amazonka-kms-1.6.1: Amazon Key Management Service SDK.

Copyright(c) 2013-2018 Brendan Hay
LicenseMozilla Public License, v. 2.0.
MaintainerBrendan Hay <brendan.g.hay+amazonka@gmail.com>
Stabilityauto-generated
Portabilitynon-portable (GHC extensions)
Safe HaskellNone
LanguageHaskell2010

Network.AWS.KMS.Decrypt

Contents

Description

Decrypts ciphertext. Ciphertext is plaintext that has been previously encrypted by using any of the following operations:

Note that if a caller has been granted access permissions to all keys (through, for example, IAM user policies that grant Decrypt permission on all resources), then ciphertext encrypted by using keys in other accounts where the key grants access to the caller can be decrypted. To remedy this, we recommend that you do not grant Decrypt access in an IAM user policy. Instead grant Decrypt access only in key policies. If you must grant Decrypt access in an IAM user policy, you should scope the resource to specific keys or to specific trusted accounts.

Synopsis

Creating a Request

decrypt Source #

Creates a value of Decrypt with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

  • decEncryptionContext - The encryption context. If this was specified in the Encrypt function, it must be specified here or the decryption operation will fail. For more information, see Encryption Context .
  • decGrantTokens - A list of grant tokens. For more information, see Grant Tokens in the AWS Key Management Service Developer Guide .
  • decCiphertextBlob - Ciphertext to be decrypted. The blob includes metadata.-- Note: This Lens automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This Lens accepts and returns only raw unencoded data.

data Decrypt Source #

See: decrypt smart constructor.

Instances
Eq Decrypt Source # 
Instance details

Defined in Network.AWS.KMS.Decrypt

Methods

(==) :: Decrypt -> Decrypt -> Bool #

(/=) :: Decrypt -> Decrypt -> Bool #

Data Decrypt Source # 
Instance details

Defined in Network.AWS.KMS.Decrypt

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> Decrypt -> c Decrypt #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c Decrypt #

toConstr :: Decrypt -> Constr #

dataTypeOf :: Decrypt -> DataType #

dataCast1 :: Typeable t => (forall d. Data d => c (t d)) -> Maybe (c Decrypt) #

dataCast2 :: Typeable t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c Decrypt) #

gmapT :: (forall b. Data b => b -> b) -> Decrypt -> Decrypt #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> Decrypt -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> Decrypt -> r #

gmapQ :: (forall d. Data d => d -> u) -> Decrypt -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> Decrypt -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> Decrypt -> m Decrypt #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> Decrypt -> m Decrypt #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> Decrypt -> m Decrypt #

Read Decrypt Source # 
Instance details

Defined in Network.AWS.KMS.Decrypt

Show Decrypt Source # 
Instance details

Defined in Network.AWS.KMS.Decrypt

Generic Decrypt Source # 
Instance details

Defined in Network.AWS.KMS.Decrypt

Associated Types

type Rep Decrypt :: Type -> Type #

Methods

from :: Decrypt -> Rep Decrypt x #

to :: Rep Decrypt x -> Decrypt #

Hashable Decrypt Source # 
Instance details

Defined in Network.AWS.KMS.Decrypt

Methods

hashWithSalt :: Int -> Decrypt -> Int #

hash :: Decrypt -> Int #

ToJSON Decrypt Source # 
Instance details

Defined in Network.AWS.KMS.Decrypt

AWSRequest Decrypt Source # 
Instance details

Defined in Network.AWS.KMS.Decrypt

Associated Types

type Rs Decrypt :: Type #

ToHeaders Decrypt Source # 
Instance details

Defined in Network.AWS.KMS.Decrypt

Methods

toHeaders :: Decrypt -> [Header] #

ToPath Decrypt Source # 
Instance details

Defined in Network.AWS.KMS.Decrypt

Methods

toPath :: Decrypt -> ByteString #

ToQuery Decrypt Source # 
Instance details

Defined in Network.AWS.KMS.Decrypt

NFData Decrypt Source # 
Instance details

Defined in Network.AWS.KMS.Decrypt

Methods

rnf :: Decrypt -> () #

type Rep Decrypt Source # 
Instance details

Defined in Network.AWS.KMS.Decrypt

type Rep Decrypt = D1 (MetaData "Decrypt" "Network.AWS.KMS.Decrypt" "amazonka-kms-1.6.1-1UDljZYfeha1jjHbbMax4v" False) (C1 (MetaCons "Decrypt'" PrefixI True) (S1 (MetaSel (Just "_decEncryptionContext") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe (Map Text Text))) :*: (S1 (MetaSel (Just "_decGrantTokens") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe [Text])) :*: S1 (MetaSel (Just "_decCiphertextBlob") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Base64))))
type Rs Decrypt Source # 
Instance details

Defined in Network.AWS.KMS.Decrypt

Request Lenses

decEncryptionContext :: Lens' Decrypt (HashMap Text Text) Source #

The encryption context. If this was specified in the Encrypt function, it must be specified here or the decryption operation will fail. For more information, see Encryption Context .

decGrantTokens :: Lens' Decrypt [Text] Source #

A list of grant tokens. For more information, see Grant Tokens in the AWS Key Management Service Developer Guide .

decCiphertextBlob :: Lens' Decrypt ByteString Source #

Ciphertext to be decrypted. The blob includes metadata.-- Note: This Lens automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This Lens accepts and returns only raw unencoded data.

Destructuring the Response

decryptResponse Source #

Creates a value of DecryptResponse with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

  • drsKeyId - ARN of the key used to perform the decryption. This value is returned if no errors are encountered during the operation.
  • drsPlaintext - Decrypted plaintext data. When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded.-- Note: This Lens automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This Lens accepts and returns only raw unencoded data.
  • drsResponseStatus - -- | The response status code.

data DecryptResponse Source #

See: decryptResponse smart constructor.

Instances
Eq DecryptResponse Source # 
Instance details

Defined in Network.AWS.KMS.Decrypt

Data DecryptResponse Source # 
Instance details

Defined in Network.AWS.KMS.Decrypt

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> DecryptResponse -> c DecryptResponse #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c DecryptResponse #

toConstr :: DecryptResponse -> Constr #

dataTypeOf :: DecryptResponse -> DataType #

dataCast1 :: Typeable t => (forall d. Data d => c (t d)) -> Maybe (c DecryptResponse) #

dataCast2 :: Typeable t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c DecryptResponse) #

gmapT :: (forall b. Data b => b -> b) -> DecryptResponse -> DecryptResponse #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> DecryptResponse -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> DecryptResponse -> r #

gmapQ :: (forall d. Data d => d -> u) -> DecryptResponse -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> DecryptResponse -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> DecryptResponse -> m DecryptResponse #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> DecryptResponse -> m DecryptResponse #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> DecryptResponse -> m DecryptResponse #

Show DecryptResponse Source # 
Instance details

Defined in Network.AWS.KMS.Decrypt

Generic DecryptResponse Source # 
Instance details

Defined in Network.AWS.KMS.Decrypt

Associated Types

type Rep DecryptResponse :: Type -> Type #

NFData DecryptResponse Source # 
Instance details

Defined in Network.AWS.KMS.Decrypt

Methods

rnf :: DecryptResponse -> () #

type Rep DecryptResponse Source # 
Instance details

Defined in Network.AWS.KMS.Decrypt

type Rep DecryptResponse = D1 (MetaData "DecryptResponse" "Network.AWS.KMS.Decrypt" "amazonka-kms-1.6.1-1UDljZYfeha1jjHbbMax4v" False) (C1 (MetaCons "DecryptResponse'" PrefixI True) (S1 (MetaSel (Just "_drsKeyId") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text)) :*: (S1 (MetaSel (Just "_drsPlaintext") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe (Sensitive Base64))) :*: S1 (MetaSel (Just "_drsResponseStatus") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Int))))

Response Lenses

drsKeyId :: Lens' DecryptResponse (Maybe Text) Source #

ARN of the key used to perform the decryption. This value is returned if no errors are encountered during the operation.

drsPlaintext :: Lens' DecryptResponse (Maybe ByteString) Source #

Decrypted plaintext data. When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded.-- Note: This Lens automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This Lens accepts and returns only raw unencoded data.

drsResponseStatus :: Lens' DecryptResponse Int Source #

  • - | The response status code.