@aws-sdk/client-kms 3.596.0 → 3.598.0

package/README.md

@@ -377,6 +377,14 @@ DeleteImportedKeyMaterial
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/kms/command/DeleteImportedKeyMaterialCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-kms/Interface/DeleteImportedKeyMaterialCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-kms/Interface/DeleteImportedKeyMaterialCommandOutput/)
 
+</details>
+<details>
+<summary>
+DeriveSharedSecret
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/kms/command/DeriveSharedSecretCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-kms/Interface/DeriveSharedSecretCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-kms/Interface/DeriveSharedSecretCommandOutput/)
+
 </details>
 <details>
 <summary>

package/dist-cjs/index.js

@@ -53,6 +53,8 @@ __export(src_exports, {
   DeleteCustomKeyStoreCommand: () => DeleteCustomKeyStoreCommand,
   DeleteImportedKeyMaterialCommand: () => DeleteImportedKeyMaterialCommand,
   DependencyTimeoutException: () => DependencyTimeoutException,
+  DeriveSharedSecretCommand: () => DeriveSharedSecretCommand,
+  DeriveSharedSecretResponseFilterSensitiveLog: () => DeriveSharedSecretResponseFilterSensitiveLog,
   DescribeCustomKeyStoresCommand: () => DescribeCustomKeyStoresCommand,
   DescribeCustomKeyStoresResponseFilterSensitiveLog: () => DescribeCustomKeyStoresResponseFilterSensitiveLog,
   DescribeKeyCommand: () => DescribeKeyCommand,
@@ -103,6 +105,7 @@ __export(src_exports, {
   KMSInvalidSignatureException: () => KMSInvalidSignatureException,
   KMSInvalidStateException: () => KMSInvalidStateException,
   KMSServiceException: () => KMSServiceException,
+  KeyAgreementAlgorithmSpec: () => KeyAgreementAlgorithmSpec,
   KeyEncryptionMechanism: () => KeyEncryptionMechanism,
   KeyManagerType: () => KeyManagerType,
   KeySpec: () => KeySpec,
@@ -852,6 +855,7 @@ var XksProxyVpcEndpointServiceNotFoundException = _XksProxyVpcEndpointServiceNot
 var GrantOperation = {
   CreateGrant: "CreateGrant",
   Decrypt: "Decrypt",
+  DeriveSharedSecret: "DeriveSharedSecret",
   DescribeKey: "DescribeKey",
   Encrypt: "Encrypt",
   GenerateDataKey: "GenerateDataKey",
@@ -951,6 +955,7 @@ var KeySpec = {
 var KeyUsageType = {
   ENCRYPT_DECRYPT: "ENCRYPT_DECRYPT",
   GENERATE_VERIFY_MAC: "GENERATE_VERIFY_MAC",
+  KEY_AGREEMENT: "KEY_AGREEMENT",
   SIGN_VERIFY: "SIGN_VERIFY"
 };
 var OriginType = {
@@ -969,6 +974,9 @@ var ExpirationModelType = {
   KEY_MATERIAL_DOES_NOT_EXPIRE: "KEY_MATERIAL_DOES_NOT_EXPIRE",
   KEY_MATERIAL_EXPIRES: "KEY_MATERIAL_EXPIRES"
 };
+var KeyAgreementAlgorithmSpec = {
+  ECDH: "ECDH"
+};
 var KeyManagerType = {
   AWS: "AWS",
   CUSTOMER: "CUSTOMER"
@@ -1370,6 +1378,10 @@ var DecryptResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({
   ...obj,
   ...obj.Plaintext && { Plaintext: import_smithy_client.SENSITIVE_STRING }
 }), "DecryptResponseFilterSensitiveLog");
+var DeriveSharedSecretResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({
+  ...obj,
+  ...obj.SharedSecret && { SharedSecret: import_smithy_client.SENSITIVE_STRING }
+}), "DeriveSharedSecretResponseFilterSensitiveLog");
 var DescribeCustomKeyStoresResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({
   ...obj,
   ...obj.CustomKeyStores && {
@@ -1483,6 +1495,12 @@ var se_DeleteImportedKeyMaterialCommand = /* @__PURE__ */ __name(async (input, c
   body = JSON.stringify((0, import_smithy_client._json)(input));
   return buildHttpRpcRequest(context, headers, "/", void 0, body);
 }, "se_DeleteImportedKeyMaterialCommand");
+var se_DeriveSharedSecretCommand = /* @__PURE__ */ __name(async (input, context) => {
+  const headers = sharedHeaders("DeriveSharedSecret");
+  let body;
+  body = JSON.stringify(se_DeriveSharedSecretRequest(input, context));
+  return buildHttpRpcRequest(context, headers, "/", void 0, body);
+}, "se_DeriveSharedSecretCommand");
 var se_DescribeCustomKeyStoresCommand = /* @__PURE__ */ __name(async (input, context) => {
   const headers = sharedHeaders("DescribeCustomKeyStores");
   let body;
@@ -1856,6 +1874,19 @@ var de_DeleteImportedKeyMaterialCommand = /* @__PURE__ */ __name(async (output,
   };
   return response;
 }, "de_DeleteImportedKeyMaterialCommand");
+var de_DeriveSharedSecretCommand = /* @__PURE__ */ __name(async (output, context) => {
+  if (output.statusCode >= 300) {
+    return de_CommandError(output, context);
+  }
+  const data = await (0, import_core2.parseJsonBody)(output.body, context);
+  let contents = {};
+  contents = de_DeriveSharedSecretResponse(data, context);
+  const response = {
+    $metadata: deserializeMetadata(output),
+    ...contents
+  };
+  return response;
+}, "de_DeriveSharedSecretCommand");
 var de_DescribeCustomKeyStoresCommand = /* @__PURE__ */ __name(async (output, context) => {
   if (output.statusCode >= 300) {
     return de_CommandError(output, context);
@@ -2969,6 +3000,16 @@ var se_DecryptRequest = /* @__PURE__ */ __name((input, context) => {
     Recipient: (_) => se_RecipientInfo(_, context)
   });
 }, "se_DecryptRequest");
+var se_DeriveSharedSecretRequest = /* @__PURE__ */ __name((input, context) => {
+  return (0, import_smithy_client.take)(input, {
+    DryRun: [],
+    GrantTokens: import_smithy_client._json,
+    KeyAgreementAlgorithm: [],
+    KeyId: [],
+    PublicKey: context.base64Encoder,
+    Recipient: (_) => se_RecipientInfo(_, context)
+  });
+}, "se_DeriveSharedSecretRequest");
 var se_EncryptRequest = /* @__PURE__ */ __name((input, context) => {
   return (0, import_smithy_client.take)(input, {
     DryRun: [],
@@ -3122,6 +3163,15 @@ var de_DecryptResponse = /* @__PURE__ */ __name((output, context) => {
     Plaintext: context.base64Decoder
   });
 }, "de_DecryptResponse");
+var de_DeriveSharedSecretResponse = /* @__PURE__ */ __name((output, context) => {
+  return (0, import_smithy_client.take)(output, {
+    CiphertextForRecipient: context.base64Decoder,
+    KeyAgreementAlgorithm: import_smithy_client.expectString,
+    KeyId: import_smithy_client.expectString,
+    KeyOrigin: import_smithy_client.expectString,
+    SharedSecret: context.base64Decoder
+  });
+}, "de_DeriveSharedSecretResponse");
 var de_DescribeCustomKeyStoresResponse = /* @__PURE__ */ __name((output, context) => {
   return (0, import_smithy_client.take)(output, {
     CustomKeyStores: (_) => de_CustomKeyStoresList(_, context),
@@ -3207,6 +3257,7 @@ var de_GetPublicKeyResponse = /* @__PURE__ */ __name((output, context) => {
   return (0, import_smithy_client.take)(output, {
     CustomerMasterKeySpec: import_smithy_client.expectString,
     EncryptionAlgorithms: import_smithy_client._json,
+    KeyAgreementAlgorithms: import_smithy_client._json,
     KeyId: import_smithy_client.expectString,
     KeySpec: import_smithy_client.expectString,
     KeyUsage: import_smithy_client.expectString,
@@ -3246,6 +3297,7 @@ var de_KeyMetadata = /* @__PURE__ */ __name((output, context) => {
     Enabled: import_smithy_client.expectBoolean,
     EncryptionAlgorithms: import_smithy_client._json,
     ExpirationModel: import_smithy_client.expectString,
+    KeyAgreementAlgorithms: import_smithy_client._json,
     KeyId: import_smithy_client.expectString,
     KeyManager: import_smithy_client.expectString,
     KeySpec: import_smithy_client.expectString,
@@ -3516,6 +3568,22 @@ var _DeleteImportedKeyMaterialCommand = class _DeleteImportedKeyMaterialCommand
 __name(_DeleteImportedKeyMaterialCommand, "DeleteImportedKeyMaterialCommand");
 var DeleteImportedKeyMaterialCommand = _DeleteImportedKeyMaterialCommand;
 
+// src/commands/DeriveSharedSecretCommand.ts
+
+
+
+var _DeriveSharedSecretCommand = class _DeriveSharedSecretCommand extends import_smithy_client.Command.classBuilder().ep({
+  ...commonParams
+}).m(function(Command, cs, config, o) {
+  return [
+    (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize),
+    (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions())
+  ];
+}).s("TrentService", "DeriveSharedSecret", {}).n("KMSClient", "DeriveSharedSecretCommand").f(void 0, DeriveSharedSecretResponseFilterSensitiveLog).ser(se_DeriveSharedSecretCommand).de(de_DeriveSharedSecretCommand).build() {
+};
+__name(_DeriveSharedSecretCommand, "DeriveSharedSecretCommand");
+var DeriveSharedSecretCommand = _DeriveSharedSecretCommand;
+
 // src/commands/DescribeCustomKeyStoresCommand.ts
 
 
@@ -4200,6 +4268,7 @@ var commands = {
   DeleteAliasCommand,
   DeleteCustomKeyStoreCommand,
   DeleteImportedKeyMaterialCommand,
+  DeriveSharedSecretCommand,
   DescribeCustomKeyStoresCommand,
   DescribeKeyCommand,
   DisableKeyCommand,
@@ -4298,6 +4367,7 @@ var paginateListRetirableGrants = (0, import_core.createPaginator)(KMSClient, Li
   DeleteAliasCommand,
   DeleteCustomKeyStoreCommand,
   DeleteImportedKeyMaterialCommand,
+  DeriveSharedSecretCommand,
   DescribeCustomKeyStoresCommand,
   DescribeKeyCommand,
   DisableKeyCommand,
@@ -4390,6 +4460,7 @@ var paginateListRetirableGrants = (0, import_core.createPaginator)(KMSClient, Li
   OriginType,
   EncryptionAlgorithmSpec,
   ExpirationModelType,
+  KeyAgreementAlgorithmSpec,
   KeyManagerType,
   KeyState,
   MacAlgorithmSpec,
@@ -4424,6 +4495,7 @@ var paginateListRetirableGrants = (0, import_core.createPaginator)(KMSClient, Li
   XksProxyConfigurationTypeFilterSensitiveLog,
   CustomKeyStoresListEntryFilterSensitiveLog,
   DecryptResponseFilterSensitiveLog,
+  DeriveSharedSecretResponseFilterSensitiveLog,
   DescribeCustomKeyStoresResponseFilterSensitiveLog,
   EncryptRequestFilterSensitiveLog,
   GenerateDataKeyResponseFilterSensitiveLog,

package/dist-es/KMS.js

@@ -9,6 +9,7 @@ import { DecryptCommand } from "./commands/DecryptCommand";
 import { DeleteAliasCommand } from "./commands/DeleteAliasCommand";
 import { DeleteCustomKeyStoreCommand, } from "./commands/DeleteCustomKeyStoreCommand";
 import { DeleteImportedKeyMaterialCommand, } from "./commands/DeleteImportedKeyMaterialCommand";
+import { DeriveSharedSecretCommand, } from "./commands/DeriveSharedSecretCommand";
 import { DescribeCustomKeyStoresCommand, } from "./commands/DescribeCustomKeyStoresCommand";
 import { DescribeKeyCommand } from "./commands/DescribeKeyCommand";
 import { DisableKeyCommand } from "./commands/DisableKeyCommand";
@@ -63,6 +64,7 @@ const commands = {
     DeleteAliasCommand,
     DeleteCustomKeyStoreCommand,
     DeleteImportedKeyMaterialCommand,
+    DeriveSharedSecretCommand,
     DescribeCustomKeyStoresCommand,
     DescribeKeyCommand,
     DisableKeyCommand,

package/dist-es/commands/DeriveSharedSecretCommand.js

@@ -0,0 +1,25 @@
+import { getEndpointPlugin } from "@smithy/middleware-endpoint";
+import { getSerdePlugin } from "@smithy/middleware-serde";
+import { Command as $Command } from "@smithy/smithy-client";
+import { commonParams } from "../endpoint/EndpointParameters";
+import { DeriveSharedSecretResponseFilterSensitiveLog, } from "../models/models_0";
+import { de_DeriveSharedSecretCommand, se_DeriveSharedSecretCommand } from "../protocols/Aws_json1_1";
+export { $Command };
+export class DeriveSharedSecretCommand extends $Command
+    .classBuilder()
+    .ep({
+    ...commonParams,
+})
+    .m(function (Command, cs, config, o) {
+    return [
+        getSerdePlugin(config, this.serialize, this.deserialize),
+        getEndpointPlugin(config, Command.getEndpointParameterInstructions()),
+    ];
+})
+    .s("TrentService", "DeriveSharedSecret", {})
+    .n("KMSClient", "DeriveSharedSecretCommand")
+    .f(void 0, DeriveSharedSecretResponseFilterSensitiveLog)
+    .ser(se_DeriveSharedSecretCommand)
+    .de(de_DeriveSharedSecretCommand)
+    .build() {
+}

package/dist-es/commands/index.js

@@ -8,6 +8,7 @@ export * from "./DecryptCommand";
 export * from "./DeleteAliasCommand";
 export * from "./DeleteCustomKeyStoreCommand";
 export * from "./DeleteImportedKeyMaterialCommand";
+export * from "./DeriveSharedSecretCommand";
 export * from "./DescribeCustomKeyStoresCommand";
 export * from "./DescribeKeyCommand";
 export * from "./DisableKeyCommand";

package/dist-es/models/models_0.js

@@ -370,6 +370,7 @@ export class XksProxyVpcEndpointServiceNotFoundException extends __BaseException
 export const GrantOperation = {
     CreateGrant: "CreateGrant",
     Decrypt: "Decrypt",
+    DeriveSharedSecret: "DeriveSharedSecret",
     DescribeKey: "DescribeKey",
     Encrypt: "Encrypt",
     GenerateDataKey: "GenerateDataKey",
@@ -454,6 +455,7 @@ export const KeySpec = {
 export const KeyUsageType = {
     ENCRYPT_DECRYPT: "ENCRYPT_DECRYPT",
     GENERATE_VERIFY_MAC: "GENERATE_VERIFY_MAC",
+    KEY_AGREEMENT: "KEY_AGREEMENT",
     SIGN_VERIFY: "SIGN_VERIFY",
 };
 export const OriginType = {
@@ -472,6 +474,9 @@ export const ExpirationModelType = {
     KEY_MATERIAL_DOES_NOT_EXPIRE: "KEY_MATERIAL_DOES_NOT_EXPIRE",
     KEY_MATERIAL_EXPIRES: "KEY_MATERIAL_EXPIRES",
 };
+export const KeyAgreementAlgorithmSpec = {
+    ECDH: "ECDH",
+};
 export const KeyManagerType = {
     AWS: "AWS",
     CUSTOMER: "CUSTOMER",
@@ -781,6 +786,10 @@ export const DecryptResponseFilterSensitiveLog = (obj) => ({
     ...obj,
     ...(obj.Plaintext && { Plaintext: SENSITIVE_STRING }),
 });
+export const DeriveSharedSecretResponseFilterSensitiveLog = (obj) => ({
+    ...obj,
+    ...(obj.SharedSecret && { SharedSecret: SENSITIVE_STRING }),
+});
 export const DescribeCustomKeyStoresResponseFilterSensitiveLog = (obj) => ({
     ...obj,
     ...(obj.CustomKeyStores && {

package/dist-es/protocols/Aws_json1_1.js

@@ -63,6 +63,12 @@ export const se_DeleteImportedKeyMaterialCommand = async (input, context) => {
     body = JSON.stringify(_json(input));
     return buildHttpRpcRequest(context, headers, "/", undefined, body);
 };
+export const se_DeriveSharedSecretCommand = async (input, context) => {
+    const headers = sharedHeaders("DeriveSharedSecret");
+    let body;
+    body = JSON.stringify(se_DeriveSharedSecretRequest(input, context));
+    return buildHttpRpcRequest(context, headers, "/", undefined, body);
+};
 export const se_DescribeCustomKeyStoresCommand = async (input, context) => {
     const headers = sharedHeaders("DescribeCustomKeyStores");
     let body;
@@ -436,6 +442,19 @@ export const de_DeleteImportedKeyMaterialCommand = async (output, context) => {
     };
     return response;
 };
+export const de_DeriveSharedSecretCommand = async (output, context) => {
+    if (output.statusCode >= 300) {
+        return de_CommandError(output, context);
+    }
+    const data = await parseBody(output.body, context);
+    let contents = {};
+    contents = de_DeriveSharedSecretResponse(data, context);
+    const response = {
+        $metadata: deserializeMetadata(output),
+        ...contents,
+    };
+    return response;
+};
 export const de_DescribeCustomKeyStoresCommand = async (output, context) => {
     if (output.statusCode >= 300) {
         return de_CommandError(output, context);
@@ -1549,6 +1568,16 @@ const se_DecryptRequest = (input, context) => {
         Recipient: (_) => se_RecipientInfo(_, context),
     });
 };
+const se_DeriveSharedSecretRequest = (input, context) => {
+    return take(input, {
+        DryRun: [],
+        GrantTokens: _json,
+        KeyAgreementAlgorithm: [],
+        KeyId: [],
+        PublicKey: context.base64Encoder,
+        Recipient: (_) => se_RecipientInfo(_, context),
+    });
+};
 const se_EncryptRequest = (input, context) => {
     return take(input, {
         DryRun: [],
@@ -1706,6 +1735,15 @@ const de_DecryptResponse = (output, context) => {
         Plaintext: context.base64Decoder,
     });
 };
+const de_DeriveSharedSecretResponse = (output, context) => {
+    return take(output, {
+        CiphertextForRecipient: context.base64Decoder,
+        KeyAgreementAlgorithm: __expectString,
+        KeyId: __expectString,
+        KeyOrigin: __expectString,
+        SharedSecret: context.base64Decoder,
+    });
+};
 const de_DescribeCustomKeyStoresResponse = (output, context) => {
     return take(output, {
         CustomKeyStores: (_) => de_CustomKeyStoresList(_, context),
@@ -1791,6 +1829,7 @@ const de_GetPublicKeyResponse = (output, context) => {
     return take(output, {
         CustomerMasterKeySpec: __expectString,
         EncryptionAlgorithms: _json,
+        KeyAgreementAlgorithms: _json,
         KeyId: __expectString,
         KeySpec: __expectString,
         KeyUsage: __expectString,
@@ -1832,6 +1871,7 @@ const de_KeyMetadata = (output, context) => {
         Enabled: __expectBoolean,
         EncryptionAlgorithms: _json,
         ExpirationModel: __expectString,
+        KeyAgreementAlgorithms: _json,
         KeyId: __expectString,
         KeyManager: __expectString,
         KeySpec: __expectString,

package/dist-types/KMS.d.ts

@@ -9,6 +9,7 @@ import { DecryptCommandInput, DecryptCommandOutput } from "./commands/DecryptCom
 import { DeleteAliasCommandInput, DeleteAliasCommandOutput } from "./commands/DeleteAliasCommand";
 import { DeleteCustomKeyStoreCommandInput, DeleteCustomKeyStoreCommandOutput } from "./commands/DeleteCustomKeyStoreCommand";
 import { DeleteImportedKeyMaterialCommandInput, DeleteImportedKeyMaterialCommandOutput } from "./commands/DeleteImportedKeyMaterialCommand";
+import { DeriveSharedSecretCommandInput, DeriveSharedSecretCommandOutput } from "./commands/DeriveSharedSecretCommand";
 import { DescribeCustomKeyStoresCommandInput, DescribeCustomKeyStoresCommandOutput } from "./commands/DescribeCustomKeyStoresCommand";
 import { DescribeKeyCommandInput, DescribeKeyCommandOutput } from "./commands/DescribeKeyCommand";
 import { DisableKeyCommandInput, DisableKeyCommandOutput } from "./commands/DisableKeyCommand";
@@ -114,6 +115,12 @@ export interface KMS {
     deleteImportedKeyMaterial(args: DeleteImportedKeyMaterialCommandInput, options?: __HttpHandlerOptions): Promise<DeleteImportedKeyMaterialCommandOutput>;
     deleteImportedKeyMaterial(args: DeleteImportedKeyMaterialCommandInput, cb: (err: any, data?: DeleteImportedKeyMaterialCommandOutput) => void): void;
     deleteImportedKeyMaterial(args: DeleteImportedKeyMaterialCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteImportedKeyMaterialCommandOutput) => void): void;
+    /**
+     * @see {@link DeriveSharedSecretCommand}
+     */
+    deriveSharedSecret(args: DeriveSharedSecretCommandInput, options?: __HttpHandlerOptions): Promise<DeriveSharedSecretCommandOutput>;
+    deriveSharedSecret(args: DeriveSharedSecretCommandInput, cb: (err: any, data?: DeriveSharedSecretCommandOutput) => void): void;
+    deriveSharedSecret(args: DeriveSharedSecretCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeriveSharedSecretCommandOutput) => void): void;
     /**
      * @see {@link DescribeCustomKeyStoresCommand}
      */

package/dist-types/KMSClient.d.ts

@@ -17,6 +17,7 @@ import { DecryptCommandInput, DecryptCommandOutput } from "./commands/DecryptCom
 import { DeleteAliasCommandInput, DeleteAliasCommandOutput } from "./commands/DeleteAliasCommand";
 import { DeleteCustomKeyStoreCommandInput, DeleteCustomKeyStoreCommandOutput } from "./commands/DeleteCustomKeyStoreCommand";
 import { DeleteImportedKeyMaterialCommandInput, DeleteImportedKeyMaterialCommandOutput } from "./commands/DeleteImportedKeyMaterialCommand";
+import { DeriveSharedSecretCommandInput, DeriveSharedSecretCommandOutput } from "./commands/DeriveSharedSecretCommand";
 import { DescribeCustomKeyStoresCommandInput, DescribeCustomKeyStoresCommandOutput } from "./commands/DescribeCustomKeyStoresCommand";
 import { DescribeKeyCommandInput, DescribeKeyCommandOutput } from "./commands/DescribeKeyCommand";
 import { DisableKeyCommandInput, DisableKeyCommandOutput } from "./commands/DisableKeyCommand";
@@ -65,11 +66,11 @@ export { __Client };
 /**
  * @public
  */
-export type ServiceInputTypes = CancelKeyDeletionCommandInput | ConnectCustomKeyStoreCommandInput | CreateAliasCommandInput | CreateCustomKeyStoreCommandInput | CreateGrantCommandInput | CreateKeyCommandInput | DecryptCommandInput | DeleteAliasCommandInput | DeleteCustomKeyStoreCommandInput | DeleteImportedKeyMaterialCommandInput | DescribeCustomKeyStoresCommandInput | DescribeKeyCommandInput | DisableKeyCommandInput | DisableKeyRotationCommandInput | DisconnectCustomKeyStoreCommandInput | EnableKeyCommandInput | EnableKeyRotationCommandInput | EncryptCommandInput | GenerateDataKeyCommandInput | GenerateDataKeyPairCommandInput | GenerateDataKeyPairWithoutPlaintextCommandInput | GenerateDataKeyWithoutPlaintextCommandInput | GenerateMacCommandInput | GenerateRandomCommandInput | GetKeyPolicyCommandInput | GetKeyRotationStatusCommandInput | GetParametersForImportCommandInput | GetPublicKeyCommandInput | ImportKeyMaterialCommandInput | ListAliasesCommandInput | ListGrantsCommandInput | ListKeyPoliciesCommandInput | ListKeyRotationsCommandInput | ListKeysCommandInput | ListResourceTagsCommandInput | ListRetirableGrantsCommandInput | PutKeyPolicyCommandInput | ReEncryptCommandInput | ReplicateKeyCommandInput | RetireGrantCommandInput | RevokeGrantCommandInput | RotateKeyOnDemandCommandInput | ScheduleKeyDeletionCommandInput | SignCommandInput | TagResourceCommandInput | UntagResourceCommandInput | UpdateAliasCommandInput | UpdateCustomKeyStoreCommandInput | UpdateKeyDescriptionCommandInput | UpdatePrimaryRegionCommandInput | VerifyCommandInput | VerifyMacCommandInput;
+export type ServiceInputTypes = CancelKeyDeletionCommandInput | ConnectCustomKeyStoreCommandInput | CreateAliasCommandInput | CreateCustomKeyStoreCommandInput | CreateGrantCommandInput | CreateKeyCommandInput | DecryptCommandInput | DeleteAliasCommandInput | DeleteCustomKeyStoreCommandInput | DeleteImportedKeyMaterialCommandInput | DeriveSharedSecretCommandInput | DescribeCustomKeyStoresCommandInput | DescribeKeyCommandInput | DisableKeyCommandInput | DisableKeyRotationCommandInput | DisconnectCustomKeyStoreCommandInput | EnableKeyCommandInput | EnableKeyRotationCommandInput | EncryptCommandInput | GenerateDataKeyCommandInput | GenerateDataKeyPairCommandInput | GenerateDataKeyPairWithoutPlaintextCommandInput | GenerateDataKeyWithoutPlaintextCommandInput | GenerateMacCommandInput | GenerateRandomCommandInput | GetKeyPolicyCommandInput | GetKeyRotationStatusCommandInput | GetParametersForImportCommandInput | GetPublicKeyCommandInput | ImportKeyMaterialCommandInput | ListAliasesCommandInput | ListGrantsCommandInput | ListKeyPoliciesCommandInput | ListKeyRotationsCommandInput | ListKeysCommandInput | ListResourceTagsCommandInput | ListRetirableGrantsCommandInput | PutKeyPolicyCommandInput | ReEncryptCommandInput | ReplicateKeyCommandInput | RetireGrantCommandInput | RevokeGrantCommandInput | RotateKeyOnDemandCommandInput | ScheduleKeyDeletionCommandInput | SignCommandInput | TagResourceCommandInput | UntagResourceCommandInput | UpdateAliasCommandInput | UpdateCustomKeyStoreCommandInput | UpdateKeyDescriptionCommandInput | UpdatePrimaryRegionCommandInput | VerifyCommandInput | VerifyMacCommandInput;
 /**
  * @public
  */
-export type ServiceOutputTypes = CancelKeyDeletionCommandOutput | ConnectCustomKeyStoreCommandOutput | CreateAliasCommandOutput | CreateCustomKeyStoreCommandOutput | CreateGrantCommandOutput | CreateKeyCommandOutput | DecryptCommandOutput | DeleteAliasCommandOutput | DeleteCustomKeyStoreCommandOutput | DeleteImportedKeyMaterialCommandOutput | DescribeCustomKeyStoresCommandOutput | DescribeKeyCommandOutput | DisableKeyCommandOutput | DisableKeyRotationCommandOutput | DisconnectCustomKeyStoreCommandOutput | EnableKeyCommandOutput | EnableKeyRotationCommandOutput | EncryptCommandOutput | GenerateDataKeyCommandOutput | GenerateDataKeyPairCommandOutput | GenerateDataKeyPairWithoutPlaintextCommandOutput | GenerateDataKeyWithoutPlaintextCommandOutput | GenerateMacCommandOutput | GenerateRandomCommandOutput | GetKeyPolicyCommandOutput | GetKeyRotationStatusCommandOutput | GetParametersForImportCommandOutput | GetPublicKeyCommandOutput | ImportKeyMaterialCommandOutput | ListAliasesCommandOutput | ListGrantsCommandOutput | ListKeyPoliciesCommandOutput | ListKeyRotationsCommandOutput | ListKeysCommandOutput | ListResourceTagsCommandOutput | ListRetirableGrantsCommandOutput | PutKeyPolicyCommandOutput | ReEncryptCommandOutput | ReplicateKeyCommandOutput | RetireGrantCommandOutput | RevokeGrantCommandOutput | RotateKeyOnDemandCommandOutput | ScheduleKeyDeletionCommandOutput | SignCommandOutput | TagResourceCommandOutput | UntagResourceCommandOutput | UpdateAliasCommandOutput | UpdateCustomKeyStoreCommandOutput | UpdateKeyDescriptionCommandOutput | UpdatePrimaryRegionCommandOutput | VerifyCommandOutput | VerifyMacCommandOutput;
+export type ServiceOutputTypes = CancelKeyDeletionCommandOutput | ConnectCustomKeyStoreCommandOutput | CreateAliasCommandOutput | CreateCustomKeyStoreCommandOutput | CreateGrantCommandOutput | CreateKeyCommandOutput | DecryptCommandOutput | DeleteAliasCommandOutput | DeleteCustomKeyStoreCommandOutput | DeleteImportedKeyMaterialCommandOutput | DeriveSharedSecretCommandOutput | DescribeCustomKeyStoresCommandOutput | DescribeKeyCommandOutput | DisableKeyCommandOutput | DisableKeyRotationCommandOutput | DisconnectCustomKeyStoreCommandOutput | EnableKeyCommandOutput | EnableKeyRotationCommandOutput | EncryptCommandOutput | GenerateDataKeyCommandOutput | GenerateDataKeyPairCommandOutput | GenerateDataKeyPairWithoutPlaintextCommandOutput | GenerateDataKeyWithoutPlaintextCommandOutput | GenerateMacCommandOutput | GenerateRandomCommandOutput | GetKeyPolicyCommandOutput | GetKeyRotationStatusCommandOutput | GetParametersForImportCommandOutput | GetPublicKeyCommandOutput | ImportKeyMaterialCommandOutput | ListAliasesCommandOutput | ListGrantsCommandOutput | ListKeyPoliciesCommandOutput | ListKeyRotationsCommandOutput | ListKeysCommandOutput | ListResourceTagsCommandOutput | ListRetirableGrantsCommandOutput | PutKeyPolicyCommandOutput | ReEncryptCommandOutput | ReplicateKeyCommandOutput | RetireGrantCommandOutput | RevokeGrantCommandOutput | RotateKeyOnDemandCommandOutput | ScheduleKeyDeletionCommandOutput | SignCommandOutput | TagResourceCommandOutput | UntagResourceCommandOutput | UpdateAliasCommandOutput | UpdateCustomKeyStoreCommandOutput | UpdateKeyDescriptionCommandOutput | UpdatePrimaryRegionCommandOutput | VerifyCommandOutput | VerifyMacCommandOutput;
 /**
  * @public
  */

package/dist-types/commands/CreateGrantCommand.d.ts

@@ -103,7 +103,7 @@ declare const CreateGrantCommand_base: {
  *   GranteePrincipal: "STRING_VALUE", // required
  *   RetiringPrincipal: "STRING_VALUE",
  *   Operations: [ // GrantOperationList // required
- *     "Decrypt" || "Encrypt" || "GenerateDataKey" || "GenerateDataKeyWithoutPlaintext" || "ReEncryptFrom" || "ReEncryptTo" || "Sign" || "Verify" || "GetPublicKey" || "CreateGrant" || "RetireGrant" || "DescribeKey" || "GenerateDataKeyPair" || "GenerateDataKeyPairWithoutPlaintext" || "GenerateMac" || "VerifyMac",
+ *     "Decrypt" || "Encrypt" || "GenerateDataKey" || "GenerateDataKeyWithoutPlaintext" || "ReEncryptFrom" || "ReEncryptTo" || "Sign" || "Verify" || "GetPublicKey" || "CreateGrant" || "RetireGrant" || "DescribeKey" || "GenerateDataKeyPair" || "GenerateDataKeyPairWithoutPlaintext" || "GenerateMac" || "VerifyMac" || "DeriveSharedSecret",
  *   ],
  *   Constraints: { // GrantConstraints
  *     EncryptionContextSubset: { // EncryptionContextType

package/dist-types/commands/CreateKeyCommand.d.ts

@@ -70,9 +70,12 @@ declare const CreateKeyCommand_base: {
  *                <p>Asymmetric KMS keys contain an RSA key pair, Elliptic Curve (ECC) key pair, or an
  *             SM2 key pair (China Regions only). The private key in an asymmetric KMS key never leaves
  *             KMS unencrypted. However, you can use the <a>GetPublicKey</a> operation to
- *             download the public key so it can be used outside of KMS. KMS keys with RSA or SM2 key
- *             pairs can be used to encrypt or decrypt data or sign and verify messages (but not both).
- *             KMS keys with ECC key pairs can be used only to sign and verify messages. For
+ *             download the public key so it can be used outside of KMS. Each KMS key can have only one key usage. KMS keys with RSA key
+ *             pairs can be used to encrypt and decrypt data or sign and verify messages (but not both).
+ *             KMS keys with NIST-recommended ECC key pairs can be used to sign and verify messages or
+ *             derive shared secrets (but not both). KMS keys with <code>ECC_SECG_P256K1</code>
+ *             can be used only to sign and verify messages. KMS keys with SM2 key pairs (China Regions only)
+ *             can be used to either encrypt and decrypt data, sign and verify messages, or derive shared secrets (you must choose one key usage type). For
  *             information about asymmetric KMS keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Asymmetric KMS keys</a> in the
  *             <i>Key Management Service Developer Guide</i>.</p>
  *                <p> </p>
@@ -203,7 +206,7 @@ declare const CreateKeyCommand_base: {
  * const input = { // CreateKeyRequest
  *   Policy: "STRING_VALUE",
  *   Description: "STRING_VALUE",
- *   KeyUsage: "SIGN_VERIFY" || "ENCRYPT_DECRYPT" || "GENERATE_VERIFY_MAC",
+ *   KeyUsage: "SIGN_VERIFY" || "ENCRYPT_DECRYPT" || "GENERATE_VERIFY_MAC" || "KEY_AGREEMENT",
  *   CustomerMasterKeySpec: "RSA_2048" || "RSA_3072" || "RSA_4096" || "ECC_NIST_P256" || "ECC_NIST_P384" || "ECC_NIST_P521" || "ECC_SECG_P256K1" || "SYMMETRIC_DEFAULT" || "HMAC_224" || "HMAC_256" || "HMAC_384" || "HMAC_512" || "SM2",
  *   KeySpec: "RSA_2048" || "RSA_3072" || "RSA_4096" || "ECC_NIST_P256" || "ECC_NIST_P384" || "ECC_NIST_P521" || "ECC_SECG_P256K1" || "SYMMETRIC_DEFAULT" || "HMAC_224" || "HMAC_256" || "HMAC_384" || "HMAC_512" || "SM2",
  *   Origin: "AWS_KMS" || "EXTERNAL" || "AWS_CLOUDHSM" || "EXTERNAL_KEY_STORE",
@@ -228,7 +231,7 @@ declare const CreateKeyCommand_base: {
  * //     CreationDate: new Date("TIMESTAMP"),
  * //     Enabled: true || false,
  * //     Description: "STRING_VALUE",
- * //     KeyUsage: "SIGN_VERIFY" || "ENCRYPT_DECRYPT" || "GENERATE_VERIFY_MAC",
+ * //     KeyUsage: "SIGN_VERIFY" || "ENCRYPT_DECRYPT" || "GENERATE_VERIFY_MAC" || "KEY_AGREEMENT",
  * //     KeyState: "Creating" || "Enabled" || "Disabled" || "PendingDeletion" || "PendingImport" || "PendingReplicaDeletion" || "Unavailable" || "Updating",
  * //     DeletionDate: new Date("TIMESTAMP"),
  * //     ValidTo: new Date("TIMESTAMP"),
@@ -245,6 +248,9 @@ declare const CreateKeyCommand_base: {
  * //     SigningAlgorithms: [ // SigningAlgorithmSpecList
  * //       "RSASSA_PSS_SHA_256" || "RSASSA_PSS_SHA_384" || "RSASSA_PSS_SHA_512" || "RSASSA_PKCS1_V1_5_SHA_256" || "RSASSA_PKCS1_V1_5_SHA_384" || "RSASSA_PKCS1_V1_5_SHA_512" || "ECDSA_SHA_256" || "ECDSA_SHA_384" || "ECDSA_SHA_512" || "SM2DSA",
  * //     ],
+ * //     KeyAgreementAlgorithms: [ // KeyAgreementAlgorithmSpecList
+ * //       "ECDH",
+ * //     ],
  * //     MultiRegion: true || false,
  * //     MultiRegionConfiguration: { // MultiRegionConfiguration
  * //       MultiRegionKeyType: "PRIMARY" || "REPLICA",

package/dist-types/commands/DecryptCommand.d.ts

@@ -206,7 +206,8 @@ declare const DecryptCommand_base: {
  *         <code>KeyUsage</code> must be <code>ENCRYPT_DECRYPT</code>. For signing and verifying
  *       messages, the <code>KeyUsage</code> must be <code>SIGN_VERIFY</code>. For generating and
  *       verifying message authentication codes (MACs), the <code>KeyUsage</code> must be
- *         <code>GENERATE_VERIFY_MAC</code>. To find the <code>KeyUsage</code> of a KMS key, use the
+ *         <code>GENERATE_VERIFY_MAC</code>. For deriving key agreement secrets, the
+ *       <code>KeyUsage</code> must be <code>KEY_AGREEMENT</code>. To find the <code>KeyUsage</code> of a KMS key, use the
  *         <a>DescribeKey</a> operation.</p>
  *          <p>To find the encryption or signing algorithms supported for a particular KMS key, use the
  *         <a>DescribeKey</a> operation.</p>