>ScheduleKeyDeletion</a> to delete the KMS keys from the
- *       key store. When the scheduled waiting period expires, the <code>ScheduleKeyDeletion</code>
- *       operation deletes the KMS keys. Then it makes a best effort to delete the key material from
- *       the associated cluster. However, you might need to manually <a href="https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key">delete the orphaned key
- *         material</a> from the cluster and its backups.</p>
- *          <p>After all KMS keys are deleted from KMS, use <a>DisconnectCustomKeyStore</a>
- *       to disconnect the key store from KMS. Then, you can delete the custom key store.</p>
- *          <p>Instead of deleting the custom key store, consider using <a>DisconnectCustomKeyStore</a> to disconnect it from KMS. While the key store is
- *       disconnected, you cannot create or use the KMS keys in the key store. But, you do not need to
- *       delete KMS keys and you can reconnect a disconnected custom key store at any time.</p>
- *          <p>If the operation succeeds, it returns a JSON object with no
- * properties.</p>
- *          <p>This operation is part of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">Custom Key Store feature</a> feature in KMS, which
- * combines the convenience and extensive integration of KMS with the isolation and control of a
- * single-tenant key store.</p>
- *          <p>
- *             <b>Cross-account use</b>: No.
- *       You cannot perform this operation on a custom key store in a different Amazon Web Services account.</p>
- *
- *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:DeleteCustomKeyStore</a> (IAM policy)</p>
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>ConnectCustomKeyStore</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>CreateCustomKeyStore</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>DescribeCustomKeyStores</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>DisconnectCustomKeyStore</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>UpdateCustomKeyStore</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, DeleteCustomKeyStoreCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, DeleteCustomKeyStoreCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new DeleteCustomKeyStoreCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link DeleteCustomKeyStoreCommandInput} for command's `input` shape.
- * @see {@link DeleteCustomKeyStoreCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
+
 export declare class DeleteCustomKeyStoreCommand extends $Command<DeleteCustomKeyStoreCommandInput, DeleteCustomKeyStoreCommandOutput, KMSClientResolvedConfig> {
     readonly input: DeleteCustomKeyStoreCommandInput;
     constructor(input: DeleteCustomKeyStoreCommandInput);
-    /**
-     * @internal
-     */
+    
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: KMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<DeleteCustomKeyStoreCommandInput, DeleteCustomKeyStoreCommandOutput>;
     private serialize;
     private deserialize;

package/dist-types/ts3.4/commands/DeleteImportedKeyMaterialCommand.d.ts

@@ -6,58 +6,11 @@ export interface DeleteImportedKeyMaterialCommandInput extends DeleteImportedKey
 }
 export interface DeleteImportedKeyMaterialCommandOutput extends __MetadataBearer {
 }
-/**
- * <p>Deletes key material that you previously imported. This operation makes the specified KMS
- *       key unusable. For more information about importing key material into KMS, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">Importing Key Material</a>
- *       in the <i>Key Management Service Developer Guide</i>. </p>
- *          <p>When the specified KMS key is in the <code>PendingDeletion</code> state, this operation
- *       does not change the KMS key's state. Otherwise, it changes the KMS key's state to
- *         <code>PendingImport</code>.</p>
- *          <p>After you delete key material, you can use <a>ImportKeyMaterial</a> to reimport
- *       the same key material into the KMS key.</p>
- *          <p>The KMS key that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
- *
- *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:DeleteImportedKeyMaterial</a> (key policy)</p>
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>GetParametersForImport</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>ImportKeyMaterial</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, DeleteImportedKeyMaterialCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, DeleteImportedKeyMaterialCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new DeleteImportedKeyMaterialCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link DeleteImportedKeyMaterialCommandInput} for command's `input` shape.
- * @see {@link DeleteImportedKeyMaterialCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
+
 export declare class DeleteImportedKeyMaterialCommand extends $Command<DeleteImportedKeyMaterialCommandInput, DeleteImportedKeyMaterialCommandOutput, KMSClientResolvedConfig> {
     readonly input: DeleteImportedKeyMaterialCommandInput;
     constructor(input: DeleteImportedKeyMaterialCommandInput);
-    /**
-     * @internal
-     */
+    
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: KMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<DeleteImportedKeyMaterialCommandInput, DeleteImportedKeyMaterialCommandOutput>;
     private serialize;
     private deserialize;

package/dist-types/ts3.4/commands/DescribeCustomKeyStoresCommand.d.ts

@@ -6,82 +6,11 @@ export interface DescribeCustomKeyStoresCommandInput extends DescribeCustomKeySt
 }
 export interface DescribeCustomKeyStoresCommandOutput extends DescribeCustomKeyStoresResponse, __MetadataBearer {
 }
-/**
- * <p>Gets information about <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key stores</a> in the account and Region.</p>
- *          <p>This operation is part of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">Custom Key Store feature</a> feature in KMS, which
- * combines the convenience and extensive integration of KMS with the isolation and control of a
- * single-tenant key store.</p>
- *          <p>By default, this operation returns information about all custom key
- *       stores in the account and Region. To get only information about a particular custom key store,
- *       use either the <code>CustomKeyStoreName</code> or <code>CustomKeyStoreId</code> parameter (but
- *       not both).</p>
- *          <p>To determine whether the custom key store is connected to its CloudHSM cluster, use the
- *         <code>ConnectionState</code> element in the response. If an attempt to connect the custom
- *       key store failed, the <code>ConnectionState</code> value is <code>FAILED</code> and the
- *         <code>ConnectionErrorCode</code> element in the response indicates the cause of the failure.
- *       For help interpreting the <code>ConnectionErrorCode</code>, see <a>CustomKeyStoresListEntry</a>.</p>
- *          <p>Custom key stores have a <code>DISCONNECTED</code> connection state if the key store has
- *       never been connected or you use the <a>DisconnectCustomKeyStore</a> operation to
- *       disconnect it. If your custom key store state is <code>CONNECTED</code> but you are having
- *       trouble using it, make sure that its associated CloudHSM cluster is active and contains the
- *       minimum number of HSMs required for the operation, if any.</p>
- *          <p> For help repairing your custom key store, see the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html">Troubleshooting Custom Key Stores</a> topic in the
- *       <i>Key Management Service Developer Guide</i>.</p>
- *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.</p>
- *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:DescribeCustomKeyStores</a> (IAM policy)</p>
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>ConnectCustomKeyStore</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>CreateCustomKeyStore</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>DeleteCustomKeyStore</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>DisconnectCustomKeyStore</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>UpdateCustomKeyStore</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, DescribeCustomKeyStoresCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, DescribeCustomKeyStoresCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new DescribeCustomKeyStoresCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link DescribeCustomKeyStoresCommandInput} for command's `input` shape.
- * @see {@link DescribeCustomKeyStoresCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
+
 export declare class DescribeCustomKeyStoresCommand extends $Command<DescribeCustomKeyStoresCommandInput, DescribeCustomKeyStoresCommandOutput, KMSClientResolvedConfig> {
     readonly input: DescribeCustomKeyStoresCommandInput;
     constructor(input: DescribeCustomKeyStoresCommandInput);
-    /**
-     * @internal
-     */
+    
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: KMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<DescribeCustomKeyStoresCommandInput, DescribeCustomKeyStoresCommandOutput>;
     private serialize;
     private deserialize;