// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. // Package kms provides a client for AWS Key Management Service. package kms import ( "time" "github.com/aws/aws-sdk-go/aws/awsutil" "github.com/aws/aws-sdk-go/aws/request" ) const opCreateAlias = "CreateAlias" // CreateAliasRequest generates a request for the CreateAlias operation. func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, output *CreateAliasOutput) { op := &request.Operation{ Name: opCreateAlias, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &CreateAliasInput{} } req = c.newRequest(op, input, output) output = &CreateAliasOutput{} req.Data = output return } // Creates a display name for a customer master key. An alias can be used to // identify a key and should be unique. The console enforces a one-to-one mapping // between the alias and a key. An alias name can contain only alphanumeric // characters, forward slashes (/), underscores (_), and dashes (-). An alias // must start with the word "alias" followed by a forward slash (alias/). An // alias that begins with "aws" after the forward slash (alias/aws...) is reserved // by Amazon Web Services (AWS). // // To associate an alias with a different key, call UpdateAlias. // // Note that you cannot create or update an alias that represents a key in // another account. func (c *KMS) CreateAlias(input *CreateAliasInput) (*CreateAliasOutput, error) { req, out := c.CreateAliasRequest(input) err := req.Send() return out, err } const opCreateGrant = "CreateGrant" // CreateGrantRequest generates a request for the CreateGrant operation. func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, output *CreateGrantOutput) { op := &request.Operation{ Name: opCreateGrant, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &CreateGrantInput{} } req = c.newRequest(op, input, output) output = &CreateGrantOutput{} req.Data = output return } // Adds a grant to a key to specify who can access the key and under what conditions. // Grants are alternate permission mechanisms to key policies. For more information // about grants, see Grants (http://docs.aws.amazon.com/kms/latest/developerguide/grants.html) // in the developer guide. If a grant is absent, access to the key is evaluated // based on IAM policies attached to the user. ListGrants RetireGrant RevokeGrant func (c *KMS) CreateGrant(input *CreateGrantInput) (*CreateGrantOutput, error) { req, out := c.CreateGrantRequest(input) err := req.Send() return out, err } const opCreateKey = "CreateKey" // CreateKeyRequest generates a request for the CreateKey operation. func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, output *CreateKeyOutput) { op := &request.Operation{ Name: opCreateKey, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &CreateKeyInput{} } req = c.newRequest(op, input, output) output = &CreateKeyOutput{} req.Data = output return } // Creates a customer master key. Customer master keys can be used to encrypt // small amounts of data (less than 4K) directly, but they are most commonly // used to encrypt or envelope data keys that are then used to encrypt customer // data. For more information about data keys, see GenerateDataKey and GenerateDataKeyWithoutPlaintext. func (c *KMS) CreateKey(input *CreateKeyInput) (*CreateKeyOutput, error) { req, out := c.CreateKeyRequest(input) err := req.Send() return out, err } const opDecrypt = "Decrypt" // DecryptRequest generates a request for the Decrypt operation. func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output *DecryptOutput) { op := &request.Operation{ Name: opDecrypt, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &DecryptInput{} } req = c.newRequest(op, input, output) output = &DecryptOutput{} req.Data = output return } // Decrypts ciphertext. Ciphertext is plaintext that has been previously encrypted // by using any of the following functions: GenerateDataKey GenerateDataKeyWithoutPlaintext // Encrypt // // Note that if a caller has been granted access permissions to all keys (through, // for example, IAM user policies that grant Decrypt permission on all resources), // then ciphertext encrypted by using keys in other accounts where the key grants // access to the caller can be decrypted. To remedy this, we recommend that // you do not grant Decrypt access in an IAM user policy. Instead grant Decrypt // access only in key policies. If you must grant Decrypt access in an IAM user // policy, you should scope the resource to specific keys or to specific trusted // accounts. func (c *KMS) Decrypt(input *DecryptInput) (*DecryptOutput, error) { req, out := c.DecryptRequest(input) err := req.Send() return out, err } const opDeleteAlias = "DeleteAlias" // DeleteAliasRequest generates a request for the DeleteAlias operation. func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, output *DeleteAliasOutput) { op := &request.Operation{ Name: opDeleteAlias, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &DeleteAliasInput{} } req = c.newRequest(op, input, output) output = &DeleteAliasOutput{} req.Data = output return } // Deletes the specified alias. To associate an alias with a different key, // call UpdateAlias. func (c *KMS) DeleteAlias(input *DeleteAliasInput) (*DeleteAliasOutput, error) { req, out := c.DeleteAliasRequest(input) err := req.Send() return out, err } const opDescribeKey = "DescribeKey" // DescribeKeyRequest generates a request for the DescribeKey operation. func (c *KMS) DescribeKeyRequest(input *DescribeKeyInput) (req *request.Request, output *DescribeKeyOutput) { op := &request.Operation{ Name: opDescribeKey, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &DescribeKeyInput{} } req = c.newRequest(op, input, output) output = &DescribeKeyOutput{} req.Data = output return } // Provides detailed information about the specified customer master key. func (c *KMS) DescribeKey(input *DescribeKeyInput) (*DescribeKeyOutput, error) { req, out := c.DescribeKeyRequest(input) err := req.Send() return out, err } const opDisableKey = "DisableKey" // DisableKeyRequest generates a request for the DisableKey operation. func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, output *DisableKeyOutput) { op := &request.Operation{ Name: opDisableKey, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &DisableKeyInput{} } req = c.newRequest(op, input, output) output = &DisableKeyOutput{} req.Data = output return } // Marks a key as disabled, thereby preventing its use. func (c *KMS) DisableKey(input *DisableKeyInput) (*DisableKeyOutput, error) { req, out := c.DisableKeyRequest(input) err := req.Send() return out, err } const opDisableKeyRotation = "DisableKeyRotation" // DisableKeyRotationRequest generates a request for the DisableKeyRotation operation. func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *request.Request, output *DisableKeyRotationOutput) { op := &request.Operation{ Name: opDisableKeyRotation, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &DisableKeyRotationInput{} } req = c.newRequest(op, input, output) output = &DisableKeyRotationOutput{} req.Data = output return } // Disables rotation of the specified key. func (c *KMS) DisableKeyRotation(input *DisableKeyRotationInput) (*DisableKeyRotationOutput, error) { req, out := c.DisableKeyRotationRequest(input) err := req.Send() return out, err } const opEnableKey = "EnableKey" // EnableKeyRequest generates a request for the EnableKey operation. func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, output *EnableKeyOutput) { op := &request.Operation{ Name: opEnableKey, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &EnableKeyInput{} } req = c.newRequest(op, input, output) output = &EnableKeyOutput{} req.Data = output return } // Marks a key as enabled, thereby permitting its use. You can have up to 25 // enabled keys at one time. func (c *KMS) EnableKey(input *EnableKeyInput) (*EnableKeyOutput, error) { req, out := c.EnableKeyRequest(input) err := req.Send() return out, err } const opEnableKeyRotation = "EnableKeyRotation" // EnableKeyRotationRequest generates a request for the EnableKeyRotation operation. func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *request.Request, output *EnableKeyRotationOutput) { op := &request.Operation{ Name: opEnableKeyRotation, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &EnableKeyRotationInput{} } req = c.newRequest(op, input, output) output = &EnableKeyRotationOutput{} req.Data = output return } // Enables rotation of the specified customer master key. func (c *KMS) EnableKeyRotation(input *EnableKeyRotationInput) (*EnableKeyRotationOutput, error) { req, out := c.EnableKeyRotationRequest(input) err := req.Send() return out, err } const opEncrypt = "Encrypt" // EncryptRequest generates a request for the Encrypt operation. func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output *EncryptOutput) { op := &request.Operation{ Name: opEncrypt, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &EncryptInput{} } req = c.newRequest(op, input, output) output = &EncryptOutput{} req.Data = output return } // Encrypts plaintext into ciphertext by using a customer master key. The Encrypt // function has two primary use cases: You can encrypt up to 4 KB of arbitrary // data such as an RSA key, a database password, or other sensitive customer // information. If you are moving encrypted data from one region to another, // you can use this API to encrypt in the new region the plaintext data key // that was used to encrypt the data in the original region. This provides you // with an encrypted copy of the data key that can be decrypted in the new region // and used there to decrypt the encrypted data. // // Unless you are moving encrypted data from one region to another, you don't // use this function to encrypt a generated data key within a region. You retrieve // data keys already encrypted by calling the GenerateDataKey or GenerateDataKeyWithoutPlaintext // function. Data keys don't need to be encrypted again by calling Encrypt. // // If you want to encrypt data locally in your application, you can use the // GenerateDataKey function to return a plaintext data encryption key and a // copy of the key encrypted under the customer master key (CMK) of your choosing. func (c *KMS) Encrypt(input *EncryptInput) (*EncryptOutput, error) { req, out := c.EncryptRequest(input) err := req.Send() return out, err } const opGenerateDataKey = "GenerateDataKey" // GenerateDataKeyRequest generates a request for the GenerateDataKey operation. func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request.Request, output *GenerateDataKeyOutput) { op := &request.Operation{ Name: opGenerateDataKey, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &GenerateDataKeyInput{} } req = c.newRequest(op, input, output) output = &GenerateDataKeyOutput{} req.Data = output return } // Generates a data key that you can use in your application to locally encrypt // data. This call returns a plaintext version of the key in the Plaintext field // of the response object and an encrypted copy of the key in the CiphertextBlob // field. The key is encrypted by using the master key specified by the KeyId // field. To decrypt the encrypted key, pass it to the Decrypt API. // // We recommend that you use the following pattern to locally encrypt data: // call the GenerateDataKey API, use the key returned in the Plaintext response // field to locally encrypt data, and then erase the plaintext data key from // memory. Store the encrypted data key (contained in the CiphertextBlob field) // alongside of the locally encrypted data. // // You should not call the Encrypt function to re-encrypt your data keys within // a region. GenerateDataKey always returns the data key encrypted and tied // to the customer master key that will be used to decrypt it. There is no need // to decrypt it twice. If you decide to use the optional EncryptionContext // parameter, you must also store the context in full or at least store enough // information along with the encrypted data to be able to reconstruct the context // when submitting the ciphertext to the Decrypt API. It is a good practice // to choose a context that you can reconstruct on the fly to better secure // the ciphertext. For more information about how this parameter is used, see // Encryption Context (http://docs.aws.amazon.com/kms/latest/developerguide/encrypt-context.html). // // To decrypt data, pass the encrypted data key to the Decrypt API. Decrypt // uses the associated master key to decrypt the encrypted data key and returns // it as plaintext. Use the plaintext data key to locally decrypt your data // and then erase the key from memory. You must specify the encryption context, // if any, that you specified when you generated the key. The encryption context // is logged by CloudTrail, and you can use this log to help track the use of // particular data. func (c *KMS) GenerateDataKey(input *GenerateDataKeyInput) (*GenerateDataKeyOutput, error) { req, out := c.GenerateDataKeyRequest(input) err := req.Send() return out, err } const opGenerateDataKeyWithoutPlaintext = "GenerateDataKeyWithoutPlaintext" // GenerateDataKeyWithoutPlaintextRequest generates a request for the GenerateDataKeyWithoutPlaintext operation. func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWithoutPlaintextInput) (req *request.Request, output *GenerateDataKeyWithoutPlaintextOutput) { op := &request.Operation{ Name: opGenerateDataKeyWithoutPlaintext, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &GenerateDataKeyWithoutPlaintextInput{} } req = c.newRequest(op, input, output) output = &GenerateDataKeyWithoutPlaintextOutput{} req.Data = output return } // Returns a data key encrypted by a customer master key without the plaintext // copy of that key. Otherwise, this API functions exactly like GenerateDataKey. // You can use this API to, for example, satisfy an audit requirement that an // encrypted key be made available without exposing the plaintext copy of that // key. func (c *KMS) GenerateDataKeyWithoutPlaintext(input *GenerateDataKeyWithoutPlaintextInput) (*GenerateDataKeyWithoutPlaintextOutput, error) { req, out := c.GenerateDataKeyWithoutPlaintextRequest(input) err := req.Send() return out, err } const opGenerateRandom = "GenerateRandom" // GenerateRandomRequest generates a request for the GenerateRandom operation. func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Request, output *GenerateRandomOutput) { op := &request.Operation{ Name: opGenerateRandom, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &GenerateRandomInput{} } req = c.newRequest(op, input, output) output = &GenerateRandomOutput{} req.Data = output return } // Generates an unpredictable byte string. func (c *KMS) GenerateRandom(input *GenerateRandomInput) (*GenerateRandomOutput, error) { req, out := c.GenerateRandomRequest(input) err := req.Send() return out, err } const opGetKeyPolicy = "GetKeyPolicy" // GetKeyPolicyRequest generates a request for the GetKeyPolicy operation. func (c *KMS) GetKeyPolicyRequest(input *GetKeyPolicyInput) (req *request.Request, output *GetKeyPolicyOutput) { op := &request.Operation{ Name: opGetKeyPolicy, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &GetKeyPolicyInput{} } req = c.newRequest(op, input, output) output = &GetKeyPolicyOutput{} req.Data = output return } // Retrieves a policy attached to the specified key. func (c *KMS) GetKeyPolicy(input *GetKeyPolicyInput) (*GetKeyPolicyOutput, error) { req, out := c.GetKeyPolicyRequest(input) err := req.Send() return out, err } const opGetKeyRotationStatus = "GetKeyRotationStatus" // GetKeyRotationStatusRequest generates a request for the GetKeyRotationStatus operation. func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req *request.Request, output *GetKeyRotationStatusOutput) { op := &request.Operation{ Name: opGetKeyRotationStatus, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &GetKeyRotationStatusInput{} } req = c.newRequest(op, input, output) output = &GetKeyRotationStatusOutput{} req.Data = output return } // Retrieves a Boolean value that indicates whether key rotation is enabled // for the specified key. func (c *KMS) GetKeyRotationStatus(input *GetKeyRotationStatusInput) (*GetKeyRotationStatusOutput, error) { req, out := c.GetKeyRotationStatusRequest(input) err := req.Send() return out, err } const opListAliases = "ListAliases" // ListAliasesRequest generates a request for the ListAliases operation. func (c *KMS) ListAliasesRequest(input *ListAliasesInput) (req *request.Request, output *ListAliasesOutput) { op := &request.Operation{ Name: opListAliases, HTTPMethod: "POST", HTTPPath: "/", Paginator: &request.Paginator{ InputTokens: []string{"Marker"}, OutputTokens: []string{"NextMarker"}, LimitToken: "Limit", TruncationToken: "Truncated", }, } if input == nil { input = &ListAliasesInput{} } req = c.newRequest(op, input, output) output = &ListAliasesOutput{} req.Data = output return } // Lists all of the key aliases in the account. func (c *KMS) ListAliases(input *ListAliasesInput) (*ListAliasesOutput, error) { req, out := c.ListAliasesRequest(input) err := req.Send() return out, err } func (c *KMS) ListAliasesPages(input *ListAliasesInput, fn func(p *ListAliasesOutput, lastPage bool) (shouldContinue bool)) error { page, _ := c.ListAliasesRequest(input) return page.EachPage(func(p interface{}, lastPage bool) bool { return fn(p.(*ListAliasesOutput), lastPage) }) } const opListGrants = "ListGrants" // ListGrantsRequest generates a request for the ListGrants operation. func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, output *ListGrantsOutput) { op := &request.Operation{ Name: opListGrants, HTTPMethod: "POST", HTTPPath: "/", Paginator: &request.Paginator{ InputTokens: []string{"Marker"}, OutputTokens: []string{"NextMarker"}, LimitToken: "Limit", TruncationToken: "Truncated", }, } if input == nil { input = &ListGrantsInput{} } req = c.newRequest(op, input, output) output = &ListGrantsOutput{} req.Data = output return } // List the grants for a specified key. func (c *KMS) ListGrants(input *ListGrantsInput) (*ListGrantsOutput, error) { req, out := c.ListGrantsRequest(input) err := req.Send() return out, err } func (c *KMS) ListGrantsPages(input *ListGrantsInput, fn func(p *ListGrantsOutput, lastPage bool) (shouldContinue bool)) error { page, _ := c.ListGrantsRequest(input) return page.EachPage(func(p interface{}, lastPage bool) bool { return fn(p.(*ListGrantsOutput), lastPage) }) } const opListKeyPolicies = "ListKeyPolicies" // ListKeyPoliciesRequest generates a request for the ListKeyPolicies operation. func (c *KMS) ListKeyPoliciesRequest(input *ListKeyPoliciesInput) (req *request.Request, output *ListKeyPoliciesOutput) { op := &request.Operation{ Name: opListKeyPolicies, HTTPMethod: "POST", HTTPPath: "/", Paginator: &request.Paginator{ InputTokens: []string{"Marker"}, OutputTokens: []string{"NextMarker"}, LimitToken: "Limit", TruncationToken: "Truncated", }, } if input == nil { input = &ListKeyPoliciesInput{} } req = c.newRequest(op, input, output) output = &ListKeyPoliciesOutput{} req.Data = output return } // Retrieves a list of policies attached to a key. func (c *KMS) ListKeyPolicies(input *ListKeyPoliciesInput) (*ListKeyPoliciesOutput, error) { req, out := c.ListKeyPoliciesRequest(input) err := req.Send() return out, err } func (c *KMS) ListKeyPoliciesPages(input *ListKeyPoliciesInput, fn func(p *ListKeyPoliciesOutput, lastPage bool) (shouldContinue bool)) error { page, _ := c.ListKeyPoliciesRequest(input) return page.EachPage(func(p interface{}, lastPage bool) bool { return fn(p.(*ListKeyPoliciesOutput), lastPage) }) } const opListKeys = "ListKeys" // ListKeysRequest generates a request for the ListKeys operation. func (c *KMS) ListKeysRequest(input *ListKeysInput) (req *request.Request, output *ListKeysOutput) { op := &request.Operation{ Name: opListKeys, HTTPMethod: "POST", HTTPPath: "/", Paginator: &request.Paginator{ InputTokens: []string{"Marker"}, OutputTokens: []string{"NextMarker"}, LimitToken: "Limit", TruncationToken: "Truncated", }, } if input == nil { input = &ListKeysInput{} } req = c.newRequest(op, input, output) output = &ListKeysOutput{} req.Data = output return } // Lists the customer master keys. func (c *KMS) ListKeys(input *ListKeysInput) (*ListKeysOutput, error) { req, out := c.ListKeysRequest(input) err := req.Send() return out, err } func (c *KMS) ListKeysPages(input *ListKeysInput, fn func(p *ListKeysOutput, lastPage bool) (shouldContinue bool)) error { page, _ := c.ListKeysRequest(input) return page.EachPage(func(p interface{}, lastPage bool) bool { return fn(p.(*ListKeysOutput), lastPage) }) } const opPutKeyPolicy = "PutKeyPolicy" // PutKeyPolicyRequest generates a request for the PutKeyPolicy operation. func (c *KMS) PutKeyPolicyRequest(input *PutKeyPolicyInput) (req *request.Request, output *PutKeyPolicyOutput) { op := &request.Operation{ Name: opPutKeyPolicy, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &PutKeyPolicyInput{} } req = c.newRequest(op, input, output) output = &PutKeyPolicyOutput{} req.Data = output return } // Attaches a policy to the specified key. func (c *KMS) PutKeyPolicy(input *PutKeyPolicyInput) (*PutKeyPolicyOutput, error) { req, out := c.PutKeyPolicyRequest(input) err := req.Send() return out, err } const opReEncrypt = "ReEncrypt" // ReEncryptRequest generates a request for the ReEncrypt operation. func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, output *ReEncryptOutput) { op := &request.Operation{ Name: opReEncrypt, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &ReEncryptInput{} } req = c.newRequest(op, input, output) output = &ReEncryptOutput{} req.Data = output return } // Encrypts data on the server side with a new customer master key without exposing // the plaintext of the data on the client side. The data is first decrypted // and then encrypted. This operation can also be used to change the encryption // context of a ciphertext. // // Unlike other actions, ReEncrypt is authorized twice - once as ReEncryptFrom // on the source key and once as ReEncryptTo on the destination key. We therefore // recommend that you include the "action":"kms:ReEncrypt*" statement in your // key policies to permit re-encryption from or to the key. The statement is // included automatically when you authorize use of the key through the console // but must be included manually when you set a policy by using the PutKeyPolicy // function. func (c *KMS) ReEncrypt(input *ReEncryptInput) (*ReEncryptOutput, error) { req, out := c.ReEncryptRequest(input) err := req.Send() return out, err } const opRetireGrant = "RetireGrant" // RetireGrantRequest generates a request for the RetireGrant operation. func (c *KMS) RetireGrantRequest(input *RetireGrantInput) (req *request.Request, output *RetireGrantOutput) { op := &request.Operation{ Name: opRetireGrant, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &RetireGrantInput{} } req = c.newRequest(op, input, output) output = &RetireGrantOutput{} req.Data = output return } // Retires a grant. You can retire a grant when you're done using it to clean // up. You should revoke a grant when you intend to actively deny operations // that depend on it. The following are permitted to call this API: The account // that created the grant The RetiringPrincipal, if present The GranteePrincipal, // if RetireGrant is a grantee operation The grant to retire must be identified // by its grant token or by a combination of the key ARN and the grant ID. A // grant token is a unique variable-length base64-encoded string. A grant ID // is a 64 character unique identifier of a grant. Both are returned by the // CreateGrant function. func (c *KMS) RetireGrant(input *RetireGrantInput) (*RetireGrantOutput, error) { req, out := c.RetireGrantRequest(input) err := req.Send() return out, err } const opRevokeGrant = "RevokeGrant" // RevokeGrantRequest generates a request for the RevokeGrant operation. func (c *KMS) RevokeGrantRequest(input *RevokeGrantInput) (req *request.Request, output *RevokeGrantOutput) { op := &request.Operation{ Name: opRevokeGrant, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &RevokeGrantInput{} } req = c.newRequest(op, input, output) output = &RevokeGrantOutput{} req.Data = output return } // Revokes a grant. You can revoke a grant to actively deny operations that // depend on it. func (c *KMS) RevokeGrant(input *RevokeGrantInput) (*RevokeGrantOutput, error) { req, out := c.RevokeGrantRequest(input) err := req.Send() return out, err } const opUpdateAlias = "UpdateAlias" // UpdateAliasRequest generates a request for the UpdateAlias operation. func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, output *UpdateAliasOutput) { op := &request.Operation{ Name: opUpdateAlias, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &UpdateAliasInput{} } req = c.newRequest(op, input, output) output = &UpdateAliasOutput{} req.Data = output return } // Updates an alias to associate it with a different key. // // An alias name can contain only alphanumeric characters, forward slashes // (/), underscores (_), and dashes (-). An alias must start with the word "alias" // followed by a forward slash (alias/). An alias that begins with "aws" after // the forward slash (alias/aws...) is reserved by Amazon Web Services (AWS). // // An alias is not a property of a key. Therefore, an alias can be associated // with and disassociated from an existing key without changing the properties // of the key. // // Note that you cannot create or update an alias that represents a key in // another account. func (c *KMS) UpdateAlias(input *UpdateAliasInput) (*UpdateAliasOutput, error) { req, out := c.UpdateAliasRequest(input) err := req.Send() return out, err } const opUpdateKeyDescription = "UpdateKeyDescription" // UpdateKeyDescriptionRequest generates a request for the UpdateKeyDescription operation. func (c *KMS) UpdateKeyDescriptionRequest(input *UpdateKeyDescriptionInput) (req *request.Request, output *UpdateKeyDescriptionOutput) { op := &request.Operation{ Name: opUpdateKeyDescription, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &UpdateKeyDescriptionInput{} } req = c.newRequest(op, input, output) output = &UpdateKeyDescriptionOutput{} req.Data = output return } // Updates the description of a key. func (c *KMS) UpdateKeyDescription(input *UpdateKeyDescriptionInput) (*UpdateKeyDescriptionOutput, error) { req, out := c.UpdateKeyDescriptionRequest(input) err := req.Send() return out, err } // Contains information about an alias. type AliasListEntry struct { // String that contains the key ARN. AliasArn *string `type:"string"` // String that contains the alias. AliasName *string `type:"string"` // String that contains the key identifier pointed to by the alias. TargetKeyId *string `type:"string"` metadataAliasListEntry `json:"-" xml:"-"` } type metadataAliasListEntry struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s AliasListEntry) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s AliasListEntry) GoString() string { return s.String() } type CreateAliasInput struct { // String that contains the display name. The name must start with the word // "alias" followed by a forward slash (alias/). Aliases that begin with "alias/AWS" // are reserved. AliasName *string `type:"string" required:"true"` // An identifier of the key for which you are creating the alias. This value // cannot be another alias but can be a globally unique identifier or a fully // specified ARN to a key. Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 TargetKeyId *string `type:"string" required:"true"` metadataCreateAliasInput `json:"-" xml:"-"` } type metadataCreateAliasInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s CreateAliasInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s CreateAliasInput) GoString() string { return s.String() } type CreateAliasOutput struct { metadataCreateAliasOutput `json:"-" xml:"-"` } type metadataCreateAliasOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s CreateAliasOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s CreateAliasOutput) GoString() string { return s.String() } type CreateGrantInput struct { // Specifies the conditions under which the actions specified by the Operations // parameter are allowed. Constraints *GrantConstraints `type:"structure"` // For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token). GrantTokens []*string `type:"list"` // Principal given permission by the grant to use the key identified by the // keyId parameter. GranteePrincipal *string `type:"string" required:"true"` // A unique identifier for the customer master key. This value can be a globally // unique identifier or the fully specified ARN to a key. Key ARN Example - // arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 KeyId *string `type:"string" required:"true"` // List of operations permitted by the grant. This can be any combination of // one or more of the following values: Decrypt Encrypt GenerateDataKey GenerateDataKeyWithoutPlaintext // ReEncryptFrom ReEncryptTo CreateGrant RetireGrant Operations []*string `type:"list"` // Principal given permission to retire the grant. For more information, see // RetireGrant. RetiringPrincipal *string `type:"string"` metadataCreateGrantInput `json:"-" xml:"-"` } type metadataCreateGrantInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s CreateGrantInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s CreateGrantInput) GoString() string { return s.String() } type CreateGrantOutput struct { // Unique grant identifier. You can use the GrantId value to revoke a grant. GrantId *string `type:"string"` // For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token). GrantToken *string `type:"string"` metadataCreateGrantOutput `json:"-" xml:"-"` } type metadataCreateGrantOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s CreateGrantOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s CreateGrantOutput) GoString() string { return s.String() } type CreateKeyInput struct { // Description of the key. We recommend that you choose a description that helps // your customer decide whether the key is appropriate for a task. Description *string `type:"string"` // Specifies the intended use of the key. Currently this defaults to ENCRYPT/DECRYPT, // and only symmetric encryption and decryption are supported. KeyUsage *string `type:"string" enum:"KeyUsageType"` // Policy to be attached to the key. This is required and delegates back to // the account. The key is the root of trust. Policy *string `type:"string"` metadataCreateKeyInput `json:"-" xml:"-"` } type metadataCreateKeyInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s CreateKeyInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s CreateKeyInput) GoString() string { return s.String() } type CreateKeyOutput struct { // Metadata associated with the key. KeyMetadata *KeyMetadata `type:"structure"` metadataCreateKeyOutput `json:"-" xml:"-"` } type metadataCreateKeyOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s CreateKeyOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s CreateKeyOutput) GoString() string { return s.String() } type DecryptInput struct { // Ciphertext to be decrypted. The blob includes metadata. CiphertextBlob []byte `type:"blob" required:"true"` // The encryption context. If this was specified in the Encrypt function, it // must be specified here or the decryption operation will fail. For more information, // see Encryption Context (http://docs.aws.amazon.com/kms/latest/developerguide/encrypt-context.html). EncryptionContext map[string]*string `type:"map"` // For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token). GrantTokens []*string `type:"list"` metadataDecryptInput `json:"-" xml:"-"` } type metadataDecryptInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s DecryptInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DecryptInput) GoString() string { return s.String() } type DecryptOutput struct { // ARN of the key used to perform the decryption. This value is returned if // no errors are encountered during the operation. KeyId *string `type:"string"` // Decrypted plaintext data. This value may not be returned if the customer // master key is not available or if you didn't have permission to use it. Plaintext []byte `type:"blob"` metadataDecryptOutput `json:"-" xml:"-"` } type metadataDecryptOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s DecryptOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DecryptOutput) GoString() string { return s.String() } type DeleteAliasInput struct { // The alias to be deleted. The name must start with the word "alias" followed // by a forward slash (alias/). Aliases that begin with "alias/AWS" are reserved. AliasName *string `type:"string" required:"true"` metadataDeleteAliasInput `json:"-" xml:"-"` } type metadataDeleteAliasInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s DeleteAliasInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DeleteAliasInput) GoString() string { return s.String() } type DeleteAliasOutput struct { metadataDeleteAliasOutput `json:"-" xml:"-"` } type metadataDeleteAliasOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s DeleteAliasOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DeleteAliasOutput) GoString() string { return s.String() } type DescribeKeyInput struct { // A unique identifier for the customer master key. This value can be a globally // unique identifier, a fully specified ARN to either an alias or a key, or // an alias name prefixed by "alias/". Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 // Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 Alias // Name Example - alias/MyAliasName KeyId *string `type:"string" required:"true"` metadataDescribeKeyInput `json:"-" xml:"-"` } type metadataDescribeKeyInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s DescribeKeyInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DescribeKeyInput) GoString() string { return s.String() } type DescribeKeyOutput struct { // Metadata associated with the key. KeyMetadata *KeyMetadata `type:"structure"` metadataDescribeKeyOutput `json:"-" xml:"-"` } type metadataDescribeKeyOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s DescribeKeyOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DescribeKeyOutput) GoString() string { return s.String() } type DisableKeyInput struct { // A unique identifier for the customer master key. This value can be a globally // unique identifier or the fully specified ARN to a key. Key ARN Example - // arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 KeyId *string `type:"string" required:"true"` metadataDisableKeyInput `json:"-" xml:"-"` } type metadataDisableKeyInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s DisableKeyInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DisableKeyInput) GoString() string { return s.String() } type DisableKeyOutput struct { metadataDisableKeyOutput `json:"-" xml:"-"` } type metadataDisableKeyOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s DisableKeyOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DisableKeyOutput) GoString() string { return s.String() } type DisableKeyRotationInput struct { // A unique identifier for the customer master key. This value can be a globally // unique identifier or the fully specified ARN to a key. Key ARN Example - // arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 KeyId *string `type:"string" required:"true"` metadataDisableKeyRotationInput `json:"-" xml:"-"` } type metadataDisableKeyRotationInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s DisableKeyRotationInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DisableKeyRotationInput) GoString() string { return s.String() } type DisableKeyRotationOutput struct { metadataDisableKeyRotationOutput `json:"-" xml:"-"` } type metadataDisableKeyRotationOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s DisableKeyRotationOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DisableKeyRotationOutput) GoString() string { return s.String() } type EnableKeyInput struct { // A unique identifier for the customer master key. This value can be a globally // unique identifier or the fully specified ARN to a key. Key ARN Example - // arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 KeyId *string `type:"string" required:"true"` metadataEnableKeyInput `json:"-" xml:"-"` } type metadataEnableKeyInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s EnableKeyInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s EnableKeyInput) GoString() string { return s.String() } type EnableKeyOutput struct { metadataEnableKeyOutput `json:"-" xml:"-"` } type metadataEnableKeyOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s EnableKeyOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s EnableKeyOutput) GoString() string { return s.String() } type EnableKeyRotationInput struct { // A unique identifier for the customer master key. This value can be a globally // unique identifier or the fully specified ARN to a key. Key ARN Example - // arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 KeyId *string `type:"string" required:"true"` metadataEnableKeyRotationInput `json:"-" xml:"-"` } type metadataEnableKeyRotationInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s EnableKeyRotationInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s EnableKeyRotationInput) GoString() string { return s.String() } type EnableKeyRotationOutput struct { metadataEnableKeyRotationOutput `json:"-" xml:"-"` } type metadataEnableKeyRotationOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s EnableKeyRotationOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s EnableKeyRotationOutput) GoString() string { return s.String() } type EncryptInput struct { // Name/value pair that specifies the encryption context to be used for authenticated // encryption. If used here, the same value must be supplied to the Decrypt // API or decryption will fail. For more information, see Encryption Context // (http://docs.aws.amazon.com/kms/latest/developerguide/encrypt-context.html). EncryptionContext map[string]*string `type:"map"` // For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token). GrantTokens []*string `type:"list"` // A unique identifier for the customer master key. This value can be a globally // unique identifier, a fully specified ARN to either an alias or a key, or // an alias name prefixed by "alias/". Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 // Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 Alias // Name Example - alias/MyAliasName KeyId *string `type:"string" required:"true"` // Data to be encrypted. Plaintext []byte `type:"blob" required:"true"` metadataEncryptInput `json:"-" xml:"-"` } type metadataEncryptInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s EncryptInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s EncryptInput) GoString() string { return s.String() } type EncryptOutput struct { // The encrypted plaintext. If you are using the CLI, the value is Base64 encoded. // Otherwise, it is not encoded. CiphertextBlob []byte `type:"blob"` // The ID of the key used during encryption. KeyId *string `type:"string"` metadataEncryptOutput `json:"-" xml:"-"` } type metadataEncryptOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s EncryptOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s EncryptOutput) GoString() string { return s.String() } type GenerateDataKeyInput struct { // Name/value pair that contains additional data to be authenticated during // the encryption and decryption processes that use the key. This value is logged // by AWS CloudTrail to provide context around the data encrypted by the key. EncryptionContext map[string]*string `type:"map"` // For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token). GrantTokens []*string `type:"list"` // A unique identifier for the customer master key. This value can be a globally // unique identifier, a fully specified ARN to either an alias or a key, or // an alias name prefixed by "alias/". Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 // Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 Alias // Name Example - alias/MyAliasName KeyId *string `type:"string" required:"true"` // Value that identifies the encryption algorithm and key size to generate a // data key for. Currently this can be AES_128 or AES_256. KeySpec *string `type:"string" enum:"DataKeySpec"` // Integer that contains the number of bytes to generate. Common values are // 128, 256, 512, and 1024. 1024 is the current limit. We recommend that you // use the KeySpec parameter instead. NumberOfBytes *int64 `type:"integer"` metadataGenerateDataKeyInput `json:"-" xml:"-"` } type metadataGenerateDataKeyInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s GenerateDataKeyInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GenerateDataKeyInput) GoString() string { return s.String() } type GenerateDataKeyOutput struct { // Ciphertext that contains the encrypted data key. You must store the blob // and enough information to reconstruct the encryption context so that the // data encrypted by using the key can later be decrypted. You must provide // both the ciphertext blob and the encryption context to the Decrypt API to // recover the plaintext data key and decrypt the object. // // If you are using the CLI, the value is Base64 encoded. Otherwise, it is // not encoded. CiphertextBlob []byte `type:"blob"` // System generated unique identifier of the key to be used to decrypt the encrypted // copy of the data key. KeyId *string `type:"string"` // Plaintext that contains the data key. Use this for encryption and decryption // and then remove it from memory as soon as possible. Plaintext []byte `type:"blob"` metadataGenerateDataKeyOutput `json:"-" xml:"-"` } type metadataGenerateDataKeyOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s GenerateDataKeyOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GenerateDataKeyOutput) GoString() string { return s.String() } type GenerateDataKeyWithoutPlaintextInput struct { // Name:value pair that contains additional data to be authenticated during // the encryption and decryption processes. EncryptionContext map[string]*string `type:"map"` // For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token). GrantTokens []*string `type:"list"` // A unique identifier for the customer master key. This value can be a globally // unique identifier, a fully specified ARN to either an alias or a key, or // an alias name prefixed by "alias/". Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 // Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 Alias // Name Example - alias/MyAliasName KeyId *string `type:"string" required:"true"` // Value that identifies the encryption algorithm and key size. Currently this // can be AES_128 or AES_256. KeySpec *string `type:"string" enum:"DataKeySpec"` // Integer that contains the number of bytes to generate. Common values are // 128, 256, 512, 1024 and so on. We recommend that you use the KeySpec parameter // instead. NumberOfBytes *int64 `type:"integer"` metadataGenerateDataKeyWithoutPlaintextInput `json:"-" xml:"-"` } type metadataGenerateDataKeyWithoutPlaintextInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s GenerateDataKeyWithoutPlaintextInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GenerateDataKeyWithoutPlaintextInput) GoString() string { return s.String() } type GenerateDataKeyWithoutPlaintextOutput struct { // Ciphertext that contains the wrapped data key. You must store the blob and // encryption context so that the key can be used in a future decrypt operation. // // If you are using the CLI, the value is Base64 encoded. Otherwise, it is // not encoded. CiphertextBlob []byte `type:"blob"` // System generated unique identifier of the key to be used to decrypt the encrypted // copy of the data key. KeyId *string `type:"string"` metadataGenerateDataKeyWithoutPlaintextOutput `json:"-" xml:"-"` } type metadataGenerateDataKeyWithoutPlaintextOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s GenerateDataKeyWithoutPlaintextOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GenerateDataKeyWithoutPlaintextOutput) GoString() string { return s.String() } type GenerateRandomInput struct { // Integer that contains the number of bytes to generate. Common values are // 128, 256, 512, 1024 and so on. The current limit is 1024 bytes. NumberOfBytes *int64 `type:"integer"` metadataGenerateRandomInput `json:"-" xml:"-"` } type metadataGenerateRandomInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s GenerateRandomInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GenerateRandomInput) GoString() string { return s.String() } type GenerateRandomOutput struct { // Plaintext that contains the unpredictable byte string. Plaintext []byte `type:"blob"` metadataGenerateRandomOutput `json:"-" xml:"-"` } type metadataGenerateRandomOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s GenerateRandomOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GenerateRandomOutput) GoString() string { return s.String() } type GetKeyPolicyInput struct { // A unique identifier for the customer master key. This value can be a globally // unique identifier or the fully specified ARN to a key. Key ARN Example - // arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 KeyId *string `type:"string" required:"true"` // String that contains the name of the policy. Currently, this must be "default". // Policy names can be discovered by calling ListKeyPolicies. PolicyName *string `type:"string" required:"true"` metadataGetKeyPolicyInput `json:"-" xml:"-"` } type metadataGetKeyPolicyInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s GetKeyPolicyInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GetKeyPolicyInput) GoString() string { return s.String() } type GetKeyPolicyOutput struct { // A policy document in JSON format. Policy *string `type:"string"` metadataGetKeyPolicyOutput `json:"-" xml:"-"` } type metadataGetKeyPolicyOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s GetKeyPolicyOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GetKeyPolicyOutput) GoString() string { return s.String() } type GetKeyRotationStatusInput struct { // A unique identifier for the customer master key. This value can be a globally // unique identifier or the fully specified ARN to a key. Key ARN Example - // arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 KeyId *string `type:"string" required:"true"` metadataGetKeyRotationStatusInput `json:"-" xml:"-"` } type metadataGetKeyRotationStatusInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s GetKeyRotationStatusInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GetKeyRotationStatusInput) GoString() string { return s.String() } type GetKeyRotationStatusOutput struct { // A Boolean value that specifies whether key rotation is enabled. KeyRotationEnabled *bool `type:"boolean"` metadataGetKeyRotationStatusOutput `json:"-" xml:"-"` } type metadataGetKeyRotationStatusOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s GetKeyRotationStatusOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GetKeyRotationStatusOutput) GoString() string { return s.String() } // Contains constraints on the grant. type GrantConstraints struct { // The constraint contains additional key/value pairs that serve to further // limit the grant. EncryptionContextEquals map[string]*string `type:"map"` // The constraint equals the full encryption context. EncryptionContextSubset map[string]*string `type:"map"` metadataGrantConstraints `json:"-" xml:"-"` } type metadataGrantConstraints struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s GrantConstraints) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GrantConstraints) GoString() string { return s.String() } // Contains information about each entry in the grant list. type GrantListEntry struct { // Specifies the conditions under which the actions specified by the Operations // parameter are allowed. Constraints *GrantConstraints `type:"structure"` // Unique grant identifier. GrantId *string `type:"string"` // The principal that receives the grant permission. GranteePrincipal *string `type:"string"` // The account under which the grant was issued. IssuingAccount *string `type:"string"` // List of operations permitted by the grant. This can be any combination of // one or more of the following values: Decrypt Encrypt GenerateDataKey GenerateDataKeyWithoutPlaintext // ReEncryptFrom ReEncryptTo CreateGrant Operations []*string `type:"list"` // The principal that can retire the account. RetiringPrincipal *string `type:"string"` metadataGrantListEntry `json:"-" xml:"-"` } type metadataGrantListEntry struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s GrantListEntry) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GrantListEntry) GoString() string { return s.String() } // Contains information about each entry in the key list. type KeyListEntry struct { // ARN of the key. KeyArn *string `type:"string"` // Unique identifier of the key. KeyId *string `type:"string"` metadataKeyListEntry `json:"-" xml:"-"` } type metadataKeyListEntry struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s KeyListEntry) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s KeyListEntry) GoString() string { return s.String() } // Contains metadata associated with a specific key. type KeyMetadata struct { // Account ID number. AWSAccountId *string `type:"string"` // Key ARN (Amazon Resource Name). Arn *string `type:"string"` // Date the key was created. CreationDate *time.Time `type:"timestamp" timestampFormat:"unix"` // The description of the key. Description *string `type:"string"` // Value that specifies whether the key is enabled. Enabled *bool `type:"boolean"` // Unique identifier for the key. KeyId *string `type:"string" required:"true"` // A value that specifies what operation(s) the key can perform. KeyUsage *string `type:"string" enum:"KeyUsageType"` metadataKeyMetadata `json:"-" xml:"-"` } type metadataKeyMetadata struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s KeyMetadata) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s KeyMetadata) GoString() string { return s.String() } type ListAliasesInput struct { // Specify this parameter when paginating results to indicate the maximum number // of aliases you want in each response. If there are additional aliases beyond // the maximum you specify, the Truncated response element will be set to true. Limit *int64 `type:"integer"` // Use this parameter when paginating results, and only in a subsequent request // after you've received a response where the results are truncated. Set it // to the value of the NextMarker element in the response you just received. Marker *string `type:"string"` metadataListAliasesInput `json:"-" xml:"-"` } type metadataListAliasesInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s ListAliasesInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ListAliasesInput) GoString() string { return s.String() } type ListAliasesOutput struct { // A list of key aliases in the user's account. Aliases []*AliasListEntry `type:"list"` // If Truncated is true, this value is present and contains the value to use // for the Marker request parameter in a subsequent pagination request. NextMarker *string `type:"string"` // A flag that indicates whether there are more items in the list. If your results // were truncated, you can make a subsequent pagination request using the Marker // request parameter to retrieve more aliases in the list. Truncated *bool `type:"boolean"` metadataListAliasesOutput `json:"-" xml:"-"` } type metadataListAliasesOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s ListAliasesOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ListAliasesOutput) GoString() string { return s.String() } type ListGrantsInput struct { // A unique identifier for the customer master key. This value can be a globally // unique identifier or the fully specified ARN to a key. Key ARN Example - // arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 KeyId *string `type:"string" required:"true"` // Specify this parameter only when paginating results to indicate the maximum // number of grants you want listed in the response. If there are additional // grants beyond the maximum you specify, the Truncated response element will // be set to true. Limit *int64 `type:"integer"` // Use this parameter only when paginating results, and only in a subsequent // request after you've received a response where the results are truncated. // Set it to the value of the NextMarker in the response you just received. Marker *string `type:"string"` metadataListGrantsInput `json:"-" xml:"-"` } type metadataListGrantsInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s ListGrantsInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ListGrantsInput) GoString() string { return s.String() } type ListGrantsOutput struct { // A list of grants. Grants []*GrantListEntry `type:"list"` // If Truncated is true, this value is present and contains the value to use // for the Marker request parameter in a subsequent pagination request. NextMarker *string `type:"string"` // A flag that indicates whether there are more items in the list. If your results // were truncated, you can make a subsequent pagination request using the Marker // request parameter to retrieve more grants in the list. Truncated *bool `type:"boolean"` metadataListGrantsOutput `json:"-" xml:"-"` } type metadataListGrantsOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s ListGrantsOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ListGrantsOutput) GoString() string { return s.String() } type ListKeyPoliciesInput struct { // A unique identifier for the customer master key. This value can be a globally // unique identifier, a fully specified ARN to either an alias or a key, or // an alias name prefixed by "alias/". Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 // Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 Alias // Name Example - alias/MyAliasName KeyId *string `type:"string" required:"true"` // Specify this parameter only when paginating results to indicate the maximum // number of policies you want listed in the response. If there are additional // policies beyond the maximum you specify, the Truncated response element will // be set to true. Limit *int64 `type:"integer"` // Use this parameter only when paginating results, and only in a subsequent // request after you've received a response where the results are truncated. // Set it to the value of the NextMarker in the response you just received. Marker *string `type:"string"` metadataListKeyPoliciesInput `json:"-" xml:"-"` } type metadataListKeyPoliciesInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s ListKeyPoliciesInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ListKeyPoliciesInput) GoString() string { return s.String() } type ListKeyPoliciesOutput struct { // If Truncated is true, this value is present and contains the value to use // for the Marker request parameter in a subsequent pagination request. NextMarker *string `type:"string"` // A list of policy names. Currently, there is only one policy and it is named // "Default". PolicyNames []*string `type:"list"` // A flag that indicates whether there are more items in the list. If your results // were truncated, you can make a subsequent pagination request using the Marker // request parameter to retrieve more policies in the list. Truncated *bool `type:"boolean"` metadataListKeyPoliciesOutput `json:"-" xml:"-"` } type metadataListKeyPoliciesOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s ListKeyPoliciesOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ListKeyPoliciesOutput) GoString() string { return s.String() } type ListKeysInput struct { // Specify this parameter only when paginating results to indicate the maximum // number of keys you want listed in the response. If there are additional keys // beyond the maximum you specify, the Truncated response element will be set // to true. Limit *int64 `type:"integer"` // Use this parameter only when paginating results, and only in a subsequent // request after you've received a response where the results are truncated. // Set it to the value of the NextMarker in the response you just received. Marker *string `type:"string"` metadataListKeysInput `json:"-" xml:"-"` } type metadataListKeysInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s ListKeysInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ListKeysInput) GoString() string { return s.String() } type ListKeysOutput struct { // A list of keys. Keys []*KeyListEntry `type:"list"` // If Truncated is true, this value is present and contains the value to use // for the Marker request parameter in a subsequent pagination request. NextMarker *string `type:"string"` // A flag that indicates whether there are more items in the list. If your results // were truncated, you can make a subsequent pagination request using the Marker // request parameter to retrieve more keys in the list. Truncated *bool `type:"boolean"` metadataListKeysOutput `json:"-" xml:"-"` } type metadataListKeysOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s ListKeysOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ListKeysOutput) GoString() string { return s.String() } type PutKeyPolicyInput struct { // A unique identifier for the customer master key. This value can be a globally // unique identifier or the fully specified ARN to a key. Key ARN Example - // arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 KeyId *string `type:"string" required:"true"` // The policy, in JSON format, to be attached to the key. Policy *string `type:"string" required:"true"` // Name of the policy to be attached. Currently, the only supported name is // "default". PolicyName *string `type:"string" required:"true"` metadataPutKeyPolicyInput `json:"-" xml:"-"` } type metadataPutKeyPolicyInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s PutKeyPolicyInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s PutKeyPolicyInput) GoString() string { return s.String() } type PutKeyPolicyOutput struct { metadataPutKeyPolicyOutput `json:"-" xml:"-"` } type metadataPutKeyPolicyOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s PutKeyPolicyOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s PutKeyPolicyOutput) GoString() string { return s.String() } type ReEncryptInput struct { // Ciphertext of the data to re-encrypt. CiphertextBlob []byte `type:"blob" required:"true"` // Encryption context to be used when the data is re-encrypted. DestinationEncryptionContext map[string]*string `type:"map"` // A unique identifier for the customer master key used to re-encrypt the data. // This value can be a globally unique identifier, a fully specified ARN to // either an alias or a key, or an alias name prefixed by "alias/". Key ARN // Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 // Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 Alias // Name Example - alias/MyAliasName DestinationKeyId *string `type:"string" required:"true"` // For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token). GrantTokens []*string `type:"list"` // Encryption context used to encrypt and decrypt the data specified in the // CiphertextBlob parameter. SourceEncryptionContext map[string]*string `type:"map"` metadataReEncryptInput `json:"-" xml:"-"` } type metadataReEncryptInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s ReEncryptInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ReEncryptInput) GoString() string { return s.String() } type ReEncryptOutput struct { // The re-encrypted data. If you are using the CLI, the value is Base64 encoded. // Otherwise, it is not encoded. CiphertextBlob []byte `type:"blob"` // Unique identifier of the key used to re-encrypt the data. KeyId *string `type:"string"` // Unique identifier of the key used to originally encrypt the data. SourceKeyId *string `type:"string"` metadataReEncryptOutput `json:"-" xml:"-"` } type metadataReEncryptOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s ReEncryptOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ReEncryptOutput) GoString() string { return s.String() } type RetireGrantInput struct { // Unique identifier of the grant to be retired. The grant ID is returned by // the CreateGrant function. Grant ID Example - 0123456789012345678901234567890123456789012345678901234567890123 GrantId *string `type:"string"` // Token that identifies the grant to be retired. GrantToken *string `type:"string"` // A unique identifier for the customer master key associated with the grant. // This value can be a globally unique identifier or a fully specified ARN of // the key. Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 KeyId *string `type:"string"` metadataRetireGrantInput `json:"-" xml:"-"` } type metadataRetireGrantInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s RetireGrantInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s RetireGrantInput) GoString() string { return s.String() } type RetireGrantOutput struct { metadataRetireGrantOutput `json:"-" xml:"-"` } type metadataRetireGrantOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s RetireGrantOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s RetireGrantOutput) GoString() string { return s.String() } type RevokeGrantInput struct { // Identifier of the grant to be revoked. GrantId *string `type:"string" required:"true"` // A unique identifier for the customer master key associated with the grant. // This value can be a globally unique identifier or the fully specified ARN // to a key. Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 KeyId *string `type:"string" required:"true"` metadataRevokeGrantInput `json:"-" xml:"-"` } type metadataRevokeGrantInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s RevokeGrantInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s RevokeGrantInput) GoString() string { return s.String() } type RevokeGrantOutput struct { metadataRevokeGrantOutput `json:"-" xml:"-"` } type metadataRevokeGrantOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s RevokeGrantOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s RevokeGrantOutput) GoString() string { return s.String() } type UpdateAliasInput struct { // String that contains the name of the alias to be modifed. The name must start // with the word "alias" followed by a forward slash (alias/). Aliases that // begin with "alias/AWS" are reserved. AliasName *string `type:"string" required:"true"` // Unique identifier of the customer master key to be associated with the alias. // This value can be a globally unique identifier or the fully specified ARN // of a key. Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 TargetKeyId *string `type:"string" required:"true"` metadataUpdateAliasInput `json:"-" xml:"-"` } type metadataUpdateAliasInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s UpdateAliasInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s UpdateAliasInput) GoString() string { return s.String() } type UpdateAliasOutput struct { metadataUpdateAliasOutput `json:"-" xml:"-"` } type metadataUpdateAliasOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s UpdateAliasOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s UpdateAliasOutput) GoString() string { return s.String() } type UpdateKeyDescriptionInput struct { // New description for the key. Description *string `type:"string" required:"true"` // A unique identifier for the customer master key. This value can be a globally // unique identifier or the fully specified ARN to a key. Key ARN Example - // arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 KeyId *string `type:"string" required:"true"` metadataUpdateKeyDescriptionInput `json:"-" xml:"-"` } type metadataUpdateKeyDescriptionInput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s UpdateKeyDescriptionInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s UpdateKeyDescriptionInput) GoString() string { return s.String() } type UpdateKeyDescriptionOutput struct { metadataUpdateKeyDescriptionOutput `json:"-" xml:"-"` } type metadataUpdateKeyDescriptionOutput struct { SDKShapeTraits bool `type:"structure"` } // String returns the string representation func (s UpdateKeyDescriptionOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s UpdateKeyDescriptionOutput) GoString() string { return s.String() } const ( // @enum DataKeySpec DataKeySpecAes256 = "AES_256" // @enum DataKeySpec DataKeySpecAes128 = "AES_128" ) const ( // @enum GrantOperation GrantOperationDecrypt = "Decrypt" // @enum GrantOperation GrantOperationEncrypt = "Encrypt" // @enum GrantOperation GrantOperationGenerateDataKey = "GenerateDataKey" // @enum GrantOperation GrantOperationGenerateDataKeyWithoutPlaintext = "GenerateDataKeyWithoutPlaintext" // @enum GrantOperation GrantOperationReEncryptFrom = "ReEncryptFrom" // @enum GrantOperation GrantOperationReEncryptTo = "ReEncryptTo" // @enum GrantOperation GrantOperationCreateGrant = "CreateGrant" // @enum GrantOperation GrantOperationRetireGrant = "RetireGrant" ) const ( // @enum KeyUsageType KeyUsageTypeEncryptDecrypt = "ENCRYPT_DECRYPT" )