Copyright | (c) 2013-2015 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Language | Haskell2010 |
Encrypts data on the server side with a new customer master key without exposing the plaintext of the data on the client side. The data is first decrypted and then encrypted. This operation can also be used to change the encryption context of a ciphertext.
Unlike other actions, ReEncrypt
is authorized twice - once as
ReEncryptFrom
on the source key and once as ReEncryptTo
on the
destination key. We therefore recommend that you include the
'"action":"kms:ReEncrypt*"' statement in your key policies to permit
re-encryption from or to the key. The statement is included
automatically when you authorize use of the key through the console but
must be included manually when you set a policy by using the
PutKeyPolicy function.
See: AWS API Reference for ReEncrypt.
- reEncrypt :: ByteString -> Text -> ReEncrypt
- data ReEncrypt
- reDestinationEncryptionContext :: Lens' ReEncrypt (HashMap Text Text)
- reSourceEncryptionContext :: Lens' ReEncrypt (HashMap Text Text)
- reGrantTokens :: Lens' ReEncrypt [Text]
- reCiphertextBlob :: Lens' ReEncrypt ByteString
- reDestinationKeyId :: Lens' ReEncrypt Text
- reEncryptResponse :: Int -> ReEncryptResponse
- data ReEncryptResponse
- rersSourceKeyId :: Lens' ReEncryptResponse (Maybe Text)
- rersKeyId :: Lens' ReEncryptResponse (Maybe Text)
- rersCiphertextBlob :: Lens' ReEncryptResponse (Maybe ByteString)
- rersStatus :: Lens' ReEncryptResponse Int
Creating a Request
Creates a value of ReEncrypt
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
See: reEncrypt
smart constructor.
Request Lenses
reDestinationEncryptionContext :: Lens' ReEncrypt (HashMap Text Text) Source
Encryption context to be used when the data is re-encrypted.
reSourceEncryptionContext :: Lens' ReEncrypt (HashMap Text Text) Source
Encryption context used to encrypt and decrypt the data specified in the
CiphertextBlob
parameter.
reGrantTokens :: Lens' ReEncrypt [Text] Source
For more information, see Grant Tokens.
reCiphertextBlob :: Lens' ReEncrypt ByteString Source
Ciphertext of the data to re-encrypt.
Note: This Lens
automatically encodes and decodes Base64 data,
despite what the AWS documentation might say.
The underlying isomorphism will encode to Base64 representation during
serialisation, and decode from Base64 representation during deserialisation.
This Lens
accepts and returns only raw unencoded data.
reDestinationKeyId :: Lens' ReEncrypt Text Source
A unique identifier for the customer master key used to re-encrypt the data. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".
- Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
- Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
- Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
- Alias Name Example - alias/MyAliasName
Destructuring the Response
Creates a value of ReEncryptResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
data ReEncryptResponse Source
See: reEncryptResponse
smart constructor.
Response Lenses
rersSourceKeyId :: Lens' ReEncryptResponse (Maybe Text) Source
Unique identifier of the key used to originally encrypt the data.
rersKeyId :: Lens' ReEncryptResponse (Maybe Text) Source
Unique identifier of the key used to re-encrypt the data.
rersCiphertextBlob :: Lens' ReEncryptResponse (Maybe ByteString) Source
The re-encrypted data. If you are using the CLI, the value is Base64 encoded. Otherwise, it is not encoded.
Note: This Lens
automatically encodes and decodes Base64 data,
despite what the AWS documentation might say.
The underlying isomorphism will encode to Base64 representation during
serialisation, and decode from Base64 representation during deserialisation.
This Lens
accepts and returns only raw unencoded data.
rersStatus :: Lens' ReEncryptResponse Int Source
The response status code.