npm - @aws-sdk/client-payment-cryptography - Versions diffs - 3.883.0 → 3.886.0 - Mend

@aws-sdk/client-payment-cryptography 3.883.0 → 3.886.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (55) hide show

package/dist-types/models/models_0.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
 import { PaymentCryptographyServiceException as __BaseException } from "./PaymentCryptographyServiceException";
 /**
- * <p>You do not have sufficient access to perform this action.</p>
+ * <p>You do not have sufficient access to perform this action.</p> <p>This exception is thrown when the caller lacks the necessary IAM permissions to perform the requested operation. Verify that your IAM policy includes the required permissions for the specific Amazon Web Services Payment Cryptography action you're attempting.</p>
  * @public
  */
 export declare class AccessDeniedException extends __BaseException {
@@ -14,235 +14,20 @@ export declare class AccessDeniedException extends __BaseException {
     constructor(opts: __ExceptionOptionType<AccessDeniedException, __BaseException>);
 }
 /**
- * <p>Contains information about an alias.</p>
- * @public
- */
-export interface Alias {
-    /**
-     * <p>A friendly name that you can use to refer to a key. The value must begin with <code>alias/</code>.</p> <important> <p>Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p> </important>
-     * @public
-     */
-    AliasName: string | undefined;
-    /**
-     * <p>The <code>KeyARN</code> of the key associated with the alias.</p>
-     * @public
-     */
-    KeyArn?: string | undefined;
-}
-/**
- * <p>This request can cause an inconsistent state for the resource.</p>
- * @public
- */
-export declare class ConflictException extends __BaseException {
-    readonly name: "ConflictException";
-    readonly $fault: "client";
-    Message?: string | undefined;
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<ConflictException, __BaseException>);
-}
-/**
- * @public
- */
-export interface CreateAliasInput {
-    /**
-     * <p>A friendly name that you can use to refer to a key. An alias must begin with <code>alias/</code> followed by a name, for example <code>alias/ExampleAlias</code>. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-).</p> <important> <p>Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p> </important>
-     * @public
-     */
-    AliasName: string | undefined;
-    /**
-     * <p>The <code>KeyARN</code> of the key to associate with the alias.</p>
-     * @public
-     */
-    KeyArn?: string | undefined;
-}
-/**
- * @public
- */
-export interface CreateAliasOutput {
-    /**
-     * <p>The alias for the key.</p>
-     * @public
-     */
-    Alias: Alias | undefined;
-}
-/**
- * <p>The request processing has failed because of an unknown error, exception, or failure.</p>
- * @public
- */
-export declare class InternalServerException extends __BaseException {
-    readonly name: "InternalServerException";
-    readonly $fault: "server";
-    Message?: string | undefined;
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<InternalServerException, __BaseException>);
-}
-/**
- * <p>The request was denied due to an invalid resource error.</p>
- * @public
- */
-export declare class ResourceNotFoundException extends __BaseException {
-    readonly name: "ResourceNotFoundException";
-    readonly $fault: "client";
-    /**
-     * <p>The string for the exception.</p>
-     * @public
-     */
-    ResourceId?: string | undefined;
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<ResourceNotFoundException, __BaseException>);
-}
-/**
- * <p>This request would cause a service quota to be exceeded.</p>
- * @public
- */
-export declare class ServiceQuotaExceededException extends __BaseException {
-    readonly name: "ServiceQuotaExceededException";
-    readonly $fault: "client";
-    Message?: string | undefined;
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<ServiceQuotaExceededException, __BaseException>);
-}
-/**
- * <p>The service cannot complete the request.</p>
- * @public
- */
-export declare class ServiceUnavailableException extends __BaseException {
-    readonly name: "ServiceUnavailableException";
-    readonly $fault: "server";
-    Message?: string | undefined;
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<ServiceUnavailableException, __BaseException>);
-}
-/**
- * <p>The request was denied due to request throttling.</p>
- * @public
- */
-export declare class ThrottlingException extends __BaseException {
-    readonly name: "ThrottlingException";
-    readonly $fault: "client";
-    Message?: string | undefined;
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<ThrottlingException, __BaseException>);
-}
-/**
- * <p>The request was denied due to an invalid request error.</p>
- * @public
- */
-export declare class ValidationException extends __BaseException {
-    readonly name: "ValidationException";
-    readonly $fault: "client";
-    Message?: string | undefined;
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<ValidationException, __BaseException>);
-}
-/**
+ * <p>Input parameters for adding replication regions to a specific key.</p>
  * @public
  */
-export interface DeleteAliasInput {
-    /**
-     * <p>A friendly name that you can use to refer Amazon Web Services Payment Cryptography key. This value must begin with <code>alias/</code> followed by a name, such as <code>alias/ExampleAlias</code>.</p>
-     * @public
-     */
-    AliasName: string | undefined;
-}
-/**
- * @public
- */
-export interface DeleteAliasOutput {
-}
-/**
- * @public
- */
-export interface GetAliasInput {
-    /**
-     * <p>The alias of the Amazon Web Services Payment Cryptography key.</p>
-     * @public
-     */
-    AliasName: string | undefined;
-}
-/**
- * @public
- */
-export interface GetAliasOutput {
-    /**
-     * <p>The alias of the Amazon Web Services Payment Cryptography key.</p>
-     * @public
-     */
-    Alias: Alias | undefined;
-}
-/**
- * @public
- */
-export interface ListAliasesInput {
-    /**
-     * <p>The <code>keyARN</code> for which you want to list all aliases.</p>
-     * @public
-     */
-    KeyArn?: string | undefined;
-    /**
-     * <p>Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of <code>NextToken</code> from the truncated response you just received.</p>
-     * @public
-     */
-    NextToken?: string | undefined;
-    /**
-     * <p>Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer.</p> <p>This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.</p>
-     * @public
-     */
-    MaxResults?: number | undefined;
-}
-/**
- * @public
- */
-export interface ListAliasesOutput {
-    /**
-     * <p>The list of aliases. Each alias describes the <code>KeyArn</code> contained within.</p>
-     * @public
-     */
-    Aliases: Alias[] | undefined;
-    /**
-     * <p>The token for the next set of results, or an empty or null value if there are no more results.</p>
-     * @public
-     */
-    NextToken?: string | undefined;
-}
-/**
- * @public
- */
-export interface UpdateAliasInput {
-    /**
-     * <p>The alias whose associated key is changing.</p>
-     * @public
-     */
-    AliasName: string | undefined;
+export interface AddKeyReplicationRegionsInput {
     /**
-     * <p>The <code>KeyARN</code> for the key that you are updating or removing from the alias.</p>
+     * <p>The key identifier (ARN or alias) of the key for which to add replication regions.</p> <p>This key must exist and be in a valid state for replication operations.</p>
      * @public
      */
-    KeyArn?: string | undefined;
-}
-/**
- * @public
- */
-export interface UpdateAliasOutput {
+    KeyIdentifier: string | undefined;
     /**
-     * <p>The alias name.</p>
+     * <p>The list of Amazon Web Services Regions to add to the key's replication configuration.</p> <p>Each region must be a valid Amazon Web Services Region where Amazon Web Services Payment Cryptography is available. The key will be replicated to these regions, allowing cryptographic operations to be performed closer to your applications.</p>
      * @public
      */
-    Alias: Alias | undefined;
+    ReplicationRegions: string[] | undefined;
 }
 /**
  * @public
@@ -395,46 +180,453 @@ export declare const KeyUsage: {
 /**
  * @public
  */
-export type KeyUsage = (typeof KeyUsage)[keyof typeof KeyUsage];
+export type KeyUsage = (typeof KeyUsage)[keyof typeof KeyUsage];
+/**
+ * <p>The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.</p>
+ * @public
+ */
+export interface KeyAttributes {
+    /**
+     * <p>The cryptographic usage of an Amazon Web Services Payment Cryptography key as deﬁned in section A.5.2 of the TR-31 spec.</p>
+     * @public
+     */
+    KeyUsage: KeyUsage | undefined;
+    /**
+     * <p>The type of Amazon Web Services Payment Cryptography key to create, which determines the classiﬁcation of the cryptographic method and whether Amazon Web Services Payment Cryptography key contains a symmetric key or an asymmetric key pair.</p>
+     * @public
+     */
+    KeyClass: KeyClass | undefined;
+    /**
+     * <p>The key algorithm to be use during creation of an Amazon Web Services Payment Cryptography key.</p> <p>For symmetric keys, Amazon Web Services Payment Cryptography supports <code>AES</code> and <code>TDES</code> algorithms. For asymmetric keys, Amazon Web Services Payment Cryptography supports <code>RSA</code> and <code>ECC_NIST</code> algorithms.</p>
+     * @public
+     */
+    KeyAlgorithm: KeyAlgorithm | undefined;
+    /**
+     * <p>The list of cryptographic operations that you can perform using the key.</p>
+     * @public
+     */
+    KeyModesOfUse: KeyModesOfUse | undefined;
+}
+/**
+ * @public
+ * @enum
+ */
+export declare const KeyCheckValueAlgorithm: {
+    readonly ANSI_X9_24: "ANSI_X9_24";
+    readonly CMAC: "CMAC";
+    readonly HMAC: "HMAC";
+    readonly SHA_1: "SHA_1";
+};
+/**
+ * @public
+ */
+export type KeyCheckValueAlgorithm = (typeof KeyCheckValueAlgorithm)[keyof typeof KeyCheckValueAlgorithm];
+/**
+ * @public
+ * @enum
+ */
+export declare const KeyOrigin: {
+    readonly AWS_PAYMENT_CRYPTOGRAPHY: "AWS_PAYMENT_CRYPTOGRAPHY";
+    readonly EXTERNAL: "EXTERNAL";
+};
+/**
+ * @public
+ */
+export type KeyOrigin = (typeof KeyOrigin)[keyof typeof KeyOrigin];
+/**
+ * @public
+ * @enum
+ */
+export declare const KeyState: {
+    readonly CREATE_COMPLETE: "CREATE_COMPLETE";
+    readonly CREATE_IN_PROGRESS: "CREATE_IN_PROGRESS";
+    readonly DELETE_COMPLETE: "DELETE_COMPLETE";
+    readonly DELETE_PENDING: "DELETE_PENDING";
+};
+/**
+ * @public
+ */
+export type KeyState = (typeof KeyState)[keyof typeof KeyState];
+/**
+ * @public
+ * @enum
+ */
+export declare const MultiRegionKeyType: {
+    readonly PRIMARY: "PRIMARY";
+    readonly REPLICA: "REPLICA";
+};
+/**
+ * @public
+ */
+export type MultiRegionKeyType = (typeof MultiRegionKeyType)[keyof typeof MultiRegionKeyType];
+/**
+ * @public
+ * @enum
+ */
+export declare const KeyReplicationState: {
+    readonly DELETE_IN_PROGRESS: "DELETE_IN_PROGRESS";
+    readonly FAILED: "FAILED";
+    readonly IN_PROGRESS: "IN_PROGRESS";
+    readonly SYNCHRONIZED: "SYNCHRONIZED";
+};
+/**
+ * @public
+ */
+export type KeyReplicationState = (typeof KeyReplicationState)[keyof typeof KeyReplicationState];
+/**
+ * <p>Represents the replication status information for a key in a replication region.</p> <p>This structure contains details about the current state of key replication, including any status messages and operational information about the replication process.</p>
+ * @public
+ */
+export interface ReplicationStatusType {
+    /**
+     * Defines the replication state of a key
+     * @public
+     */
+    Status: KeyReplicationState | undefined;
+    /**
+     * <p>A message that provides additional information about the current replication status of the key.</p> <p>This field contains details about any issues or progress updates related to key replication operations. It may include information about replication failures, synchronization status, or other operational details.</p>
+     * @public
+     */
+    StatusMessage?: string | undefined;
+}
+/**
+ * <p>Metadata about an Amazon Web Services Payment Cryptography key.</p>
+ * @public
+ */
+export interface Key {
+    /**
+     * <p>The Amazon Resource Name (ARN) of the key.</p>
+     * @public
+     */
+    KeyArn: string | undefined;
+    /**
+     * <p>The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.</p>
+     * @public
+     */
+    KeyAttributes: KeyAttributes | undefined;
+    /**
+     * <p>The key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.</p>
+     * @public
+     */
+    KeyCheckValue: string | undefined;
+    /**
+     * <p>The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.</p> <p>For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.</p>
+     * @public
+     */
+    KeyCheckValueAlgorithm: KeyCheckValueAlgorithm | undefined;
+    /**
+     * <p>Specifies whether the key is enabled. </p>
+     * @public
+     */
+    Enabled: boolean | undefined;
+    /**
+     * <p>Specifies whether the key is exportable. This data is immutable after the key is created.</p>
+     * @public
+     */
+    Exportable: boolean | undefined;
+    /**
+     * <p>The state of key that is being created or deleted.</p>
+     * @public
+     */
+    KeyState: KeyState | undefined;
+    /**
+     * <p>The source of the key material. For keys created within Amazon Web Services Payment Cryptography, the value is <code>AWS_PAYMENT_CRYPTOGRAPHY</code>. For keys imported into Amazon Web Services Payment Cryptography, the value is <code>EXTERNAL</code>.</p>
+     * @public
+     */
+    KeyOrigin: KeyOrigin | undefined;
+    /**
+     * <p>The date and time when the key was created.</p>
+     * @public
+     */
+    CreateTimestamp: Date | undefined;
+    /**
+     * <p>The date and time after which Amazon Web Services Payment Cryptography will start using the key material for cryptographic operations.</p>
+     * @public
+     */
+    UsageStartTimestamp?: Date | undefined;
+    /**
+     * <p>The date and time after which Amazon Web Services Payment Cryptography will stop using the key material for cryptographic operations.</p>
+     * @public
+     */
+    UsageStopTimestamp?: Date | undefined;
+    /**
+     * <p>The date and time after which Amazon Web Services Payment Cryptography will delete the key. This value is present only when <code>KeyState</code> is <code>DELETE_PENDING</code> and the key is scheduled for deletion.</p>
+     * @public
+     */
+    DeletePendingTimestamp?: Date | undefined;
+    /**
+     * <p>The date and time after which Amazon Web Services Payment Cryptography will delete the key. This value is present only when when the <code>KeyState</code> is <code>DELETE_COMPLETE</code> and the Amazon Web Services Payment Cryptography key is deleted.</p>
+     * @public
+     */
+    DeleteTimestamp?: Date | undefined;
+    /**
+     * <p>The cryptographic usage of an ECDH derived key as deﬁned in section A.5.2 of the TR-31 spec.</p>
+     * @public
+     */
+    DeriveKeyUsage?: DeriveKeyUsage | undefined;
+    /**
+     * <p>Indicates whether this key is a multi-region key and its role in the multi-region key hierarchy.</p> <p>Multi-region keys allow the same key material to be used across multiple Amazon Web Services Regions. This field specifies whether the key is a primary key (which can be replicated to other regions) or a replica key (which is a copy of a primary key in another region).</p>
+     * @public
+     */
+    MultiRegionKeyType?: MultiRegionKeyType | undefined;
+    /**
+     * <p>An Amazon Web Services Region identifier in the standard format (e.g., <code>us-east-1</code>, <code>eu-west-1</code>).</p> <p>Used to specify regions for key replication operations. The region must be a valid Amazon Web Services Region where Amazon Web Services Payment Cryptography is available.</p>
+     * @public
+     */
+    PrimaryRegion?: string | undefined;
+    /**
+     * <p>Information about the replication status of the key across different regions.</p> <p>This field provides details about the current state of key replication, including any status messages or operational information. It helps track the progress and health of key replication operations.</p>
+     * @public
+     */
+    ReplicationStatus?: Record<string, ReplicationStatusType> | undefined;
+    /**
+     * <p>Indicates whether this key is using the account's default replication regions configuration.</p> <p>When set to <code>true</code>, the key automatically replicates to the regions specified in the account's default replication settings. When set to <code>false</code>, the key has a custom replication configuration that overrides the account defaults.</p>
+     * @public
+     */
+    UsingDefaultReplicationRegions?: boolean | undefined;
+}
+/**
+ * <p>Output from adding replication regions to a key.</p>
+ * @public
+ */
+export interface AddKeyReplicationRegionsOutput {
+    /**
+     * <p>The updated key metadata after adding the replication regions.</p> <p>This includes the current state of the key and its replication configuration.</p>
+     * @public
+     */
+    Key: Key | undefined;
+}
+/**
+ * <p>This request can cause an inconsistent state for the resource.</p> <p>The requested operation conflicts with the current state of the resource. For example, attempting to delete a key that is currently being used, or trying to create a resource that already exists.</p>
+ * @public
+ */
+export declare class ConflictException extends __BaseException {
+    readonly name: "ConflictException";
+    readonly $fault: "client";
+    Message?: string | undefined;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<ConflictException, __BaseException>);
+}
+/**
+ * <p>The request processing has failed because of an unknown error, exception, or failure.</p> <p>This indicates a server-side error within the Amazon Web Services Payment Cryptography service. If this error persists, contact support for assistance.</p>
+ * @public
+ */
+export declare class InternalServerException extends __BaseException {
+    readonly name: "InternalServerException";
+    readonly $fault: "server";
+    Message?: string | undefined;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<InternalServerException, __BaseException>);
+}
+/**
+ * <p>The request was denied due to resource not found.</p> <p>The specified key, alias, or other resource does not exist in your account or region. Verify that the resource identifier is correct and that the resource exists in the expected region.</p>
+ * @public
+ */
+export declare class ResourceNotFoundException extends __BaseException {
+    readonly name: "ResourceNotFoundException";
+    readonly $fault: "client";
+    /**
+     * <p>The identifier of the resource that was not found.</p> <p>This field contains the specific resource identifier (such as a key ARN or alias name) that could not be located.</p>
+     * @public
+     */
+    ResourceId?: string | undefined;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<ResourceNotFoundException, __BaseException>);
+}
+/**
+ * <p>This request would cause a service quota to be exceeded.</p> <p>You have reached the maximum number of keys, aliases, or other resources allowed in your account. Review your current usage and consider deleting unused resources or requesting a quota increase.</p>
+ * @public
+ */
+export declare class ServiceQuotaExceededException extends __BaseException {
+    readonly name: "ServiceQuotaExceededException";
+    readonly $fault: "client";
+    Message?: string | undefined;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<ServiceQuotaExceededException, __BaseException>);
+}
+/**
+ * <p>The request was denied due to request throttling.</p> <p>You have exceeded the rate limits for Amazon Web Services Payment Cryptography API calls. Implement exponential backoff and retry logic in your application to handle throttling gracefully.</p>
+ * @public
+ */
+export declare class ThrottlingException extends __BaseException {
+    readonly name: "ThrottlingException";
+    readonly $fault: "client";
+    Message?: string | undefined;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<ThrottlingException, __BaseException>);
+}
+/**
+ * <p>The request was denied due to an invalid request error.</p> <p>One or more parameters in your request are invalid. Check the parameter values, formats, and constraints specified in the API documentation.</p>
+ * @public
+ */
+export declare class ValidationException extends __BaseException {
+    readonly name: "ValidationException";
+    readonly $fault: "client";
+    Message?: string | undefined;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<ValidationException, __BaseException>);
+}
+/**
+ * <p>Contains information about an alias.</p>
+ * @public
+ */
+export interface Alias {
+    /**
+     * <p>A friendly name that you can use to refer to a key. The value must begin with <code>alias/</code>.</p> <important> <p>Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p> </important>
+     * @public
+     */
+    AliasName: string | undefined;
+    /**
+     * <p>The <code>KeyARN</code> of the key associated with the alias.</p>
+     * @public
+     */
+    KeyArn?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface CreateAliasInput {
+    /**
+     * <p>A friendly name that you can use to refer to a key. An alias must begin with <code>alias/</code> followed by a name, for example <code>alias/ExampleAlias</code>. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-).</p> <important> <p>Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p> </important>
+     * @public
+     */
+    AliasName: string | undefined;
+    /**
+     * <p>The <code>KeyARN</code> of the key to associate with the alias.</p>
+     * @public
+     */
+    KeyArn?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface CreateAliasOutput {
+    /**
+     * <p>The alias for the key.</p>
+     * @public
+     */
+    Alias: Alias | undefined;
+}
+/**
+ * <p>The service cannot complete the request.</p> <p>The Amazon Web Services Payment Cryptography service is temporarily unavailable. This is typically a temporary condition - retry your request after a brief delay.</p>
+ * @public
+ */
+export declare class ServiceUnavailableException extends __BaseException {
+    readonly name: "ServiceUnavailableException";
+    readonly $fault: "server";
+    Message?: string | undefined;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<ServiceUnavailableException, __BaseException>);
+}
+/**
+ * @public
+ */
+export interface DeleteAliasInput {
+    /**
+     * <p>A friendly name that you can use to refer Amazon Web Services Payment Cryptography key. This value must begin with <code>alias/</code> followed by a name, such as <code>alias/ExampleAlias</code>.</p>
+     * @public
+     */
+    AliasName: string | undefined;
+}
+/**
+ * @public
+ */
+export interface DeleteAliasOutput {
+}
+/**
+ * @public
+ */
+export interface GetAliasInput {
+    /**
+     * <p>The alias of the Amazon Web Services Payment Cryptography key.</p>
+     * @public
+     */
+    AliasName: string | undefined;
+}
+/**
+ * @public
+ */
+export interface GetAliasOutput {
+    /**
+     * <p>The alias of the Amazon Web Services Payment Cryptography key.</p>
+     * @public
+     */
+    Alias: Alias | undefined;
+}
 /**
- * <p>The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.</p>
  * @public
  */
-export interface KeyAttributes {
+export interface ListAliasesInput {
     /**
-     * <p>The cryptographic usage of an Amazon Web Services Payment Cryptography key as deﬁned in section A.5.2 of the TR-31 spec.</p>
+     * <p>The <code>keyARN</code> for which you want to list all aliases.</p>
      * @public
      */
-    KeyUsage: KeyUsage | undefined;
+    KeyArn?: string | undefined;
     /**
-     * <p>The type of Amazon Web Services Payment Cryptography key to create, which determines the classiﬁcation of the cryptographic method and whether Amazon Web Services Payment Cryptography key contains a symmetric key or an asymmetric key pair.</p>
+     * <p>Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of <code>NextToken</code> from the truncated response you just received.</p>
      * @public
      */
-    KeyClass: KeyClass | undefined;
+    NextToken?: string | undefined;
     /**
-     * <p>The key algorithm to be use during creation of an Amazon Web Services Payment Cryptography key.</p> <p>For symmetric keys, Amazon Web Services Payment Cryptography supports <code>AES</code> and <code>TDES</code> algorithms. For asymmetric keys, Amazon Web Services Payment Cryptography supports <code>RSA</code> and <code>ECC_NIST</code> algorithms.</p>
+     * <p>Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer.</p> <p>This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.</p>
      * @public
      */
-    KeyAlgorithm: KeyAlgorithm | undefined;
+    MaxResults?: number | undefined;
+}
+/**
+ * @public
+ */
+export interface ListAliasesOutput {
     /**
-     * <p>The list of cryptographic operations that you can perform using the key.</p>
+     * <p>The list of aliases. Each alias describes the <code>KeyArn</code> contained within.</p>
      * @public
      */
-    KeyModesOfUse: KeyModesOfUse | undefined;
+    Aliases: Alias[] | undefined;
+    /**
+     * <p>The token for the next set of results, or an empty or null value if there are no more results.</p>
+     * @public
+     */
+    NextToken?: string | undefined;
 }
 /**
  * @public
- * @enum
  */
-export declare const KeyCheckValueAlgorithm: {
-    readonly ANSI_X9_24: "ANSI_X9_24";
-    readonly CMAC: "CMAC";
-    readonly HMAC: "HMAC";
-};
+export interface UpdateAliasInput {
+    /**
+     * <p>The alias whose associated key is changing.</p>
+     * @public
+     */
+    AliasName: string | undefined;
+    /**
+     * <p>The <code>KeyARN</code> for the key that you are updating or removing from the alias.</p>
+     * @public
+     */
+    KeyArn?: string | undefined;
+}
 /**
  * @public
  */
-export type KeyCheckValueAlgorithm = (typeof KeyCheckValueAlgorithm)[keyof typeof KeyCheckValueAlgorithm];
+export interface UpdateAliasOutput {
+    /**
+     * <p>The alias name.</p>
+     * @public
+     */
+    Alias: Alias | undefined;
+}
 /**
  * <p>A structure that contains information about a tag.</p>
  * @public
@@ -485,108 +677,11 @@ export interface CreateKeyInput {
      * @public
      */
     DeriveKeyUsage?: DeriveKeyUsage | undefined;
-}
-/**
- * @public
- * @enum
- */
-export declare const KeyOrigin: {
-    readonly AWS_PAYMENT_CRYPTOGRAPHY: "AWS_PAYMENT_CRYPTOGRAPHY";
-    readonly EXTERNAL: "EXTERNAL";
-};
-/**
- * @public
- */
-export type KeyOrigin = (typeof KeyOrigin)[keyof typeof KeyOrigin];
-/**
- * @public
- * @enum
- */
-export declare const KeyState: {
-    readonly CREATE_COMPLETE: "CREATE_COMPLETE";
-    readonly CREATE_IN_PROGRESS: "CREATE_IN_PROGRESS";
-    readonly DELETE_COMPLETE: "DELETE_COMPLETE";
-    readonly DELETE_PENDING: "DELETE_PENDING";
-};
-/**
- * @public
- */
-export type KeyState = (typeof KeyState)[keyof typeof KeyState];
-/**
- * <p>Metadata about an Amazon Web Services Payment Cryptography key.</p>
- * @public
- */
-export interface Key {
-    /**
-     * <p>The Amazon Resource Name (ARN) of the key.</p>
-     * @public
-     */
-    KeyArn: string | undefined;
-    /**
-     * <p>The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.</p>
-     * @public
-     */
-    KeyAttributes: KeyAttributes | undefined;
-    /**
-     * <p>The key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.</p>
-     * @public
-     */
-    KeyCheckValue: string | undefined;
-    /**
-     * <p>The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.</p> <p>For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.</p>
-     * @public
-     */
-    KeyCheckValueAlgorithm: KeyCheckValueAlgorithm | undefined;
-    /**
-     * <p>Specifies whether the key is enabled. </p>
-     * @public
-     */
-    Enabled: boolean | undefined;
-    /**
-     * <p>Specifies whether the key is exportable. This data is immutable after the key is created.</p>
-     * @public
-     */
-    Exportable: boolean | undefined;
-    /**
-     * <p>The state of key that is being created or deleted.</p>
-     * @public
-     */
-    KeyState: KeyState | undefined;
-    /**
-     * <p>The source of the key material. For keys created within Amazon Web Services Payment Cryptography, the value is <code>AWS_PAYMENT_CRYPTOGRAPHY</code>. For keys imported into Amazon Web Services Payment Cryptography, the value is <code>EXTERNAL</code>.</p>
-     * @public
-     */
-    KeyOrigin: KeyOrigin | undefined;
-    /**
-     * <p>The date and time when the key was created.</p>
-     * @public
-     */
-    CreateTimestamp: Date | undefined;
-    /**
-     * <p>The date and time after which Amazon Web Services Payment Cryptography will start using the key material for cryptographic operations.</p>
-     * @public
-     */
-    UsageStartTimestamp?: Date | undefined;
-    /**
-     * <p>The date and time after which Amazon Web Services Payment Cryptography will stop using the key material for cryptographic operations.</p>
-     * @public
-     */
-    UsageStopTimestamp?: Date | undefined;
-    /**
-     * <p>The date and time after which Amazon Web Services Payment Cryptography will delete the key. This value is present only when <code>KeyState</code> is <code>DELETE_PENDING</code> and the key is scheduled for deletion.</p>
-     * @public
-     */
-    DeletePendingTimestamp?: Date | undefined;
-    /**
-     * <p>The date and time after which Amazon Web Services Payment Cryptography will delete the key. This value is present only when when the <code>KeyState</code> is <code>DELETE_COMPLETE</code> and the Amazon Web Services Payment Cryptography key is deleted.</p>
-     * @public
-     */
-    DeleteTimestamp?: Date | undefined;
     /**
-     * <p>The cryptographic usage of an ECDH derived key as deﬁned in section A.5.2 of the TR-31 spec.</p>
+     * <p>A list of Amazon Web Services Regions for key replication operations.</p> <p>Each region in the list must be a valid Amazon Web Services Region identifier where Amazon Web Services Payment Cryptography is available. This list is used to specify which regions should be added to or removed from a key's replication configuration.</p>
      * @public
      */
-    DeriveKeyUsage?: DeriveKeyUsage | undefined;
+    ReplicationRegions?: string[] | undefined;
 }
 /**
  * @public
@@ -653,6 +748,50 @@ export declare namespace DiffieHellmanDerivationData {
     }
     const visit: <T>(value: DiffieHellmanDerivationData, visitor: Visitor<T>) => T;
 }
+/**
+ * <p>Input parameters for disabling default key replication regions for the account.</p>
+ * @public
+ */
+export interface DisableDefaultKeyReplicationRegionsInput {
+    /**
+     * <p>The list of Amazon Web Services Regions to remove from the account's default replication regions.</p> <p>New keys created after this operation will not automatically be replicated to these regions, though existing keys with replication to these regions will be unaffected.</p>
+     * @public
+     */
+    ReplicationRegions: string[] | undefined;
+}
+/**
+ * <p>Output from disabling default key replication regions for the account.</p>
+ * @public
+ */
+export interface DisableDefaultKeyReplicationRegionsOutput {
+    /**
+     * <p>The remaining list of regions where default key replication is still enabled for the account.</p> <p>This reflects the account's default replication configuration after removing the specified regions.</p>
+     * @public
+     */
+    EnabledReplicationRegions: string[] | undefined;
+}
+/**
+ * <p>Input parameters for enabling default key replication regions for the account.</p>
+ * @public
+ */
+export interface EnableDefaultKeyReplicationRegionsInput {
+    /**
+     * <p>The list of Amazon Web Services Regions to enable as default replication regions for the account.</p> <p>New keys created in this account will automatically be replicated to these regions unless explicitly overridden during key creation.</p>
+     * @public
+     */
+    ReplicationRegions: string[] | undefined;
+}
+/**
+ * <p>Output from enabling default key replication regions for the account.</p>
+ * @public
+ */
+export interface EnableDefaultKeyReplicationRegionsOutput {
+    /**
+     * <p>The complete list of regions where default key replication is now enabled for the account.</p> <p>This includes both previously enabled regions and the newly added regions from this operation.</p>
+     * @public
+     */
+    EnabledReplicationRegions: string[] | undefined;
+}
 /**
  * <p>Parameter information for IPEK generation during export.</p>
  * @public
@@ -1051,6 +1190,23 @@ export interface ExportKeyOutput {
      */
     WrappedKey?: WrappedKey | undefined;
 }
+/**
+ * <p>Input parameters for retrieving the account's default key replication regions. This operation requires no input parameters.</p>
+ * @public
+ */
+export interface GetDefaultKeyReplicationRegionsInput {
+}
+/**
+ * <p>Output containing the account's current default key replication configuration.</p>
+ * @public
+ */
+export interface GetDefaultKeyReplicationRegionsOutput {
+    /**
+     * <p>The list of regions where default key replication is currently enabled for the account.</p> <p>New keys created in this account will automatically be replicated to these regions unless explicitly configured otherwise during key creation.</p>
+     * @public
+     */
+    EnabledReplicationRegions: string[] | undefined;
+}
 /**
  * @public
  */
@@ -1066,7 +1222,7 @@ export interface GetKeyInput {
  */
 export interface GetKeyOutput {
     /**
-     * <p>The key material, including the immutable and mutable data for the key.</p>
+     * <p>Contains the key metadata, including both immutable and mutable attributes for the key, but does not include actual cryptographic key material.</p>
      * @public
      */
     Key: Key | undefined;
@@ -1501,6 +1657,11 @@ export interface ImportKeyInput {
      * @public
      */
     Tags?: Tag[] | undefined;
+    /**
+     * <p>A list of Amazon Web Services Regions for key replication operations.</p> <p>Each region in the list must be a valid Amazon Web Services Region identifier where Amazon Web Services Payment Cryptography is available. This list is used to specify which regions should be added to or removed from a key's replication configuration.</p>
+     * @public
+     */
+    ReplicationRegions?: string[] | undefined;
 }
 /**
  * @public
@@ -1567,6 +1728,16 @@ export interface KeySummary {
      * @public
      */
     Enabled: boolean | undefined;
+    /**
+     * Defines the replication type of a key
+     * @public
+     */
+    MultiRegionKeyType?: MultiRegionKeyType | undefined;
+    /**
+     * <p>An Amazon Web Services Region identifier in the standard format (e.g., <code>us-east-1</code>, <code>eu-west-1</code>).</p> <p>Used to specify regions for key replication operations. The region must be a valid Amazon Web Services Region where Amazon Web Services Payment Cryptography is available.</p>
+     * @public
+     */
+    PrimaryRegion?: string | undefined;
 }
 /**
  * @public
@@ -1583,6 +1754,33 @@ export interface ListKeysOutput {
      */
     NextToken?: string | undefined;
 }
+/**
+ * <p>Input parameters for removing replication regions from a specific key.</p>
+ * @public
+ */
+export interface RemoveKeyReplicationRegionsInput {
+    /**
+     * <p>The key identifier (ARN or alias) of the key from which to remove replication regions.</p> <p>This key must exist and have replication enabled in the specified regions.</p>
+     * @public
+     */
+    KeyIdentifier: string | undefined;
+    /**
+     * <p>The list of Amazon Web Services Regions to remove from the key's replication configuration.</p> <p>The key will no longer be available for cryptographic operations in these regions after removal. Ensure no active operations depend on the key in these regions before removal.</p>
+     * @public
+     */
+    ReplicationRegions: string[] | undefined;
+}
+/**
+ * <p>Output from removing replication regions from a key.</p>
+ * @public
+ */
+export interface RemoveKeyReplicationRegionsOutput {
+    /**
+     * <p>The updated key metadata after removing the replication regions.</p> <p>This reflects the current state of the key and its updated replication configuration.</p>
+     * @public
+     */
+    Key: Key | undefined;
+}
 /**
  * @public
  */
@@ -1726,10 +1924,6 @@ export declare const KeyBlockHeadersFilterSensitiveLog: (obj: KeyBlockHeaders) =
  * @internal
  */
 export declare const ExportDiffieHellmanTr31KeyBlockFilterSensitiveLog: (obj: ExportDiffieHellmanTr31KeyBlock) => any;
-/**
- * @internal
- */
-export declare const ExportKeyCryptogramFilterSensitiveLog: (obj: ExportKeyCryptogram) => any;
 /**
  * @internal
  */
@@ -1754,18 +1948,6 @@ export declare const WrappedKeyFilterSensitiveLog: (obj: WrappedKey) => any;
  * @internal
  */
 export declare const ExportKeyOutputFilterSensitiveLog: (obj: ExportKeyOutput) => any;
-/**
- * @internal
- */
-export declare const GetParametersForExportOutputFilterSensitiveLog: (obj: GetParametersForExportOutput) => any;
-/**
- * @internal
- */
-export declare const GetParametersForImportOutputFilterSensitiveLog: (obj: GetParametersForImportOutput) => any;
-/**
- * @internal
- */
-export declare const GetPublicKeyCertificateOutputFilterSensitiveLog: (obj: GetPublicKeyCertificateOutput) => any;
 /**
  * @internal
  */
@@ -1774,10 +1956,6 @@ export declare const ImportDiffieHellmanTr31KeyBlockFilterSensitiveLog: (obj: Im
  * @internal
  */
 export declare const ImportKeyCryptogramFilterSensitiveLog: (obj: ImportKeyCryptogram) => any;
-/**
- * @internal
- */
-export declare const RootCertificatePublicKeyFilterSensitiveLog: (obj: RootCertificatePublicKey) => any;
 /**
  * @internal
  */
@@ -1786,10 +1964,6 @@ export declare const ImportTr31KeyBlockFilterSensitiveLog: (obj: ImportTr31KeyBl
  * @internal
  */
 export declare const ImportTr34KeyBlockFilterSensitiveLog: (obj: ImportTr34KeyBlock) => any;
-/**
- * @internal
- */
-export declare const TrustedCertificatePublicKeyFilterSensitiveLog: (obj: TrustedCertificatePublicKey) => any;
 /**
  * @internal
  */