npm - @aws-sdk/client-kms - Versions diffs - 3.823.0 → 3.826.0 - Mend

@aws-sdk/client-kms 3.823.0 → 3.826.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (61) hide show

package/dist-types/commands/DecryptCommand.d.ts CHANGED Viewed

@@ -74,8 +74,8 @@ declare const DecryptCommand_base: {
  *       the <code>Decrypt</code> operation fails. This practice ensures that you use the KMS key that
  *       you intend.</p>
  *          <p>Whenever possible, use key policies to give users permission to call the
- *         <code>Decrypt</code> operation on a particular KMS key, instead of using &IAM; policies.
- *       Otherwise, you might create an &IAM; policy that gives the user <code>Decrypt</code>
+ *         <code>Decrypt</code> operation on a particular KMS key, instead of using IAM policies.
+ *       Otherwise, you might create an IAM policy that gives the user <code>Decrypt</code>
  *       permission on all KMS keys. This user could decrypt ciphertext that was encrypted by KMS keys
  *       in other accounts if the key policy for the cross-account KMS key permits it. If you must use
  *       an IAM policy for <code>Decrypt</code> permissions, limit the user to particular KMS keys or
@@ -123,7 +123,7 @@ declare const DecryptCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -153,6 +153,7 @@ declare const DecryptCommand_base: {
  * //   Plaintext: new Uint8Array(),
  * //   EncryptionAlgorithm: "SYMMETRIC_DEFAULT" || "RSAES_OAEP_SHA_1" || "RSAES_OAEP_SHA_256" || "SM2PKE",
  * //   CiphertextForRecipient: new Uint8Array(),
+ * //   KeyMaterialId: "STRING_VALUE",
  * // };
  *
  * ```
@@ -207,8 +208,8 @@ declare const DecryptCommand_base: {
  *       messages, the <code>KeyUsage</code> must be <code>SIGN_VERIFY</code>. For generating and
  *       verifying message authentication codes (MACs), the <code>KeyUsage</code> must be
  *         <code>GENERATE_VERIFY_MAC</code>. For deriving key agreement secrets, the
- *       <code>KeyUsage</code> must be <code>KEY_AGREEMENT</code>. To find the <code>KeyUsage</code> of a KMS key, use the
- *         <a>DescribeKey</a> operation.</p>
+ *         <code>KeyUsage</code> must be <code>KEY_AGREEMENT</code>. To find the <code>KeyUsage</code>
+ *       of a KMS key, use the <a>DescribeKey</a> operation.</p>
  *          <p>To find the encryption or signing algorithms supported for a particular KMS key, use the
  *         <a>DescribeKey</a> operation.</p>
  *
@@ -248,38 +249,38 @@ declare const DecryptCommand_base: {
  * <p>Base exception class for all service exceptions from KMS service.</p>
  *
  *
- * @example To decrypt data with a symmetric encryption KMS key
+ * @example To decrypt data with an asymmetric encryption KMS key
  * ```javascript
- * // The following example decrypts data that was encrypted with a symmetric encryption KMS key. The KeyId is not required when decrypting with a symmetric encryption key, but it is a best practice.
+ * // The following example decrypts data that was encrypted with an asymmetric encryption KMS key. When the KMS encryption key is asymmetric, you must specify the KMS key ID and the encryption algorithm that was used to encrypt the data.
  * const input = {
  *   CiphertextBlob: "<binary data>",
- *   KeyId: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
+ *   EncryptionAlgorithm: "RSAES_OAEP_SHA_256",
+ *   KeyId: "0987dcba-09fe-87dc-65ba-ab0987654321"
  * };
  * const command = new DecryptCommand(input);
  * const response = await client.send(command);
  * /* response is
  * {
- *   EncryptionAlgorithm: "SYMMETRIC_DEFAULT",
- *   KeyId: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ *   EncryptionAlgorithm: "RSAES_OAEP_SHA_256",
+ *   KeyId: "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321",
  *   Plaintext: "<binary data>"
  * }
  * *\/
  * ```
  *
- * @example To decrypt data with an asymmetric encryption KMS key
+ * @example To decrypt data with a symmetric encryption KMS key
  * ```javascript
- * // The following example decrypts data that was encrypted with an asymmetric encryption KMS key. When the KMS encryption key is asymmetric, you must specify the KMS key ID and the encryption algorithm that was used to encrypt the data.
+ * // The following example decrypts data that was encrypted with a symmetric encryption KMS key. The KeyId is not required when decrypting with a symmetric encryption key, but it is a best practice.
  * const input = {
  *   CiphertextBlob: "<binary data>",
- *   EncryptionAlgorithm: "RSAES_OAEP_SHA_256",
- *   KeyId: "0987dcba-09fe-87dc-65ba-ab0987654321"
+ *   KeyId: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
  * };
  * const command = new DecryptCommand(input);
  * const response = await client.send(command);
  * /* response is
  * {
- *   EncryptionAlgorithm: "RSAES_OAEP_SHA_256",
- *   KeyId: "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321",
+ *   EncryptionAlgorithm: "SYMMETRIC_DEFAULT",
+ *   KeyId: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
  *   Plaintext: "<binary data>"
  * }
  * *\/

package/dist-types/commands/DeleteAliasCommand.d.ts CHANGED Viewed

@@ -77,7 +77,7 @@ declare const DeleteAliasCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/DeleteCustomKeyStoreCommand.d.ts CHANGED Viewed

@@ -27,16 +27,16 @@ declare const DeleteCustomKeyStoreCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Deletes a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>. This operation does not affect any backing elements of the
+ * <p>Deletes a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html">custom key store</a>. This operation does not affect any backing elements of the
  *       custom key store. It does not delete the CloudHSM cluster that is associated with an CloudHSM key
  *       store, or affect any users or keys in the cluster. For an external key store, it does not
  *       affect the external key store proxy, external key manager, or any external keys.</p>
- *          <p> This operation is part of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key stores</a> feature in KMS, which
+ *          <p> This operation is part of the custom key stores feature in KMS, which
  * combines the convenience and extensive integration of KMS with the isolation and control of a
  * key store that you own and manage.</p>
  *          <p>The custom key store that you delete cannot contain any <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys">KMS keys</a>. Before deleting the key store,
  *       verify that you will never need to use any of the KMS keys in the key store for any
- *       <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic operations</a>. Then, use <a>ScheduleKeyDeletion</a> to delete the KMS keys from the
+ *       <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-cryptography.html#cryptographic-operations">cryptographic operations</a>. Then, use <a>ScheduleKeyDeletion</a> to delete the KMS keys from the
  *       key store. After the required waiting period expires and all KMS keys are deleted from the
  *       custom key store, use <a>DisconnectCustomKeyStore</a> to disconnect the key store
  *       from KMS. Then, you can delete the custom key store.</p>
@@ -88,7 +88,7 @@ declare const DeleteCustomKeyStoreCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/DeleteImportedKeyMaterialCommand.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { Command as $Command } from "@smithy/smithy-client";
 import { MetadataBearer as __MetadataBearer } from "@smithy/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
-import { DeleteImportedKeyMaterialRequest } from "../models/models_0";
+import { DeleteImportedKeyMaterialRequest, DeleteImportedKeyMaterialResponse } from "../models/models_0";
 /**
  * @public
  */
@@ -19,7 +19,7 @@ export interface DeleteImportedKeyMaterialCommandInput extends DeleteImportedKey
  *
  * The output of {@link DeleteImportedKeyMaterialCommand}.
  */
-export interface DeleteImportedKeyMaterialCommandOutput extends __MetadataBearer {
+export interface DeleteImportedKeyMaterialCommandOutput extends DeleteImportedKeyMaterialResponse, __MetadataBearer {
 }
 declare const DeleteImportedKeyMaterialCommand_base: {
     new (input: DeleteImportedKeyMaterialCommandInput): import("@smithy/smithy-client").CommandImpl<DeleteImportedKeyMaterialCommandInput, DeleteImportedKeyMaterialCommandOutput, KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
@@ -51,13 +51,18 @@ declare const DeleteImportedKeyMaterialCommand_base: {
  *             </li>
  *             <li>
  *                <p>
+ *                   <a>ListKeyRotations</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
  *                   <a>ImportKeyMaterial</a>
  *                </p>
  *             </li>
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -66,10 +71,14 @@ declare const DeleteImportedKeyMaterialCommand_base: {
  * const client = new KMSClient(config);
  * const input = { // DeleteImportedKeyMaterialRequest
  *   KeyId: "STRING_VALUE", // required
+ *   KeyMaterialId: "STRING_VALUE",
  * };
  * const command = new DeleteImportedKeyMaterialCommand(input);
  * const response = await client.send(command);
- * // {};
+ * // { // DeleteImportedKeyMaterialResponse
+ * //   KeyId: "STRING_VALUE",
+ * //   KeyMaterialId: "STRING_VALUE",
+ * // };
  *
  * ```
  *
@@ -143,7 +152,7 @@ export declare class DeleteImportedKeyMaterialCommand extends DeleteImportedKeyM
     protected static __types: {
         api: {
             input: DeleteImportedKeyMaterialRequest;
-            output: {};
+            output: DeleteImportedKeyMaterialResponse;
         };
         sdk: {
             input: DeleteImportedKeyMaterialCommandInput;

package/dist-types/commands/DeriveSharedSecretCommand.d.ts CHANGED Viewed

@@ -29,58 +29,65 @@ declare const DeriveSharedSecretCommand_base: {
 /**
  * <p>Derives a shared secret using a key agreement algorithm.</p>
  *          <note>
- *             <p>You must use an asymmetric NIST-recommended elliptic curve (ECC) or SM2 (China Regions only)
- *         KMS key pair with a <code>KeyUsage</code> value of <code>KEY_AGREEMENT</code> to call DeriveSharedSecret.</p>
+ *             <p>You must use an asymmetric NIST-recommended elliptic curve (ECC) or SM2 (China Regions
+ *         only) KMS key pair with a <code>KeyUsage</code> value of <code>KEY_AGREEMENT</code> to call
+ *         DeriveSharedSecret.</p>
  *          </note>
- *          <p>DeriveSharedSecret uses the <a href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf#page=60">Elliptic Curve Cryptography Cofactor Diffie-Hellman Primitive</a> (ECDH) to
- *       establish a key agreement between two peers by deriving a shared secret from their elliptic curve
- *       public-private key pairs. You can use the raw shared secret that DeriveSharedSecret returns to derive
- *       a symmetric key that can encrypt and decrypt data that is sent between the two peers, or that can
- *       generate and verify HMACs. KMS recommends that you follow <a href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf">NIST recommendations for key derivation</a> when using the raw shared secret to derive a
+ *          <p>DeriveSharedSecret uses the <a href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf#page=60">Elliptic Curve Cryptography Cofactor Diffie-Hellman Primitive</a> (ECDH) to establish a
+ *       key agreement between two peers by deriving a shared secret from their elliptic curve
+ *       public-private key pairs. You can use the raw shared secret that DeriveSharedSecret returns to
+ *       derive a symmetric key that can encrypt and decrypt data that is sent between the two peers,
+ *       or that can generate and verify HMACs. KMS recommends that you follow <a href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf">NIST
+ *         recommendations for key derivation</a> when using the raw shared secret to derive a
  *       symmetric key.</p>
- *          <p>The following workflow demonstrates how to establish key agreement over an insecure communication
- *       channel using DeriveSharedSecret.</p>
+ *          <p>The following workflow demonstrates how to establish key agreement over an insecure
+ *       communication channel using DeriveSharedSecret.</p>
  *          <ol>
  *             <li>
  *                <p>
- *                   <b>Alice</b> calls <a>CreateKey</a> to create an asymmetric
- *          KMS key pair with a <code>KeyUsage</code> value of <code>KEY_AGREEMENT</code>.</p>
- *                <p>The asymmetric KMS key must use a NIST-recommended elliptic curve (ECC) or SM2 (China Regions only) key spec.</p>
+ *                   <b>Alice</b> calls <a>CreateKey</a> to create an
+ *           asymmetric KMS key pair with a <code>KeyUsage</code> value of
+ *           <code>KEY_AGREEMENT</code>.</p>
+ *                <p>The asymmetric KMS key must use a NIST-recommended elliptic curve (ECC) or SM2 (China
+ *           Regions only) key spec.</p>
  *             </li>
  *             <li>
  *                <p>
  *                   <b>Bob</b> creates an elliptic curve key pair.</p>
- *                <p>Bob can call <a>CreateKey</a> to create an asymmetric KMS key
- *          pair or generate a key pair outside of KMS. Bob's key pair must use the same NIST-recommended elliptic curve (ECC)
- *          or SM2 (China Regions ony) curve as Alice.</p>
+ *                <p>Bob can call <a>CreateKey</a> to create an asymmetric KMS key pair or
+ *           generate a key pair outside of KMS. Bob's key pair must use the same NIST-recommended
+ *           elliptic curve (ECC) or SM2 (China Regions ony) curve as Alice.</p>
  *             </li>
  *             <li>
- *                <p>Alice and Bob <b>exchange their public keys</b>
- *          through an insecure communication channel (like the internet).</p>
- *                <p>Use <a>GetPublicKey</a> to download the public key of your asymmetric KMS key pair.</p>
+ *                <p>Alice and Bob <b>exchange their public keys</b> through an
+ *           insecure communication channel (like the internet).</p>
+ *                <p>Use <a>GetPublicKey</a> to download the public key of your asymmetric KMS
+ *           key pair.</p>
  *                <note>
- *                   <p>KMS strongly recommends verifying that the public key you receive came from the expected
- *            party before using it to derive a shared secret.</p>
+ *                   <p>KMS strongly recommends verifying that the public key you receive came from the
+ *             expected party before using it to derive a shared secret.</p>
  *                </note>
  *             </li>
  *             <li>
  *                <p>
  *                   <b>Alice</b> calls DeriveSharedSecret.</p>
- *                <p>KMS uses the private key from the KMS key pair generated in <b>Step 1</b>,
- *          Bob's public key, and the Elliptic Curve Cryptography Cofactor Diffie-Hellman Primitive to derive the
- *          shared secret. The private key in your KMS key pair never leaves KMS unencrypted. DeriveSharedSecret
- *          returns the raw shared secret.</p>
+ *                <p>KMS uses the private key from the KMS key pair generated in <b>Step 1</b>, Bob's public key, and the Elliptic Curve Cryptography Cofactor
+ *           Diffie-Hellman Primitive to derive the shared secret. The private key in your KMS key pair
+ *           never leaves KMS unencrypted. DeriveSharedSecret returns the raw shared secret.</p>
  *             </li>
  *             <li>
  *                <p>
- *                   <b>Bob</b> uses the Elliptic Curve Cryptography Cofactor Diffie-Hellman
- *          Primitive to calculate the same raw secret using his private key and Alice's public key.</p>
+ *                   <b>Bob</b> uses the Elliptic Curve Cryptography Cofactor
+ *           Diffie-Hellman Primitive to calculate the same raw secret using his private key and
+ *           Alice's public key.</p>
  *             </li>
  *          </ol>
- *          <p>To derive a shared secret you must provide a key agreement algorithm, the private key of the caller's asymmetric NIST-recommended
- *       elliptic curve or SM2 (China Regions only) KMS key pair, and the public key from your peer's NIST-recommended elliptic curve
- *       or SM2 (China Regions only) key pair. The public key can be from another asymmetric KMS key pair or from a key pair generated outside
- *       of KMS, but both key pairs must be on the same elliptic curve.</p>
+ *          <p>To derive a shared secret you must provide a key agreement algorithm, the private key of
+ *       the caller's asymmetric NIST-recommended elliptic curve or SM2 (China Regions only) KMS key
+ *       pair, and the public key from your peer's NIST-recommended elliptic curve or SM2 (China
+ *       Regions only) key pair. The public key can be from another asymmetric KMS key pair or from a
+ *       key pair generated outside of KMS, but both key pairs must be on the same elliptic
+ *       curve.</p>
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
@@ -110,7 +117,7 @@ declare const DeriveSharedSecretCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -178,8 +185,8 @@ declare const DeriveSharedSecretCommand_base: {
  *       messages, the <code>KeyUsage</code> must be <code>SIGN_VERIFY</code>. For generating and
  *       verifying message authentication codes (MACs), the <code>KeyUsage</code> must be
  *         <code>GENERATE_VERIFY_MAC</code>. For deriving key agreement secrets, the
- *       <code>KeyUsage</code> must be <code>KEY_AGREEMENT</code>. To find the <code>KeyUsage</code> of a KMS key, use the
- *         <a>DescribeKey</a> operation.</p>
+ *         <code>KeyUsage</code> must be <code>KEY_AGREEMENT</code>. To find the <code>KeyUsage</code>
+ *       of a KMS key, use the <a>DescribeKey</a> operation.</p>
  *          <p>To find the encryption or signing algorithms supported for a particular KMS key, use the
  *         <a>DescribeKey</a> operation.</p>
  *

package/dist-types/commands/DescribeCustomKeyStoresCommand.d.ts CHANGED Viewed

@@ -27,8 +27,8 @@ declare const DescribeCustomKeyStoresCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Gets information about <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key stores</a> in the account and Region.</p>
- *          <p> This operation is part of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key stores</a> feature in KMS, which
+ * <p>Gets information about <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html">custom key stores</a> in the account and Region.</p>
+ *          <p> This operation is part of the custom key stores feature in KMS, which
  * combines the convenience and extensive integration of KMS with the isolation and control of a
  * key store that you own and manage.</p>
  *          <p>By default, this operation returns information about all custom key stores in the account
@@ -88,7 +88,7 @@ declare const DescribeCustomKeyStoresCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/DescribeKeyCommand.d.ts CHANGED Viewed

@@ -48,8 +48,8 @@ declare const DescribeKeyCommand_base: {
  *             <li>
  *                <p>Whether automatic key rotation is enabled on the KMS key. To get this information, use
  *             <a>GetKeyRotationStatus</a>. Also, some key states prevent a KMS key from
- *           being automatically rotated. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-how-it-works">How Automatic Key Rotation
- *             Works</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ *           being automatically rotated. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-how-it-works">How key rotation
+ *             works</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *             </li>
  *             <li>
  *                <p>Tags on the KMS key. To get this information, use <a>ListResourceTags</a>.</p>
@@ -110,7 +110,7 @@ declare const DescribeKeyCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -174,6 +174,7 @@ declare const DescribeKeyCommand_base: {
  * //     XksKeyConfiguration: { // XksKeyConfigurationType
  * //       Id: "STRING_VALUE",
  * //     },
+ * //     CurrentKeyMaterialId: "STRING_VALUE",
  * //   },
  * // };
  *
@@ -205,38 +206,71 @@ declare const DescribeKeyCommand_base: {
  * <p>Base exception class for all service exceptions from KMS service.</p>
  *
  *
- * @example To get details about an RSA asymmetric KMS key
+ * @example To get details about a KMS key in an AWS CloudHSM key store
  * ```javascript
- * // The following example gets metadata for an asymmetric RSA KMS key used for signing and verification.
+ * // The following example gets the metadata of a KMS key in an AWS CloudHSM key store.
  * const input = {
- *   KeyId: "1234abcd-12ab-34cd-56ef-1234567890ab"
+ *   KeyId: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
  * };
  * const command = new DescribeKeyCommand(input);
  * const response = await client.send(command);
  * /* response is
  * {
  *   KeyMetadata: {
- *     AWSAccountId: "111122223333",
- *     Arn: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
- *     CreationDate: 1.571767572317E9,
- *     CustomerMasterKeySpec: "RSA_2048",
- *     Description: "",
- *     Enabled: false,
+ *     AWSAccountId: "123456789012",
+ *     Arn: "arn:aws:kms:us-west-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     CloudHsmClusterId: "cluster-234abcdefABC",
+ *     CreationDate: 1.646160362664E9,
+ *     CustomKeyStoreId: "cks-1234567890abcdef0",
+ *     CustomerMasterKeySpec: "SYMMETRIC_DEFAULT",
+ *     Description: "CloudHSM key store test key",
+ *     Enabled: true,
+ *     EncryptionAlgorithms: [
+ *       "SYMMETRIC_DEFAULT"
+ *     ],
  *     KeyId: "1234abcd-12ab-34cd-56ef-1234567890ab",
  *     KeyManager: "CUSTOMER",
- *     KeySpec: "RSA_2048",
- *     KeyState: "Disabled",
- *     KeyUsage: "SIGN_VERIFY",
+ *     KeySpec: "SYMMETRIC_DEFAULT",
+ *     KeyState: "Enabled",
+ *     KeyUsage: "ENCRYPT_DECRYPT",
  *     MultiRegion: false,
- *     Origin: "AWS_KMS",
- *     SigningAlgorithms: [
- *       "RSASSA_PKCS1_V1_5_SHA_256",
- *       "RSASSA_PKCS1_V1_5_SHA_384",
- *       "RSASSA_PKCS1_V1_5_SHA_512",
- *       "RSASSA_PSS_SHA_256",
- *       "RSASSA_PSS_SHA_384",
- *       "RSASSA_PSS_SHA_512"
- *     ]
+ *     Origin: "AWS_CLOUDHSM"
+ *   }
+ * }
+ * *\/
+ * ```
+ *
+ * @example To get details about a KMS key in an external key store
+ * ```javascript
+ * // The following example gets the metadata of a KMS key in an external key store.
+ * const input = {
+ *   KeyId: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
+ * };
+ * const command = new DescribeKeyCommand(input);
+ * const response = await client.send(command);
+ * /* response is
+ * {
+ *   KeyMetadata: {
+ *     AWSAccountId: "123456789012",
+ *     Arn: "arn:aws:kms:us-west-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     CreationDate: 1.646160362664E9,
+ *     CustomKeyStoreId: "cks-1234567890abcdef0",
+ *     CustomerMasterKeySpec: "SYMMETRIC_DEFAULT",
+ *     Description: "External key store test key",
+ *     Enabled: true,
+ *     EncryptionAlgorithms: [
+ *       "SYMMETRIC_DEFAULT"
+ *     ],
+ *     KeyId: "1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     KeyManager: "CUSTOMER",
+ *     KeySpec: "SYMMETRIC_DEFAULT",
+ *     KeyState: "Enabled",
+ *     KeyUsage: "ENCRYPT_DECRYPT",
+ *     MultiRegion: false,
+ *     Origin: "EXTERNAL_KEY_STORE",
+ *     XksKeyConfiguration: {
+ *       Id: "bb8562717f809024"
+ *     }
  *   }
  * }
  * *\/
@@ -325,71 +359,38 @@ declare const DescribeKeyCommand_base: {
  * *\/
  * ```
  *
- * @example To get details about a KMS key in an AWS CloudHSM key store
- * ```javascript
- * // The following example gets the metadata of a KMS key in an AWS CloudHSM key store.
- * const input = {
- *   KeyId: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
- * };
- * const command = new DescribeKeyCommand(input);
- * const response = await client.send(command);
- * /* response is
- * {
- *   KeyMetadata: {
- *     AWSAccountId: "123456789012",
- *     Arn: "arn:aws:kms:us-west-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab",
- *     CloudHsmClusterId: "cluster-234abcdefABC",
- *     CreationDate: 1.646160362664E9,
- *     CustomKeyStoreId: "cks-1234567890abcdef0",
- *     CustomerMasterKeySpec: "SYMMETRIC_DEFAULT",
- *     Description: "CloudHSM key store test key",
- *     Enabled: true,
- *     EncryptionAlgorithms: [
- *       "SYMMETRIC_DEFAULT"
- *     ],
- *     KeyId: "1234abcd-12ab-34cd-56ef-1234567890ab",
- *     KeyManager: "CUSTOMER",
- *     KeySpec: "SYMMETRIC_DEFAULT",
- *     KeyState: "Enabled",
- *     KeyUsage: "ENCRYPT_DECRYPT",
- *     MultiRegion: false,
- *     Origin: "AWS_CLOUDHSM"
- *   }
- * }
- * *\/
- * ```
- *
- * @example To get details about a KMS key in an external key store
+ * @example To get details about an RSA asymmetric KMS key
  * ```javascript
- * // The following example gets the metadata of a KMS key in an external key store.
+ * // The following example gets metadata for an asymmetric RSA KMS key used for signing and verification.
  * const input = {
- *   KeyId: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
+ *   KeyId: "1234abcd-12ab-34cd-56ef-1234567890ab"
  * };
  * const command = new DescribeKeyCommand(input);
  * const response = await client.send(command);
  * /* response is
  * {
  *   KeyMetadata: {
- *     AWSAccountId: "123456789012",
- *     Arn: "arn:aws:kms:us-west-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab",
- *     CreationDate: 1.646160362664E9,
- *     CustomKeyStoreId: "cks-1234567890abcdef0",
- *     CustomerMasterKeySpec: "SYMMETRIC_DEFAULT",
- *     Description: "External key store test key",
- *     Enabled: true,
- *     EncryptionAlgorithms: [
- *       "SYMMETRIC_DEFAULT"
- *     ],
+ *     AWSAccountId: "111122223333",
+ *     Arn: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     CreationDate: 1.571767572317E9,
+ *     CustomerMasterKeySpec: "RSA_2048",
+ *     Description: "",
+ *     Enabled: false,
  *     KeyId: "1234abcd-12ab-34cd-56ef-1234567890ab",
  *     KeyManager: "CUSTOMER",
- *     KeySpec: "SYMMETRIC_DEFAULT",
- *     KeyState: "Enabled",
- *     KeyUsage: "ENCRYPT_DECRYPT",
+ *     KeySpec: "RSA_2048",
+ *     KeyState: "Disabled",
+ *     KeyUsage: "SIGN_VERIFY",
  *     MultiRegion: false,
- *     Origin: "EXTERNAL_KEY_STORE",
- *     XksKeyConfiguration: {
- *       Id: "bb8562717f809024"
- *     }
+ *     Origin: "AWS_KMS",
+ *     SigningAlgorithms: [
+ *       "RSASSA_PKCS1_V1_5_SHA_256",
+ *       "RSASSA_PKCS1_V1_5_SHA_384",
+ *       "RSASSA_PKCS1_V1_5_SHA_512",
+ *       "RSASSA_PSS_SHA_256",
+ *       "RSASSA_PSS_SHA_384",
+ *       "RSASSA_PSS_SHA_512"
+ *     ]
  *   }
  * }
  * *\/

package/dist-types/commands/DisableKeyCommand.d.ts CHANGED Viewed

@@ -28,13 +28,12 @@ declare const DisableKeyCommand_base: {
 };
 /**
  * <p>Sets the state of a KMS key to disabled. This change temporarily prevents use of the KMS
- *       key for <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic operations</a>. </p>
- *          <p>For more information about how key state affects the use of a KMS key, see
- *       <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>
+ *       key for <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-cryptography.html#cryptographic-operations">cryptographic operations</a>. </p>
+ *          <p>The KMS key that you use for this operation must be in a compatible key state. For more
+ *       information about how key state affects the use of a KMS key, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the
+ *         <i>
  *                <i>Key Management Service Developer Guide</i>
  *             </i>.</p>
- *          <p>The KMS key that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
  *          <p>
@@ -44,7 +43,7 @@ declare const DisableKeyCommand_base: {
  *          </p>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/DisableKeyRotationCommand.d.ts CHANGED Viewed

@@ -27,10 +27,10 @@ declare const DisableKeyRotationCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Disables <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html">automatic
- *         rotation of the key material</a> of the specified symmetric encryption KMS key.</p>
+ * <p>Disables <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotating-keys-enable-disable.html">automatic rotation of the key material</a> of the specified symmetric encryption KMS
+ *       key.</p>
  *          <p>Automatic key rotation is supported only on symmetric encryption KMS keys.
- *       You cannot enable automatic rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">asymmetric KMS keys</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html">HMAC KMS keys</a>, KMS keys with <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">imported key material</a>, or KMS keys in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>. To enable or disable automatic rotation of a set of related <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate">multi-Region keys</a>, set the property on the primary key.</p>
+ *       You cannot enable automatic rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">asymmetric KMS keys</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html">HMAC KMS keys</a>, KMS keys with <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">imported key material</a>, or KMS keys in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html">custom key store</a>. To enable or disable automatic rotation of a set of related <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#multi-region-rotate">multi-Region keys</a>, set the property on the primary key.</p>
  *          <p>You can enable (<a>EnableKeyRotation</a>) and disable automatic rotation of the
  *       key material in <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed KMS keys</a>. Key material rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk">Amazon Web Services managed KMS keys</a> is not
  *       configurable. KMS always rotates the key material for every year. Rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk">Amazon Web Services owned KMS
@@ -72,7 +72,7 @@ declare const DisableKeyRotationCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript