| Safe Haskell | None |
|---|---|
| Language | Haskell2010 |
Network.AWS.KMS.GenerateDataKeyWithoutPlaintext
Description
Returns a data key encrypted by a customer master key without the plaintext
copy of that key. Otherwise, this API functions exactly like GenerateDataKey.
You can use this API to, for example, satisfy an audit requirement that an
encrypted key be made available without exposing the plaintext copy of that
key.
http://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKeyWithoutPlaintext.html
- data GenerateDataKeyWithoutPlaintext
- generateDataKeyWithoutPlaintext :: Text -> GenerateDataKeyWithoutPlaintext
- gdkwpEncryptionContext :: Lens' GenerateDataKeyWithoutPlaintext (HashMap Text Text)
- gdkwpGrantTokens :: Lens' GenerateDataKeyWithoutPlaintext [Text]
- gdkwpKeyId :: Lens' GenerateDataKeyWithoutPlaintext Text
- gdkwpKeySpec :: Lens' GenerateDataKeyWithoutPlaintext (Maybe DataKeySpec)
- gdkwpNumberOfBytes :: Lens' GenerateDataKeyWithoutPlaintext (Maybe Natural)
- data GenerateDataKeyWithoutPlaintextResponse
- generateDataKeyWithoutPlaintextResponse :: GenerateDataKeyWithoutPlaintextResponse
- gdkwprCiphertextBlob :: Lens' GenerateDataKeyWithoutPlaintextResponse (Maybe Base64)
- gdkwprKeyId :: Lens' GenerateDataKeyWithoutPlaintextResponse (Maybe Text)
Request
data GenerateDataKeyWithoutPlaintext Source
Instances
Request constructor
generateDataKeyWithoutPlaintext Source
Arguments
| :: Text | |
| -> GenerateDataKeyWithoutPlaintext |
GenerateDataKeyWithoutPlaintext constructor.
The fields accessible through corresponding lenses are:
Request lenses
gdkwpEncryptionContext :: Lens' GenerateDataKeyWithoutPlaintext (HashMap Text Text) Source
Name:value pair that contains additional data to be authenticated during the encryption and decryption processes.
gdkwpGrantTokens :: Lens' GenerateDataKeyWithoutPlaintext [Text] Source
For more information, see Grant Tokens.
gdkwpKeyId :: Lens' GenerateDataKeyWithoutPlaintext Text Source
A unique identifier for the customer master key. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/". Key ARN Example - arn:aws:kms:us-east-1:123456789012:key12345678-1234-1234-1234-123456789012 Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName Globally Unique Key ID Example - 12345678-1234-1234-123456789012 Alias Name Example - alias/MyAliasName
gdkwpKeySpec :: Lens' GenerateDataKeyWithoutPlaintext (Maybe DataKeySpec) Source
Value that identifies the encryption algorithm and key size. Currently this can be AES_128 or AES_256.
gdkwpNumberOfBytes :: Lens' GenerateDataKeyWithoutPlaintext (Maybe Natural) Source
Integer that contains the number of bytes to generate. Common values are 128,
256, 512, 1024 and so on. We recommend that you use the KeySpec parameter
instead.
Response
Response constructor
generateDataKeyWithoutPlaintextResponse :: GenerateDataKeyWithoutPlaintextResponse Source
GenerateDataKeyWithoutPlaintextResponse constructor.
The fields accessible through corresponding lenses are:
gdkwprCiphertextBlob::MaybeBase64gdkwprKeyId::MaybeText
Response lenses
gdkwprCiphertextBlob :: Lens' GenerateDataKeyWithoutPlaintextResponse (Maybe Base64) Source
Ciphertext that contains the wrapped data key. You must store the blob and encryption context so that the key can be used in a future decrypt operation.
If you are using the CLI, the value is Base64 encoded. Otherwise, it is not encoded.
gdkwprKeyId :: Lens' GenerateDataKeyWithoutPlaintextResponse (Maybe Text) Source
System generated unique identifier of the key to be used to decrypt the encrypted copy of the data key.