@aws-sdk/client-kms 3.36.0 → 3.39.0

package/dist-types/ts3.4/commands/PutKeyPolicyCommand.d.ts

@@ -6,42 +6,11 @@ export interface PutKeyPolicyCommandInput extends PutKeyPolicyRequest {
 }
 export interface PutKeyPolicyCommandOutput extends __MetadataBearer {
 }
-/**
- * <p>Attaches a key policy to the specified KMS key. </p>
- *          <p>For more information about key policies, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html">Key Policies</a> in the <i>Key Management Service Developer Guide</i>.
- *       For help writing and formatting a JSON policy document, see the <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html">IAM JSON Policy Reference</a> in the <i>
- *                <i>Identity and Access Management User Guide</i>
- *             </i>. For examples of adding a key policy in multiple programming languages,
- *       see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-key-policies.html#put-policy">Setting a key policy</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
- *
- *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:PutKeyPolicy</a> (key policy)</p>
- *          <p>
- *             <b>Related operations</b>: <a>GetKeyPolicy</a>
- *          </p>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, PutKeyPolicyCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, PutKeyPolicyCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new PutKeyPolicyCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link PutKeyPolicyCommandInput} for command's `input` shape.
- * @see {@link PutKeyPolicyCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
+
 export declare class PutKeyPolicyCommand extends $Command<PutKeyPolicyCommandInput, PutKeyPolicyCommandOutput, KMSClientResolvedConfig> {
     readonly input: PutKeyPolicyCommandInput;
     constructor(input: PutKeyPolicyCommandInput);
-    /**
-     * @internal
-     */
+    
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: KMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<PutKeyPolicyCommandInput, PutKeyPolicyCommandOutput>;
     private serialize;
     private deserialize;

package/dist-types/ts3.4/commands/ReEncryptCommand.d.ts

@@ -6,127 +6,11 @@ export interface ReEncryptCommandInput extends ReEncryptRequest {
 }
 export interface ReEncryptCommandOutput extends ReEncryptResponse, __MetadataBearer {
 }
-/**
- * <p>Decrypts ciphertext and then reencrypts it entirely within KMS. You can use this
- *       operation to change the KMS key under which data is encrypted, such as when you <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-manually">manually
- *         rotate</a> a KMS key or change the KMS key that protects a ciphertext. You can also use
- *       it to reencrypt ciphertext under the same KMS key, such as to change the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">encryption
- *         context</a> of a ciphertext.</p>
- *          <p>The <code>ReEncrypt</code> operation can decrypt ciphertext that was encrypted by using an
- *       KMS KMS key in an KMS operation, such as <a>Encrypt</a> or <a>GenerateDataKey</a>. It can also decrypt ciphertext that was encrypted by using the
- *       public key of an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks">asymmetric KMS key</a>
- *       outside of KMS. However, it cannot decrypt ciphertext produced by other libraries, such as
- *       the <a href="https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/">Amazon Web Services Encryption SDK</a> or
- *         <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html">Amazon S3
- *         client-side encryption</a>. These libraries return a ciphertext format that is
- *       incompatible with KMS.</p>
- *          <p>When you use the <code>ReEncrypt</code> operation, you need to provide information for the
- *       decrypt operation and the subsequent encrypt operation.</p>
- *          <ul>
- *             <li>
- *                <p>If your ciphertext was encrypted under an asymmetric KMS key, you must use the
- *             <code>SourceKeyId</code> parameter to identify the KMS key that encrypted the
- *           ciphertext. You must also supply the encryption algorithm that was used. This information
- *           is required to decrypt the data.</p>
- *             </li>
- *             <li>
- *                <p>If your ciphertext was encrypted under a symmetric KMS key, the
- *             <code>SourceKeyId</code> parameter is optional. KMS can get this information from
- *           metadata that it adds to the symmetric ciphertext blob. This feature adds durability to
- *           your implementation by ensuring that authorized users can decrypt ciphertext decades after
- *           it was encrypted, even if they've lost track of the key ID. However, specifying the source
- *           KMS key is always recommended as a best practice. When you use the
- *             <code>SourceKeyId</code> parameter to specify a KMS key, KMS uses only the KMS key you
- *           specify. If the ciphertext was encrypted under a different KMS key, the
- *             <code>ReEncrypt</code> operation fails. This practice ensures that you use the KMS key
- *           that you intend.</p>
- *             </li>
- *             <li>
- *                <p>To reencrypt the data, you must use the <code>DestinationKeyId</code> parameter
- *           specify the KMS key that re-encrypts the data after it is decrypted. You can select a
- *           symmetric or asymmetric KMS key. If the destination KMS key is an asymmetric KMS key, you
- *           must also provide the encryption algorithm. The algorithm that you choose must be
- *           compatible with the KMS key.</p>
- *
- *                <important>
- *                   <p>When you use an asymmetric KMS key to encrypt or reencrypt data, be sure to record the KMS key and encryption algorithm that you choose. You will be required to provide the same KMS key and encryption algorithm when you decrypt the data. If the KMS key and algorithm do not match the values used to encrypt the data, the decrypt operation fails.</p>
- *                   <p>You are not required to supply the key ID and encryption algorithm when you decrypt with symmetric KMS keys because KMS stores this information in the ciphertext blob. KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields.</p>
- *                </important>
- *             </li>
- *          </ul>
- *          <p>The KMS key that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>
- *             <b>Cross-account use</b>: Yes.
- *       The source KMS key and destination KMS key can be in different Amazon Web Services accounts. Either or both
- *       KMS keys can be in a different account than the caller. To specify a KMS key in a different
- *       account, you must use its key ARN or alias ARN.</p>
- *
- *          <p>
- *             <b>Required permissions</b>:</p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ReEncryptFrom</a>
- *           permission on the source KMS key (key policy)</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ReEncryptTo</a>
- *           permission on the destination KMS key (key policy)</p>
- *             </li>
- *          </ul>
- *          <p>To permit reencryption from or to a KMS key, include the <code>"kms:ReEncrypt*"</code>
- *       permission in your <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html">key policy</a>. This permission is
- *       automatically included in the key policy when you use the console to create a KMS key. But you
- *       must include it manually when you create a KMS key programmatically or when you use the <a>PutKeyPolicy</a> operation to set a key policy.</p>
- *
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>Decrypt</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>Encrypt</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKey</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKeyPair</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, ReEncryptCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, ReEncryptCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new ReEncryptCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link ReEncryptCommandInput} for command's `input` shape.
- * @see {@link ReEncryptCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
+
 export declare class ReEncryptCommand extends $Command<ReEncryptCommandInput, ReEncryptCommandOutput, KMSClientResolvedConfig> {
     readonly input: ReEncryptCommandInput;
     constructor(input: ReEncryptCommandInput);
-    /**
-     * @internal
-     */
+    
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: KMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<ReEncryptCommandInput, ReEncryptCommandOutput>;
     private serialize;
     private deserialize;

package/dist-types/ts3.4/commands/ReplicateKeyCommand.d.ts

@@ -6,106 +6,11 @@ export interface ReplicateKeyCommandInput extends ReplicateKeyRequest {
 }
 export interface ReplicateKeyCommandOutput extends ReplicateKeyResponse, __MetadataBearer {
 }
-/**
- * <p>Replicates a multi-Region key into the specified Region. This operation creates a
- *       multi-Region replica key based on a multi-Region primary key in a different Region of the same
- *       Amazon Web Services partition. You can create multiple replicas of a primary key, but each must be in a
- *       different Region. To create a multi-Region primary key, use the <a>CreateKey</a>
- *       operation.</p>
- *          <p>This operation supports <i>multi-Region keys</i>, an KMS feature that lets you create multiple
- *       interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key
- *       material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt
- *       it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html">Using multi-Region keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>A <i>replica key</i> is a fully-functional KMS key that can be used
- *       independently of its primary and peer replica keys. A primary key and its replica keys share
- *       properties that make them interoperable. They have the same <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-id">key ID</a> and key material. They also
- *       have the same <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-spec">key
- *         spec</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-usage">key
- *         usage</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-origin">key
- *         material origin</a>, and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html">automatic key rotation status</a>. KMS automatically synchronizes these shared
- *       properties among related multi-Region keys. All other properties of a replica key can differ,
- *       including its <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html">key
- *         policy</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html">tags</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html">aliases</a>, and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">key
- *         state</a>. KMS pricing and quotas for KMS keys apply to each primary key and replica
- *       key.</p>
- *          <p>When this operation completes, the new replica key has a transient key state of
- *         <code>Creating</code>. This key state changes to <code>Enabled</code> (or
- *         <code>PendingImport</code>) after a few seconds when the process of creating the new replica
- *       key is complete. While the key state is <code>Creating</code>, you can manage key, but you
- *       cannot yet use it in cryptographic operations. If you are creating and using the replica key
- *       programmatically, retry on <code>KMSInvalidStateException</code> or call
- *         <code>DescribeKey</code> to check its <code>KeyState</code> value before using it. For
- *       details about the <code>Creating</code> key state, see <a href="kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the
- *       <i>Key Management Service Developer Guide</i>.</p>
- *          <p>The CloudTrail log of a <code>ReplicateKey</code> operation records a
- *         <code>ReplicateKey</code> operation in the primary key's Region and a <a>CreateKey</a> operation in the replica key's Region.</p>
- *          <p>If you replicate a multi-Region primary key with imported key material, the replica key is
- *       created with no key material. You must import the same key material that you imported into the
- *       primary key. For details, see <a href="kms/latest/developerguide/multi-region-keys-import.html">Importing key material into multi-Region keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>To convert a replica key to a primary key, use the <a>UpdatePrimaryRegion</a>
- *       operation.</p>
- *          <note>
- *             <p>
- *                <code>ReplicateKey</code> uses different default values for the <code>KeyPolicy</code>
- *         and <code>Tags</code> parameters than those used in the KMS console. For details, see the
- *         parameter descriptions.</p>
- *          </note>
- *          <p>
- *             <b>Cross-account use</b>: No. You cannot use this operation to
- *       create a replica key in a different Amazon Web Services account. </p>
- *          <p>
- *             <b>Required permissions</b>: </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <code>kms:ReplicateKey</code> on the primary key (in the primary key's Region).
- *           Include this permission in the primary key's key policy.</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <code>kms:CreateKey</code> in an IAM policy in the replica Region.</p>
- *             </li>
- *             <li>
- *                <p>To use the <code>Tags</code> parameter, <code>kms:TagResource</code> in an IAM policy
- *           in the replica Region.</p>
- *             </li>
- *          </ul>
- *          <p>
- *             <b>Related operations</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>CreateKey</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>UpdatePrimaryRegion</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, ReplicateKeyCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, ReplicateKeyCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new ReplicateKeyCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link ReplicateKeyCommandInput} for command's `input` shape.
- * @see {@link ReplicateKeyCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
+
 export declare class ReplicateKeyCommand extends $Command<ReplicateKeyCommandInput, ReplicateKeyCommandOutput, KMSClientResolvedConfig> {
     readonly input: ReplicateKeyCommandInput;
     constructor(input: ReplicateKeyCommandInput);
-    /**
-     * @internal
-     */
+    
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: KMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<ReplicateKeyCommandInput, ReplicateKeyCommandOutput>;
     private serialize;
     private deserialize;

package/dist-types/ts3.4/commands/RetireGrantCommand.d.ts

@@ -6,75 +6,11 @@ export interface RetireGrantCommandInput extends RetireGrantRequest {
 }
 export interface RetireGrantCommandOutput extends __MetadataBearer {
 }
-/**
- * <p>Deletes a grant. Typically, you retire a grant when you no longer need its permissions. To
- *       identify the grant to retire, use a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">grant token</a>, or both the grant ID and a
- *       key identifier (key ID or key ARN) of the KMS key. The <a>CreateGrant</a> operation
- *       returns both values.</p>
- *          <p>This operation can be called by the <i>retiring principal</i> for a grant,
- *       by the <i>grantee principal</i> if the grant allows the <code>RetireGrant</code>
- *       operation, and by the Amazon Web Services account (root user) in which the grant is created. It can also be
- *       called by principals to whom permission for retiring a grant is delegated. For details, see
- *         <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete">Retiring and
- *         revoking grants</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>For detailed information about grants, including grant terminology, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html">Using grants</a> in the
- *         <i>
- *                <i>Key Management Service Developer Guide</i>
- *             </i>. For examples of working with grants in several
- *       programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html">Programming grants</a>. </p>
- *          <p>
- *             <b>Cross-account use</b>: Yes. You can retire a grant on a KMS
- *       key in a different Amazon Web Services account.</p>
- *          <p>
- *             <b>Required permissions:</b>:Permission to retire a grant is
- *       determined primarily by the grant. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete">Retiring and revoking grants</a> in
- *       the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>CreateGrant</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>ListGrants</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>ListRetirableGrants</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>RevokeGrant</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, RetireGrantCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, RetireGrantCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new RetireGrantCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link RetireGrantCommandInput} for command's `input` shape.
- * @see {@link RetireGrantCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
+
 export declare class RetireGrantCommand extends $Command<RetireGrantCommandInput, RetireGrantCommandOutput, KMSClientResolvedConfig> {
     readonly input: RetireGrantCommandInput;
     constructor(input: RetireGrantCommandInput);
-    /**
-     * @internal
-     */
+    
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: KMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<RetireGrantCommandInput, RetireGrantCommandOutput>;
     private serialize;
     private deserialize;

package/dist-types/ts3.4/commands/RevokeGrantCommand.d.ts

@@ -6,72 +6,11 @@ export interface RevokeGrantCommandInput extends RevokeGrantRequest {
 }
 export interface RevokeGrantCommandOutput extends __MetadataBearer {
 }
-/**
- * <p>Deletes the specified grant. You revoke a grant to terminate the permissions that the
- *       grant allows. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/managing-grants.html#grant-delete">Retiring and revoking grants</a> in
- *       the <i>
- *                <i>Key Management Service Developer Guide</i>
- *             </i>.</p>
- *          <p>When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as <i>eventual consistency</i>. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-eventual-consistency">Eventual consistency</a> in
- *       the <i>
- *                <i>Key Management Service Developer Guide</i>
- *             </i>. </p>
- *          <p>For detailed information about grants, including grant terminology, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html">Using grants</a> in the
- *         <i>
- *                <i>Key Management Service Developer Guide</i>
- *             </i>. For examples of working with grants in several
- *       programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html">Programming grants</a>. </p>
- *          <p>
- *             <b>Cross-account use</b>: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key
- *   ARN in the value of the <code>KeyId</code> parameter.</p>
- *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:RevokeGrant</a> (key policy).</p>
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>CreateGrant</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>ListGrants</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>ListRetirableGrants</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>RetireGrant</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, RevokeGrantCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, RevokeGrantCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new RevokeGrantCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link RevokeGrantCommandInput} for command's `input` shape.
- * @see {@link RevokeGrantCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
+
 export declare class RevokeGrantCommand extends $Command<RevokeGrantCommandInput, RevokeGrantCommandOutput, KMSClientResolvedConfig> {
     readonly input: RevokeGrantCommandInput;
     constructor(input: RevokeGrantCommandInput);
-    /**
-     * @internal
-     */
+    
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: KMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<RevokeGrantCommandInput, RevokeGrantCommandOutput>;
     private serialize;
     private deserialize;

package/dist-types/ts3.4/commands/ScheduleKeyDeletionCommand.d.ts

@@ -6,83 +6,11 @@ export interface ScheduleKeyDeletionCommandInput extends ScheduleKeyDeletionRequ
 }
 export interface ScheduleKeyDeletionCommandOutput extends ScheduleKeyDeletionResponse, __MetadataBearer {
 }
-/**
- * <p>Schedules the deletion of a KMS key. By default, KMS applies a waiting period of 30
- *       days, but you can specify a waiting period of 7-30 days. When this operation is successful,
- *       the key state of the KMS key changes to <code>PendingDeletion</code> and the key can't be used
- *       in any cryptographic operations. It remains in this state for the duration of the waiting
- *       period. Before the waiting period ends, you can use <a>CancelKeyDeletion</a> to
- *       cancel the deletion of the KMS key. After the waiting period ends, KMS deletes the KMS key,
- *       its key material, and all KMS data associated with it, including all aliases that refer to
- *       it.</p>
- *          <important>
- *             <p>Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key
- *         is deleted, all data that was encrypted under the KMS key is unrecoverable. (The only
- *         exception is a multi-Region replica key.) To prevent the use of a KMS key without deleting
- *         it, use <a>DisableKey</a>. </p>
- *          </important>
- *          <p>If you schedule deletion of a KMS key from a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>, when the waiting period
- *       expires, <code>ScheduleKeyDeletion</code> deletes the KMS key from KMS. Then KMS makes a
- *       best effort to delete the key material from the associated CloudHSM cluster. However, you might
- *       need to manually <a href="https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key">delete the orphaned key
- *         material</a> from the cluster and its backups.</p>
- *          <p>You can schedule the deletion of a multi-Region primary key and its replica keys at any
- *       time. However, KMS will not delete a multi-Region primary key with existing replica keys. If
- *       you schedule the deletion of a primary key with replicas, its key state changes to
- *         <code>PendingReplicaDeletion</code> and it cannot be replicated or used in cryptographic
- *       operations. This status can continue indefinitely. When the last of its replicas keys is
- *       deleted (not just scheduled), the key state of the primary key changes to
- *         <code>PendingDeletion</code> and its waiting period (<code>PendingWindowInDays</code>)
- *       begins. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html">Deleting multi-Region keys</a> in the
- *       <i>Key Management Service Developer Guide</i>. </p>
- *          <p>For more information about scheduling a KMS key for deletion, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html">Deleting KMS keys</a> in the
- *       <i>Key Management Service Developer Guide</i>.</p>
- *          <p>The KMS key that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>
- *             <b>Cross-account
- *         use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
- *
- *
- *          <p>
- *             <b>Required permissions</b>: kms:ScheduleKeyDeletion (key
- *       policy)</p>
- *          <p>
- *             <b>Related operations</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>CancelKeyDeletion</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>DisableKey</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, ScheduleKeyDeletionCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, ScheduleKeyDeletionCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new ScheduleKeyDeletionCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link ScheduleKeyDeletionCommandInput} for command's `input` shape.
- * @see {@link ScheduleKeyDeletionCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
+
 export declare class ScheduleKeyDeletionCommand extends $Command<ScheduleKeyDeletionCommandInput, ScheduleKeyDeletionCommandOutput, KMSClientResolvedConfig> {
     readonly input: ScheduleKeyDeletionCommandInput;
     constructor(input: ScheduleKeyDeletionCommandInput);
-    /**
-     * @internal
-     */
+    
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: KMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<ScheduleKeyDeletionCommandInput, ScheduleKeyDeletionCommandOutput>;
     private serialize;
     private deserialize;

package/dist-types/ts3.4/commands/SignCommand.d.ts

@@ -6,74 +6,11 @@ export interface SignCommandInput extends SignRequest {
 }
 export interface SignCommandOutput extends SignResponse, __MetadataBearer {
 }
-/**
- * <p>Creates a <a href="https://en.wikipedia.org/wiki/Digital_signature">digital
- *         signature</a> for a message or message digest by using the private key in an asymmetric
- *       KMS key. To verify the signature, use the <a>Verify</a> operation, or use the
- *       public key in the same asymmetric KMS key outside of KMS. For information about symmetric and asymmetric KMS keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using Symmetric and Asymmetric KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>Digital signatures are generated and verified by using asymmetric key pair, such as an RSA
- *       or ECC pair that is represented by an asymmetric KMS key. The key owner (or an authorized
- *       user) uses their private key to sign a message. Anyone with the public key can verify that the
- *       message was signed with that particular private key and that the message hasn't changed since
- *       it was signed. </p>
- *          <p>To use the <code>Sign</code> operation, provide the following information:</p>
- *          <ul>
- *             <li>
- *                <p>Use the <code>KeyId</code> parameter to identify an asymmetric KMS key with a
- *             <code>KeyUsage</code> value of <code>SIGN_VERIFY</code>. To get the
- *             <code>KeyUsage</code> value of a KMS key, use the <a>DescribeKey</a>
- *           operation. The caller must have <code>kms:Sign</code> permission on the KMS key.</p>
- *             </li>
- *             <li>
- *                <p>Use the <code>Message</code> parameter to specify the message or message digest to
- *           sign. You can submit messages of up to 4096 bytes. To sign a larger message, generate a
- *           hash digest of the message, and then provide the hash digest in the <code>Message</code>
- *           parameter. To indicate whether the message is a full message or a digest, use the
- *             <code>MessageType</code> parameter.</p>
- *             </li>
- *             <li>
- *                <p>Choose a signing algorithm that is compatible with the KMS key. </p>
- *             </li>
- *          </ul>
- *          <important>
- *             <p>When signing a message, be sure to record the KMS key and the signing algorithm. This
- *         information is required to verify the signature.</p>
- *          </important>
- *          <p>To verify the signature that this operation generates, use the <a>Verify</a>
- *       operation. Or use the <a>GetPublicKey</a> operation to download the public key and
- *       then use the public key to verify the signature outside of KMS. </p>
- *          <p>The KMS key that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *         <p>
- *             <b>Cross-account use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
- *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter.</p>
- *
- *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:Sign</a> (key policy)</p>
- *          <p>
- *             <b>Related operations</b>: <a>Verify</a>
- *          </p>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, SignCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, SignCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new SignCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link SignCommandInput} for command's `input` shape.
- * @see {@link SignCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
+
 export declare class SignCommand extends $Command<SignCommandInput, SignCommandOutput, KMSClientResolvedConfig> {
     readonly input: SignCommandInput;
     constructor(input: SignCommandInput);
-    /**
-     * @internal
-     */
+    
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: KMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<SignCommandInput, SignCommandOutput>;
     private serialize;
     private deserialize;