Documentation ¶
Overview ¶
Package kms provides a client for AWS Key Management Service.
Index ¶
- Constants
- type AliasListEntry
- type CreateAliasRequest
- type CreateGrantRequest
- type CreateGrantResponse
- type CreateKeyRequest
- type CreateKeyResponse
- type DecryptRequest
- type DecryptResponse
- type DeleteAliasRequest
- type DescribeKeyRequest
- type DescribeKeyResponse
- type DisableKeyRequest
- type DisableKeyRotationRequest
- type EnableKeyRequest
- type EnableKeyRotationRequest
- type EncryptRequest
- type EncryptResponse
- type GenerateDataKeyRequest
- type GenerateDataKeyResponse
- type GenerateDataKeyWithoutPlaintextRequest
- type GenerateDataKeyWithoutPlaintextResponse
- type GenerateRandomRequest
- type GenerateRandomResponse
- type GetKeyPolicyRequest
- type GetKeyPolicyResponse
- type GetKeyRotationStatusRequest
- type GetKeyRotationStatusResponse
- type GrantConstraints
- type GrantListEntry
- type KMS
- func (c *KMS) CreateAlias(req *CreateAliasRequest) (err error)
- func (c *KMS) CreateGrant(req *CreateGrantRequest) (resp *CreateGrantResponse, err error)
- func (c *KMS) CreateKey(req *CreateKeyRequest) (resp *CreateKeyResponse, err error)
- func (c *KMS) Decrypt(req *DecryptRequest) (resp *DecryptResponse, err error)
- func (c *KMS) DeleteAlias(req *DeleteAliasRequest) (err error)
- func (c *KMS) DescribeKey(req *DescribeKeyRequest) (resp *DescribeKeyResponse, err error)
- func (c *KMS) DisableKey(req *DisableKeyRequest) (err error)
- func (c *KMS) DisableKeyRotation(req *DisableKeyRotationRequest) (err error)
- func (c *KMS) EnableKey(req *EnableKeyRequest) (err error)
- func (c *KMS) EnableKeyRotation(req *EnableKeyRotationRequest) (err error)
- func (c *KMS) Encrypt(req *EncryptRequest) (resp *EncryptResponse, err error)
- func (c *KMS) GenerateDataKey(req *GenerateDataKeyRequest) (resp *GenerateDataKeyResponse, err error)
- func (c *KMS) GenerateDataKeyWithoutPlaintext(req *GenerateDataKeyWithoutPlaintextRequest) (resp *GenerateDataKeyWithoutPlaintextResponse, err error)
- func (c *KMS) GenerateRandom(req *GenerateRandomRequest) (resp *GenerateRandomResponse, err error)
- func (c *KMS) GetKeyPolicy(req *GetKeyPolicyRequest) (resp *GetKeyPolicyResponse, err error)
- func (c *KMS) GetKeyRotationStatus(req *GetKeyRotationStatusRequest) (resp *GetKeyRotationStatusResponse, err error)
- func (c *KMS) ListAliases(req *ListAliasesRequest) (resp *ListAliasesResponse, err error)
- func (c *KMS) ListGrants(req *ListGrantsRequest) (resp *ListGrantsResponse, err error)
- func (c *KMS) ListKeyPolicies(req *ListKeyPoliciesRequest) (resp *ListKeyPoliciesResponse, err error)
- func (c *KMS) ListKeys(req *ListKeysRequest) (resp *ListKeysResponse, err error)
- func (c *KMS) PutKeyPolicy(req *PutKeyPolicyRequest) (err error)
- func (c *KMS) ReEncrypt(req *ReEncryptRequest) (resp *ReEncryptResponse, err error)
- func (c *KMS) RetireGrant(req *RetireGrantRequest) (err error)
- func (c *KMS) RevokeGrant(req *RevokeGrantRequest) (err error)
- func (c *KMS) UpdateKeyDescription(req *UpdateKeyDescriptionRequest) (err error)
- type KeyListEntry
- type KeyMetadata
- type ListAliasesRequest
- type ListAliasesResponse
- type ListGrantsRequest
- type ListGrantsResponse
- type ListKeyPoliciesRequest
- type ListKeyPoliciesResponse
- type ListKeysRequest
- type ListKeysResponse
- type PutKeyPolicyRequest
- type ReEncryptRequest
- type ReEncryptResponse
- type RetireGrantRequest
- type RevokeGrantRequest
- type UpdateKeyDescriptionRequest
Constants ¶
const ( DataKeySpecAES128 = "AES_128" DataKeySpecAES256 = "AES_256" )
Possible values for KMS.
const ( GrantOperationCreateGrant = "CreateGrant" GrantOperationDecrypt = "Decrypt" GrantOperationEncrypt = "Encrypt" GrantOperationGenerateDataKey = "GenerateDataKey" GrantOperationGenerateDataKeyWithoutPlaintext = "GenerateDataKeyWithoutPlaintext" GrantOperationReEncryptFrom = "ReEncryptFrom" GrantOperationReEncryptTo = "ReEncryptTo" GrantOperationRetireGrant = "RetireGrant" )
Possible values for KMS.
const (
KeyUsageTypeEncryptDecrypt = "ENCRYPT_DECRYPT"
)
Possible values for KMS.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AliasListEntry ¶
type AliasListEntry struct { AliasARN aws.StringValue `json:"AliasArn,omitempty"` AliasName aws.StringValue `json:"AliasName,omitempty"` TargetKeyID aws.StringValue `json:"TargetKeyId,omitempty"` }
AliasListEntry is undocumented.
type CreateAliasRequest ¶
type CreateAliasRequest struct { AliasName aws.StringValue `json:"AliasName"` TargetKeyID aws.StringValue `json:"TargetKeyId"` }
CreateAliasRequest is undocumented.
type CreateGrantRequest ¶
type CreateGrantRequest struct { Constraints *GrantConstraints `json:"Constraints,omitempty"` GrantTokens []string `json:"GrantTokens,omitempty"` GranteePrincipal aws.StringValue `json:"GranteePrincipal"` KeyID aws.StringValue `json:"KeyId"` Operations []string `json:"Operations,omitempty"` RetiringPrincipal aws.StringValue `json:"RetiringPrincipal,omitempty"` }
CreateGrantRequest is undocumented.
type CreateGrantResponse ¶
type CreateGrantResponse struct { GrantID aws.StringValue `json:"GrantId,omitempty"` GrantToken aws.StringValue `json:"GrantToken,omitempty"` }
CreateGrantResponse is undocumented.
type CreateKeyRequest ¶
type CreateKeyRequest struct { Description aws.StringValue `json:"Description,omitempty"` KeyUsage aws.StringValue `json:"KeyUsage,omitempty"` Policy aws.StringValue `json:"Policy,omitempty"` }
CreateKeyRequest is undocumented.
type CreateKeyResponse ¶
type CreateKeyResponse struct {
KeyMetadata *KeyMetadata `json:"KeyMetadata,omitempty"`
}
CreateKeyResponse is undocumented.
type DecryptRequest ¶
type DecryptRequest struct { CiphertextBlob []byte `json:"CiphertextBlob"` EncryptionContext map[string]string `json:"EncryptionContext,omitempty"` GrantTokens []string `json:"GrantTokens,omitempty"` }
DecryptRequest is undocumented.
type DecryptResponse ¶
type DecryptResponse struct { KeyID aws.StringValue `json:"KeyId,omitempty"` Plaintext []byte `json:"Plaintext,omitempty"` }
DecryptResponse is undocumented.
type DeleteAliasRequest ¶
type DeleteAliasRequest struct {
AliasName aws.StringValue `json:"AliasName"`
}
DeleteAliasRequest is undocumented.
type DescribeKeyRequest ¶
type DescribeKeyRequest struct {
KeyID aws.StringValue `json:"KeyId"`
}
DescribeKeyRequest is undocumented.
type DescribeKeyResponse ¶
type DescribeKeyResponse struct {
KeyMetadata *KeyMetadata `json:"KeyMetadata,omitempty"`
}
DescribeKeyResponse is undocumented.
type DisableKeyRequest ¶
type DisableKeyRequest struct {
KeyID aws.StringValue `json:"KeyId"`
}
DisableKeyRequest is undocumented.
type DisableKeyRotationRequest ¶
type DisableKeyRotationRequest struct {
KeyID aws.StringValue `json:"KeyId"`
}
DisableKeyRotationRequest is undocumented.
type EnableKeyRequest ¶
type EnableKeyRequest struct {
KeyID aws.StringValue `json:"KeyId"`
}
EnableKeyRequest is undocumented.
type EnableKeyRotationRequest ¶
type EnableKeyRotationRequest struct {
KeyID aws.StringValue `json:"KeyId"`
}
EnableKeyRotationRequest is undocumented.
type EncryptRequest ¶
type EncryptRequest struct { EncryptionContext map[string]string `json:"EncryptionContext,omitempty"` GrantTokens []string `json:"GrantTokens,omitempty"` KeyID aws.StringValue `json:"KeyId"` Plaintext []byte `json:"Plaintext"` }
EncryptRequest is undocumented.
type EncryptResponse ¶
type EncryptResponse struct { CiphertextBlob []byte `json:"CiphertextBlob,omitempty"` KeyID aws.StringValue `json:"KeyId,omitempty"` }
EncryptResponse is undocumented.
type GenerateDataKeyRequest ¶
type GenerateDataKeyRequest struct { EncryptionContext map[string]string `json:"EncryptionContext,omitempty"` GrantTokens []string `json:"GrantTokens,omitempty"` KeyID aws.StringValue `json:"KeyId"` KeySpec aws.StringValue `json:"KeySpec,omitempty"` NumberOfBytes aws.IntegerValue `json:"NumberOfBytes,omitempty"` }
GenerateDataKeyRequest is undocumented.
type GenerateDataKeyResponse ¶
type GenerateDataKeyResponse struct { CiphertextBlob []byte `json:"CiphertextBlob,omitempty"` KeyID aws.StringValue `json:"KeyId,omitempty"` Plaintext []byte `json:"Plaintext,omitempty"` }
GenerateDataKeyResponse is undocumented.
type GenerateDataKeyWithoutPlaintextRequest ¶
type GenerateDataKeyWithoutPlaintextRequest struct { EncryptionContext map[string]string `json:"EncryptionContext,omitempty"` GrantTokens []string `json:"GrantTokens,omitempty"` KeyID aws.StringValue `json:"KeyId"` KeySpec aws.StringValue `json:"KeySpec,omitempty"` NumberOfBytes aws.IntegerValue `json:"NumberOfBytes,omitempty"` }
GenerateDataKeyWithoutPlaintextRequest is undocumented.
type GenerateDataKeyWithoutPlaintextResponse ¶
type GenerateDataKeyWithoutPlaintextResponse struct { CiphertextBlob []byte `json:"CiphertextBlob,omitempty"` KeyID aws.StringValue `json:"KeyId,omitempty"` }
GenerateDataKeyWithoutPlaintextResponse is undocumented.
type GenerateRandomRequest ¶
type GenerateRandomRequest struct {
NumberOfBytes aws.IntegerValue `json:"NumberOfBytes,omitempty"`
}
GenerateRandomRequest is undocumented.
type GenerateRandomResponse ¶
type GenerateRandomResponse struct {
Plaintext []byte `json:"Plaintext,omitempty"`
}
GenerateRandomResponse is undocumented.
type GetKeyPolicyRequest ¶
type GetKeyPolicyRequest struct { KeyID aws.StringValue `json:"KeyId"` PolicyName aws.StringValue `json:"PolicyName"` }
GetKeyPolicyRequest is undocumented.
type GetKeyPolicyResponse ¶
type GetKeyPolicyResponse struct {
Policy aws.StringValue `json:"Policy,omitempty"`
}
GetKeyPolicyResponse is undocumented.
type GetKeyRotationStatusRequest ¶
type GetKeyRotationStatusRequest struct {
KeyID aws.StringValue `json:"KeyId"`
}
GetKeyRotationStatusRequest is undocumented.
type GetKeyRotationStatusResponse ¶
type GetKeyRotationStatusResponse struct {
KeyRotationEnabled aws.BooleanValue `json:"KeyRotationEnabled,omitempty"`
}
GetKeyRotationStatusResponse is undocumented.
type GrantConstraints ¶
type GrantConstraints struct { EncryptionContextEquals map[string]string `json:"EncryptionContextEquals,omitempty"` EncryptionContextSubset map[string]string `json:"EncryptionContextSubset,omitempty"` }
GrantConstraints is undocumented.
type GrantListEntry ¶
type GrantListEntry struct { Constraints *GrantConstraints `json:"Constraints,omitempty"` GrantID aws.StringValue `json:"GrantId,omitempty"` GranteePrincipal aws.StringValue `json:"GranteePrincipal,omitempty"` IssuingAccount aws.StringValue `json:"IssuingAccount,omitempty"` Operations []string `json:"Operations,omitempty"` RetiringPrincipal aws.StringValue `json:"RetiringPrincipal,omitempty"` }
GrantListEntry is undocumented.
type KMS ¶
type KMS struct {
// contains filtered or unexported fields
}
KMS is a client for AWS Key Management Service.
func (*KMS) CreateAlias ¶
func (c *KMS) CreateAlias(req *CreateAliasRequest) (err error)
CreateAlias creates a display name for a customer master key. An alias can be used to identify a key and should be unique. The console enforces a one-to-one mapping between the alias and a key. An alias name can contain only alphanumeric characters, forward slashes underscores and dashes An alias must start with the word "alias" followed by a forward slash (alias/). An alias that begins with "aws" after the forward slash (alias/aws...) is reserved by Amazon Web Services
func (*KMS) CreateGrant ¶
func (c *KMS) CreateGrant(req *CreateGrantRequest) (resp *CreateGrantResponse, err error)
CreateGrant adds a grant to a key to specify who can access the key and under what conditions. Grants are alternate permission mechanisms to key policies. If absent, access to the key is evaluated based on IAM policies attached to the user. By default, grants do not expire. Grants can be listed, retired, or revoked as indicated by the following APIs. Typically, when you are finished using a grant, you retire it. When you want to end a grant immediately, revoke it. For more information about grants, see Grants .
func (*KMS) CreateKey ¶
func (c *KMS) CreateKey(req *CreateKeyRequest) (resp *CreateKeyResponse, err error)
CreateKey creates a customer master key. Customer master keys can be used to encrypt small amounts of data (less than 4K) directly, but they are most commonly used to encrypt or envelope data keys that are then used to encrypt customer data. For more information about data keys, see GenerateDataKey and GenerateDataKeyWithoutPlaintext
func (*KMS) Decrypt ¶
func (c *KMS) Decrypt(req *DecryptRequest) (resp *DecryptResponse, err error)
Decrypt decrypts ciphertext. Ciphertext is plaintext that has been previously encrypted by using the Encrypt function.
func (*KMS) DeleteAlias ¶
func (c *KMS) DeleteAlias(req *DeleteAliasRequest) (err error)
DeleteAlias is undocumented.
func (*KMS) DescribeKey ¶
func (c *KMS) DescribeKey(req *DescribeKeyRequest) (resp *DescribeKeyResponse, err error)
DescribeKey provides detailed information about the specified customer master key.
func (*KMS) DisableKey ¶
func (c *KMS) DisableKey(req *DisableKeyRequest) (err error)
DisableKey marks a key as disabled, thereby preventing its use.
func (*KMS) DisableKeyRotation ¶
func (c *KMS) DisableKeyRotation(req *DisableKeyRotationRequest) (err error)
DisableKeyRotation is undocumented.
func (*KMS) EnableKey ¶
func (c *KMS) EnableKey(req *EnableKeyRequest) (err error)
EnableKey marks a key as enabled, thereby permitting its use. You can have up to 25 enabled keys at one time.
func (*KMS) EnableKeyRotation ¶
func (c *KMS) EnableKeyRotation(req *EnableKeyRotationRequest) (err error)
EnableKeyRotation enables rotation of the specified customer master key.
func (*KMS) Encrypt ¶
func (c *KMS) Encrypt(req *EncryptRequest) (resp *EncryptResponse, err error)
Encrypt encrypts plaintext into ciphertext by using a customer master key.
func (*KMS) GenerateDataKey ¶
func (c *KMS) GenerateDataKey(req *GenerateDataKeyRequest) (resp *GenerateDataKeyResponse, err error)
GenerateDataKey generates a secure data key. Data keys are used to encrypt and decrypt data. They are wrapped by customer master keys.
func (*KMS) GenerateDataKeyWithoutPlaintext ¶
func (c *KMS) GenerateDataKeyWithoutPlaintext(req *GenerateDataKeyWithoutPlaintextRequest) (resp *GenerateDataKeyWithoutPlaintextResponse, err error)
GenerateDataKeyWithoutPlaintext returns a key wrapped by a customer master key without the plaintext copy of that key. To retrieve the plaintext, see GenerateDataKey .
func (*KMS) GenerateRandom ¶
func (c *KMS) GenerateRandom(req *GenerateRandomRequest) (resp *GenerateRandomResponse, err error)
GenerateRandom is undocumented.
func (*KMS) GetKeyPolicy ¶
func (c *KMS) GetKeyPolicy(req *GetKeyPolicyRequest) (resp *GetKeyPolicyResponse, err error)
GetKeyPolicy is undocumented.
func (*KMS) GetKeyRotationStatus ¶
func (c *KMS) GetKeyRotationStatus(req *GetKeyRotationStatusRequest) (resp *GetKeyRotationStatusResponse, err error)
GetKeyRotationStatus retrieves a Boolean value that indicates whether key rotation is enabled for the specified key.
func (*KMS) ListAliases ¶
func (c *KMS) ListAliases(req *ListAliasesRequest) (resp *ListAliasesResponse, err error)
ListAliases is undocumented.
func (*KMS) ListGrants ¶
func (c *KMS) ListGrants(req *ListGrantsRequest) (resp *ListGrantsResponse, err error)
ListGrants is undocumented.
func (*KMS) ListKeyPolicies ¶
func (c *KMS) ListKeyPolicies(req *ListKeyPoliciesRequest) (resp *ListKeyPoliciesResponse, err error)
ListKeyPolicies is undocumented.
func (*KMS) ListKeys ¶
func (c *KMS) ListKeys(req *ListKeysRequest) (resp *ListKeysResponse, err error)
ListKeys is undocumented.
func (*KMS) PutKeyPolicy ¶
func (c *KMS) PutKeyPolicy(req *PutKeyPolicyRequest) (err error)
PutKeyPolicy is undocumented.
func (*KMS) ReEncrypt ¶
func (c *KMS) ReEncrypt(req *ReEncryptRequest) (resp *ReEncryptResponse, err error)
ReEncrypt encrypts data on the server side with a new customer master key without exposing the plaintext of the data on the client side. The data is first decrypted and then encrypted. This operation can also be used to change the encryption context of a ciphertext.
func (*KMS) RetireGrant ¶
func (c *KMS) RetireGrant(req *RetireGrantRequest) (err error)
RetireGrant retires a grant. You can retire a grant when you're done using it to clean up. You should revoke a grant when you intend to actively deny operations that depend on it.
func (*KMS) RevokeGrant ¶
func (c *KMS) RevokeGrant(req *RevokeGrantRequest) (err error)
RevokeGrant revokes a grant. You can revoke a grant to actively deny operations that depend on it.
func (*KMS) UpdateKeyDescription ¶
func (c *KMS) UpdateKeyDescription(req *UpdateKeyDescriptionRequest) (err error)
UpdateKeyDescription <nil>
type KeyListEntry ¶
type KeyListEntry struct { KeyARN aws.StringValue `json:"KeyArn,omitempty"` KeyID aws.StringValue `json:"KeyId,omitempty"` }
KeyListEntry is undocumented.
type KeyMetadata ¶
type KeyMetadata struct { AWSAccountID aws.StringValue `json:"AWSAccountId,omitempty"` ARN aws.StringValue `json:"Arn,omitempty"` CreationDate *aws.UnixTimestamp `json:"CreationDate,omitempty"` Description aws.StringValue `json:"Description,omitempty"` Enabled aws.BooleanValue `json:"Enabled,omitempty"` KeyID aws.StringValue `json:"KeyId"` KeyUsage aws.StringValue `json:"KeyUsage,omitempty"` }
KeyMetadata is undocumented.
type ListAliasesRequest ¶
type ListAliasesRequest struct { Limit aws.IntegerValue `json:"Limit,omitempty"` Marker aws.StringValue `json:"Marker,omitempty"` }
ListAliasesRequest is undocumented.
type ListAliasesResponse ¶
type ListAliasesResponse struct { Aliases []AliasListEntry `json:"Aliases,omitempty"` NextMarker aws.StringValue `json:"NextMarker,omitempty"` Truncated aws.BooleanValue `json:"Truncated,omitempty"` }
ListAliasesResponse is undocumented.
type ListGrantsRequest ¶
type ListGrantsRequest struct { KeyID aws.StringValue `json:"KeyId"` Limit aws.IntegerValue `json:"Limit,omitempty"` Marker aws.StringValue `json:"Marker,omitempty"` }
ListGrantsRequest is undocumented.
type ListGrantsResponse ¶
type ListGrantsResponse struct { Grants []GrantListEntry `json:"Grants,omitempty"` NextMarker aws.StringValue `json:"NextMarker,omitempty"` Truncated aws.BooleanValue `json:"Truncated,omitempty"` }
ListGrantsResponse is undocumented.
type ListKeyPoliciesRequest ¶
type ListKeyPoliciesRequest struct { KeyID aws.StringValue `json:"KeyId"` Limit aws.IntegerValue `json:"Limit,omitempty"` Marker aws.StringValue `json:"Marker,omitempty"` }
ListKeyPoliciesRequest is undocumented.
type ListKeyPoliciesResponse ¶
type ListKeyPoliciesResponse struct { NextMarker aws.StringValue `json:"NextMarker,omitempty"` PolicyNames []string `json:"PolicyNames,omitempty"` Truncated aws.BooleanValue `json:"Truncated,omitempty"` }
ListKeyPoliciesResponse is undocumented.
type ListKeysRequest ¶
type ListKeysRequest struct { Limit aws.IntegerValue `json:"Limit,omitempty"` Marker aws.StringValue `json:"Marker,omitempty"` }
ListKeysRequest is undocumented.
type ListKeysResponse ¶
type ListKeysResponse struct { Keys []KeyListEntry `json:"Keys,omitempty"` NextMarker aws.StringValue `json:"NextMarker,omitempty"` Truncated aws.BooleanValue `json:"Truncated,omitempty"` }
ListKeysResponse is undocumented.
type PutKeyPolicyRequest ¶
type PutKeyPolicyRequest struct { KeyID aws.StringValue `json:"KeyId"` Policy aws.StringValue `json:"Policy"` PolicyName aws.StringValue `json:"PolicyName"` }
PutKeyPolicyRequest is undocumented.
type ReEncryptRequest ¶
type ReEncryptRequest struct { CiphertextBlob []byte `json:"CiphertextBlob"` DestinationEncryptionContext map[string]string `json:"DestinationEncryptionContext,omitempty"` DestinationKeyID aws.StringValue `json:"DestinationKeyId"` GrantTokens []string `json:"GrantTokens,omitempty"` SourceEncryptionContext map[string]string `json:"SourceEncryptionContext,omitempty"` }
ReEncryptRequest is undocumented.
type ReEncryptResponse ¶
type ReEncryptResponse struct { CiphertextBlob []byte `json:"CiphertextBlob,omitempty"` KeyID aws.StringValue `json:"KeyId,omitempty"` SourceKeyID aws.StringValue `json:"SourceKeyId,omitempty"` }
ReEncryptResponse is undocumented.
type RetireGrantRequest ¶
type RetireGrantRequest struct {
GrantToken aws.StringValue `json:"GrantToken"`
}
RetireGrantRequest is undocumented.
type RevokeGrantRequest ¶
type RevokeGrantRequest struct { GrantID aws.StringValue `json:"GrantId"` KeyID aws.StringValue `json:"KeyId"` }
RevokeGrantRequest is undocumented.
type UpdateKeyDescriptionRequest ¶
type UpdateKeyDescriptionRequest struct { Description aws.StringValue `json:"Description"` KeyID aws.StringValue `json:"KeyId"` }
UpdateKeyDescriptionRequest is undocumented.