amazonka-kms-0.1.2: Amazon Key Management Service SDK.

Safe HaskellNone
LanguageHaskell2010

Network.AWS.KMS.ReEncrypt

Contents

Description

Encrypts data on the server side with a new customer master key without exposing the plaintext of the data on the client side. The data is first decrypted and then encrypted. This operation can also be used to change the encryption context of a ciphertext.

http://docs.aws.amazon.com/kms/latest/APIReference/API_ReEncrypt.html

Synopsis

Request

data ReEncrypt Source

Instances

Request constructor

reEncrypt Source

Arguments

:: Base64

reCiphertextBlob

-> Text

reDestinationKeyId

-> ReEncrypt 

ReEncrypt constructor.

The fields accessible through corresponding lenses are:

Request lenses

reCiphertextBlob :: Lens' ReEncrypt Base64 Source

Ciphertext of the data to re-encrypt.

reDestinationEncryptionContext :: Lens' ReEncrypt (HashMap Text Text) Source

Encryption context to be used when the data is re-encrypted.

reDestinationKeyId :: Lens' ReEncrypt Text Source

Key identifier of the key used to re-encrypt the data.

reGrantTokens :: Lens' ReEncrypt [Text] Source

Grant tokens that identify the grants that have permissions for the encryption and decryption process.

reSourceEncryptionContext :: Lens' ReEncrypt (HashMap Text Text) Source

Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.

Response

data ReEncryptResponse Source

Instances

Response constructor

reEncryptResponse :: ReEncryptResponse Source

ReEncryptResponse constructor.

The fields accessible through corresponding lenses are:

Response lenses

rerCiphertextBlob :: Lens' ReEncryptResponse (Maybe Base64) Source

The re-encrypted data.

rerKeyId :: Lens' ReEncryptResponse (Maybe Text) Source

Unique identifier of the key used to re-encrypt the data.

rerSourceKeyId :: Lens' ReEncryptResponse (Maybe Text) Source

Unique identifier of the key used to originally encrypt the data.