@aws-sdk/client-kms 3.36.0 → 3.39.0

package/dist-types/ts3.4/commands/GenerateDataKeyCommand.d.ts

@@ -6,126 +6,11 @@ export interface GenerateDataKeyCommandInput extends GenerateDataKeyRequest {
 }
 export interface GenerateDataKeyCommandOutput extends GenerateDataKeyResponse, __MetadataBearer {
 }
-/**
- * <p>Generates a unique symmetric data key for client-side encryption. This operation returns a
- *       plaintext copy of the data key and a copy that is encrypted under a KMS key that you specify.
- *       You can use the plaintext key to encrypt your data outside of KMS and store the encrypted
- *       data key with the encrypted data.</p>
- *
- *          <p>
- *             <code>GenerateDataKey</code> returns a unique data key for each request. The bytes in the
- *       plaintext key are not related to the caller or the KMS key.</p>
- *
- *          <p>To generate a data key, specify the symmetric KMS key that will be used to encrypt the
- *       data key. You cannot use an asymmetric KMS key to generate data keys. To get the type of your
- *       KMS key, use the <a>DescribeKey</a> operation. You must also specify the length of
- *       the data key. Use either the <code>KeySpec</code> or <code>NumberOfBytes</code> parameters
- *       (but not both). For 128-bit and 256-bit data keys, use the <code>KeySpec</code> parameter. </p>
- *
- *          <p>To get only an encrypted copy of the data key, use <a>GenerateDataKeyWithoutPlaintext</a>. To generate an asymmetric data key pair, use
- *       the <a>GenerateDataKeyPair</a> or <a>GenerateDataKeyPairWithoutPlaintext</a> operation. To get a cryptographically secure
- *       random byte string, use <a>GenerateRandom</a>.</p>
- *
- *          <p>You can use the optional encryption context to add additional security to the encryption
- *       operation. If you specify an <code>EncryptionContext</code>, you must specify the same
- *       encryption context (a case-sensitive exact match) when decrypting the encrypted data key.
- *       Otherwise, the request to decrypt fails with an <code>InvalidCiphertextException</code>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption Context</a> in the
- *       <i>Key Management Service Developer Guide</i>.</p>
- *          <p>Applications in Amazon Web Services Nitro Enclaves can call this operation by using the <a href="https://github.com/aws/aws-nitro-enclaves-sdk-c">Amazon Web Services Nitro Enclaves Development Kit</a>. For information about the supporting parameters, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html">How Amazon Web Services Nitro Enclaves use KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>The KMS key that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>
- *             <b>How to use your data
- *         key</b>
- *          </p>
- *          <p>We recommend that you use the following pattern to encrypt data locally in your
- *       application. You can write your own code or use a client-side encryption library, such as the
- *         <a href="https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/">Amazon Web Services Encryption SDK</a>, the
- *         <a href="https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/">Amazon DynamoDB Encryption Client</a>,
- *       or <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html">Amazon S3
- *         client-side encryption</a> to do these tasks for you.</p>
- *          <p>To encrypt data outside of KMS:</p>
- *          <ol>
- *             <li>
- *                <p>Use the <code>GenerateDataKey</code> operation to get a data key.</p>
- *             </li>
- *             <li>
- *                <p>Use the plaintext data key (in the <code>Plaintext</code> field of the response) to
- *           encrypt your data outside of KMS. Then erase the plaintext data key from memory.</p>
- *             </li>
- *             <li>
- *                <p>Store the encrypted data key (in the <code>CiphertextBlob</code> field of the
- *           response) with the encrypted data.</p>
- *             </li>
- *          </ol>
- *          <p>To decrypt data outside of KMS:</p>
- *          <ol>
- *             <li>
- *                <p>Use the <a>Decrypt</a> operation to decrypt the encrypted data key. The
- *           operation returns a plaintext copy of the data key.</p>
- *             </li>
- *             <li>
- *                <p>Use the plaintext data key to decrypt data outside of KMS, then erase the plaintext
- *           data key from memory.</p>
- *             </li>
- *          </ol>
- *          <p>
- *             <b>Cross-account use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
- *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter.</p>
- *
- *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:GenerateDataKey</a> (key policy)</p>
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>Decrypt</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>Encrypt</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKeyPair</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKeyPairWithoutPlaintext</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKeyWithoutPlaintext</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, GenerateDataKeyCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, GenerateDataKeyCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new GenerateDataKeyCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link GenerateDataKeyCommandInput} for command's `input` shape.
- * @see {@link GenerateDataKeyCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
+
 export declare class GenerateDataKeyCommand extends $Command<GenerateDataKeyCommandInput, GenerateDataKeyCommandOutput, KMSClientResolvedConfig> {
     readonly input: GenerateDataKeyCommandInput;
     constructor(input: GenerateDataKeyCommandInput);
-    /**
-     * @internal
-     */
+    
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: KMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<GenerateDataKeyCommandInput, GenerateDataKeyCommandOutput>;
     private serialize;
     private deserialize;

package/dist-types/ts3.4/commands/GenerateDataKeyPairCommand.d.ts

@@ -6,105 +6,11 @@ export interface GenerateDataKeyPairCommandInput extends GenerateDataKeyPairRequ
 }
 export interface GenerateDataKeyPairCommandOutput extends GenerateDataKeyPairResponse, __MetadataBearer {
 }
-/**
- * <p>Generates a unique asymmetric data key pair. The <code>GenerateDataKeyPair</code>
- *       operation returns a plaintext public key, a plaintext private key, and a copy of the private
- *       key that is encrypted under the symmetric KMS key you specify. You can use the data key pair
- *       to perform asymmetric cryptography and implement digital signatures outside of KMS.</p>
- *
- *          <p>You can use the public key that <code>GenerateDataKeyPair</code> returns to encrypt data
- *       or verify a signature outside of KMS. Then, store the encrypted private key with the data.
- *       When you are ready to decrypt data or sign a message, you can use the <a>Decrypt</a> operation to decrypt the encrypted private key.</p>
- *
- *          <p>To generate a data key pair, you must specify a symmetric KMS key to encrypt the private
- *       key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a custom key
- *       store. To get the type and origin of your KMS key, use the <a>DescribeKey</a>
- *       operation. </p>
- *          <p>Use the <code>KeyPairSpec</code> parameter to choose an RSA or Elliptic Curve (ECC) data
- *       key pair. KMS recommends that your use ECC key pairs for signing, and use RSA key pairs for
- *       either encryption or signing, but not both. However, KMS cannot enforce any restrictions on
- *       the use of data key pairs outside of KMS.</p>
- *
- *          <p>If you are using the data key pair to encrypt data, or for any operation where you don't
- *       immediately need a private key, consider using the <a>GenerateDataKeyPairWithoutPlaintext</a> operation.
- *         <code>GenerateDataKeyPairWithoutPlaintext</code> returns a plaintext public key and an
- *       encrypted private key, but omits the plaintext private key that you need only to decrypt
- *       ciphertext or sign a message. Later, when you need to decrypt the data or sign a message, use
- *       the <a>Decrypt</a> operation to decrypt the encrypted private key in the data key
- *       pair.</p>
- *
- *          <p>
- *             <code>GenerateDataKeyPair</code> returns a unique data key pair for each request. The
- *       bytes in the keys are not related to the caller or the KMS key that is used to encrypt the
- *       private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in
- *         <a href="https://tools.ietf.org/html/rfc5280">RFC 5280</a>. The private key is a
- *       DER-encoded PKCS8 PrivateKeyInfo, as specified in <a href="https://tools.ietf.org/html/rfc5958">RFC 5958</a>.</p>
- *
- *          <p>You can use the optional encryption context to add additional security to the encryption
- *       operation. If you specify an <code>EncryptionContext</code>, you must specify the same
- *       encryption context (a case-sensitive exact match) when decrypting the encrypted data key.
- *       Otherwise, the request to decrypt fails with an <code>InvalidCiphertextException</code>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption Context</a> in the
- *       <i>Key Management Service Developer Guide</i>.</p>
- *          <p>The KMS key that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>
- *             <b>Cross-account
- *         use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
- *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter.</p>
- *
- *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:GenerateDataKeyPair</a> (key policy)</p>
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>Decrypt</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>Encrypt</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKey</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKeyPairWithoutPlaintext</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKeyWithoutPlaintext</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, GenerateDataKeyPairCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, GenerateDataKeyPairCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new GenerateDataKeyPairCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link GenerateDataKeyPairCommandInput} for command's `input` shape.
- * @see {@link GenerateDataKeyPairCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
+
 export declare class GenerateDataKeyPairCommand extends $Command<GenerateDataKeyPairCommandInput, GenerateDataKeyPairCommandOutput, KMSClientResolvedConfig> {
     readonly input: GenerateDataKeyPairCommandInput;
     constructor(input: GenerateDataKeyPairCommandInput);
-    /**
-     * @internal
-     */
+    
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: KMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<GenerateDataKeyPairCommandInput, GenerateDataKeyPairCommandOutput>;
     private serialize;
     private deserialize;

package/dist-types/ts3.4/commands/GenerateDataKeyPairWithoutPlaintextCommand.d.ts

@@ -6,95 +6,11 @@ export interface GenerateDataKeyPairWithoutPlaintextCommandInput extends Generat
 }
 export interface GenerateDataKeyPairWithoutPlaintextCommandOutput extends GenerateDataKeyPairWithoutPlaintextResponse, __MetadataBearer {
 }
-/**
- * <p>Generates a unique asymmetric data key pair. The
- *         <code>GenerateDataKeyPairWithoutPlaintext</code> operation returns a plaintext public key
- *       and a copy of the private key that is encrypted under the symmetric KMS key you specify.
- *       Unlike <a>GenerateDataKeyPair</a>, this operation does not return a plaintext
- *       private key. </p>
- *          <p>You can use the public key that <code>GenerateDataKeyPairWithoutPlaintext</code> returns
- *       to encrypt data or verify a signature outside of KMS. Then, store the encrypted private key
- *       with the data. When you are ready to decrypt data or sign a message, you can use the <a>Decrypt</a> operation to decrypt the encrypted private key.</p>
- *          <p>To generate a data key pair, you must specify a symmetric KMS key to encrypt the private
- *       key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a custom key
- *       store. To get the type and origin of your KMS key, use the <a>DescribeKey</a>
- *       operation. </p>
- *          <p>Use the <code>KeyPairSpec</code> parameter to choose an RSA or Elliptic Curve (ECC) data
- *       key pair. KMS recommends that your use ECC key pairs for signing, and use RSA key pairs for
- *       either encryption or signing, but not both. However, KMS cannot enforce any restrictions on
- *       the use of data key pairs outside of KMS.</p>
- *          <p>
- *             <code>GenerateDataKeyPairWithoutPlaintext</code> returns a unique data key pair for each
- *       request. The bytes in the key are not related to the caller or KMS key that is used to encrypt
- *       the private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in
- *         <a href="https://tools.ietf.org/html/rfc5280">RFC 5280</a>.</p>
- *
- *          <p>You can use the optional encryption context to add additional security to the encryption
- *       operation. If you specify an <code>EncryptionContext</code>, you must specify the same
- *       encryption context (a case-sensitive exact match) when decrypting the encrypted data key.
- *       Otherwise, the request to decrypt fails with an <code>InvalidCiphertextException</code>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption Context</a> in the
- *       <i>Key Management Service Developer Guide</i>.</p>
- *          <p>The KMS key that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>
- *             <b>Cross-account
- *         use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
- *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter.</p>
- *
- *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:GenerateDataKeyPairWithoutPlaintext</a> (key
- *       policy)</p>
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>Decrypt</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>Encrypt</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKey</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKeyPair</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKeyWithoutPlaintext</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, GenerateDataKeyPairWithoutPlaintextCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, GenerateDataKeyPairWithoutPlaintextCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new GenerateDataKeyPairWithoutPlaintextCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link GenerateDataKeyPairWithoutPlaintextCommandInput} for command's `input` shape.
- * @see {@link GenerateDataKeyPairWithoutPlaintextCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
+
 export declare class GenerateDataKeyPairWithoutPlaintextCommand extends $Command<GenerateDataKeyPairWithoutPlaintextCommandInput, GenerateDataKeyPairWithoutPlaintextCommandOutput, KMSClientResolvedConfig> {
     readonly input: GenerateDataKeyPairWithoutPlaintextCommandInput;
     constructor(input: GenerateDataKeyPairWithoutPlaintextCommandInput);
-    /**
-     * @internal
-     */
+    
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: KMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<GenerateDataKeyPairWithoutPlaintextCommandInput, GenerateDataKeyPairWithoutPlaintextCommandOutput>;
     private serialize;
     private deserialize;

package/dist-types/ts3.4/commands/GenerateDataKeyWithoutPlaintextCommand.d.ts

@@ -6,100 +6,11 @@ export interface GenerateDataKeyWithoutPlaintextCommandInput extends GenerateDat
 }
 export interface GenerateDataKeyWithoutPlaintextCommandOutput extends GenerateDataKeyWithoutPlaintextResponse, __MetadataBearer {
 }
-/**
- * <p>Generates a unique symmetric data key. This operation returns a data key that is encrypted
- *       under a KMS key that you specify. To request an asymmetric data key pair, use the <a>GenerateDataKeyPair</a> or <a>GenerateDataKeyPairWithoutPlaintext</a>
- *       operations.</p>
- *          <p>
- *             <code>GenerateDataKeyWithoutPlaintext</code> is identical to the <a>GenerateDataKey</a> operation except that returns only the encrypted copy of the
- *       data key. This operation is useful for systems that need to encrypt data at some point, but
- *       not immediately. When you need to encrypt the data, you call the <a>Decrypt</a>
- *       operation on the encrypted copy of the key. </p>
- *          <p>It's also useful in distributed systems with different levels of trust. For example, you
- *       might store encrypted data in containers. One component of your system creates new containers
- *       and stores an encrypted data key with each container. Then, a different component puts the
- *       data into the containers. That component first decrypts the data key, uses the plaintext data
- *       key to encrypt data, puts the encrypted data into the container, and then destroys the
- *       plaintext data key. In this system, the component that creates the containers never sees the
- *       plaintext data key.</p>
- *          <p>
- *             <code>GenerateDataKeyWithoutPlaintext</code> returns a unique data key for each request.
- *       The bytes in the keys are not related to the caller or KMS key that is used to encrypt the
- *       private key.</p>
- *
- *          <p>To generate a data key, you must specify the symmetric KMS key that is used to encrypt the
- *       data key. You cannot use an asymmetric KMS key to generate a data key. To get the type of your
- *       KMS key, use the <a>DescribeKey</a> operation.</p>
- *
- *          <p>If the operation succeeds, you will find the encrypted copy of the data key in the
- *         <code>CiphertextBlob</code> field.</p>
- *
- *          <p>You can use the optional encryption context to add additional security to the encryption
- *       operation. If you specify an <code>EncryptionContext</code>, you must specify the same
- *       encryption context (a case-sensitive exact match) when decrypting the encrypted data key.
- *       Otherwise, the request to decrypt fails with an <code>InvalidCiphertextException</code>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption Context</a> in the
- *       <i>Key Management Service Developer Guide</i>.</p>
- *          <p>The KMS key that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>
- *             <b>Cross-account
- *         use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
- *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter.</p>
- *
- *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:GenerateDataKeyWithoutPlaintext</a> (key
- *       policy)</p>
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>Decrypt</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>Encrypt</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKey</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKeyPair</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKeyPairWithoutPlaintext</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, GenerateDataKeyWithoutPlaintextCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, GenerateDataKeyWithoutPlaintextCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new GenerateDataKeyWithoutPlaintextCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link GenerateDataKeyWithoutPlaintextCommandInput} for command's `input` shape.
- * @see {@link GenerateDataKeyWithoutPlaintextCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
+
 export declare class GenerateDataKeyWithoutPlaintextCommand extends $Command<GenerateDataKeyWithoutPlaintextCommandInput, GenerateDataKeyWithoutPlaintextCommandOutput, KMSClientResolvedConfig> {
     readonly input: GenerateDataKeyWithoutPlaintextCommandInput;
     constructor(input: GenerateDataKeyWithoutPlaintextCommandInput);
-    /**
-     * @internal
-     */
+    
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: KMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<GenerateDataKeyWithoutPlaintextCommandInput, GenerateDataKeyWithoutPlaintextCommandOutput>;
     private serialize;
     private deserialize;

package/dist-types/ts3.4/commands/GenerateRandomCommand.d.ts

@@ -6,38 +6,11 @@ export interface GenerateRandomCommandInput extends GenerateRandomRequest {
 }
 export interface GenerateRandomCommandOutput extends GenerateRandomResponse, __MetadataBearer {
 }
-/**
- * <p>Returns a random byte string that is cryptographically secure.</p>
- *          <p>By default, the random byte string is generated in KMS. To generate the byte string in
- *       the CloudHSM cluster that is associated with a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>, specify the custom key store
- *       ID.</p>
- *          <p>Applications in Amazon Web Services Nitro Enclaves can call this operation by using the <a href="https://github.com/aws/aws-nitro-enclaves-sdk-c">Amazon Web Services Nitro Enclaves Development Kit</a>. For information about the supporting parameters, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html">How Amazon Web Services Nitro Enclaves use KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>For more information about entropy and random number generation, see
- *       <a href="https://docs.aws.amazon.com/kms/latest/cryptographic-details/">Key Management Service Cryptographic Details</a>.</p>
- *
- *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:GenerateRandom</a> (IAM policy)</p>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, GenerateRandomCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, GenerateRandomCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new GenerateRandomCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link GenerateRandomCommandInput} for command's `input` shape.
- * @see {@link GenerateRandomCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
+
 export declare class GenerateRandomCommand extends $Command<GenerateRandomCommandInput, GenerateRandomCommandOutput, KMSClientResolvedConfig> {
     readonly input: GenerateRandomCommandInput;
     constructor(input: GenerateRandomCommandInput);
-    /**
-     * @internal
-     */
+    
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: KMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<GenerateRandomCommandInput, GenerateRandomCommandOutput>;
     private serialize;
     private deserialize;

package/dist-types/ts3.4/commands/GetKeyPolicyCommand.d.ts

@@ -6,37 +6,11 @@ export interface GetKeyPolicyCommandInput extends GetKeyPolicyRequest {
 }
 export interface GetKeyPolicyCommandOutput extends GetKeyPolicyResponse, __MetadataBearer {
 }
-/**
- * <p>Gets a key policy attached to the specified KMS key.</p>
- *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
- *
- *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:GetKeyPolicy</a> (key policy)</p>
- *          <p>
- *             <b>Related operations</b>: <a>PutKeyPolicy</a>
- *          </p>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, GetKeyPolicyCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, GetKeyPolicyCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new GetKeyPolicyCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link GetKeyPolicyCommandInput} for command's `input` shape.
- * @see {@link GetKeyPolicyCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
+
 export declare class GetKeyPolicyCommand extends $Command<GetKeyPolicyCommandInput, GetKeyPolicyCommandOutput, KMSClientResolvedConfig> {
     readonly input: GetKeyPolicyCommandInput;
     constructor(input: GetKeyPolicyCommandInput);
-    /**
-     * @internal
-     */
+    
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: KMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<GetKeyPolicyCommandInput, GetKeyPolicyCommandOutput>;
     private serialize;
     private deserialize;

package/dist-types/ts3.4/commands/GetKeyRotationStatusCommand.d.ts

@@ -6,66 +6,11 @@ export interface GetKeyRotationStatusCommandInput extends GetKeyRotationStatusRe
 }
 export interface GetKeyRotationStatusCommandOutput extends GetKeyRotationStatusResponse, __MetadataBearer {
 }
-/**
- * <p>Gets a Boolean value that indicates whether <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html">automatic rotation of the key material</a> is
- *       enabled for the specified KMS key.</p>
- *          <p>You cannot enable automatic rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks">asymmetric KMS keys</a>, KMS keys with <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">imported key material</a>, or KMS keys in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>. To enable or disable automatic rotation of a set of related <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#mrk-replica-key">multi-Region keys</a>, set the property on the primary key. The key rotation status for these KMS keys is always
- *       <code>false</code>.</p>
- *          <p>The KMS key that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <ul>
- *             <li>
- *                <p>Disabled: The key rotation status does not change when you disable a KMS key. However,
- *           while the KMS key is disabled, KMS does not rotate the key material.</p>
- *             </li>
- *             <li>
- *                <p>Pending deletion: While a KMS key is pending deletion, its key rotation status is
- *             <code>false</code> and KMS does not rotate the key material. If you cancel the
- *           deletion, the original key rotation status is restored.</p>
- *             </li>
- *          </ul>
- *          <p>
- *             <b>Cross-account use</b>: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key
- *   ARN in the value of the <code>KeyId</code> parameter.</p>
- *
- *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:GetKeyRotationStatus</a> (key policy)</p>
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>DisableKeyRotation</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>EnableKeyRotation</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, GetKeyRotationStatusCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, GetKeyRotationStatusCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new GetKeyRotationStatusCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link GetKeyRotationStatusCommandInput} for command's `input` shape.
- * @see {@link GetKeyRotationStatusCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
+
 export declare class GetKeyRotationStatusCommand extends $Command<GetKeyRotationStatusCommandInput, GetKeyRotationStatusCommandOutput, KMSClientResolvedConfig> {
     readonly input: GetKeyRotationStatusCommandInput;
     constructor(input: GetKeyRotationStatusCommandInput);
-    /**
-     * @internal
-     */
+    
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: KMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<GetKeyRotationStatusCommandInput, GetKeyRotationStatusCommandOutput>;
     private serialize;
     private deserialize;