| Safe Haskell | None |
|---|---|
| Language | Haskell2010 |
Network.AWS.KMS.ReEncrypt
Description
Encrypts data on the server side with a new customer master key without exposing the plaintext of the data on the client side. The data is first decrypted and then encrypted. This operation can also be used to change the encryption context of a ciphertext.
Unlike other actions, ReEncrypt is authorized twice - once as ReEncryptFrom
on the source key and once as ReEncryptTo on the destination key. We
therefore recommend that you include the '"action":"kms:ReEncrypt*"' statement
in your key policies to permit re-encryption from or to the key. The
statement is included automatically when you authorize use of the key through
the console but must be included manually when you set a policy by using the PutKeyPolicy function.
http://docs.aws.amazon.com/kms/latest/APIReference/API_ReEncrypt.html
- data ReEncrypt
- reEncrypt :: Base64 -> Text -> ReEncrypt
- reCiphertextBlob :: Lens' ReEncrypt Base64
- reDestinationEncryptionContext :: Lens' ReEncrypt (HashMap Text Text)
- reDestinationKeyId :: Lens' ReEncrypt Text
- reGrantTokens :: Lens' ReEncrypt [Text]
- reSourceEncryptionContext :: Lens' ReEncrypt (HashMap Text Text)
- data ReEncryptResponse
- reEncryptResponse :: ReEncryptResponse
- rerCiphertextBlob :: Lens' ReEncryptResponse (Maybe Base64)
- rerKeyId :: Lens' ReEncryptResponse (Maybe Text)
- rerSourceKeyId :: Lens' ReEncryptResponse (Maybe Text)
Request
Request constructor
ReEncrypt constructor.
The fields accessible through corresponding lenses are:
Request lenses
reCiphertextBlob :: Lens' ReEncrypt Base64 Source
Ciphertext of the data to re-encrypt.
reDestinationEncryptionContext :: Lens' ReEncrypt (HashMap Text Text) Source
Encryption context to be used when the data is re-encrypted.
reDestinationKeyId :: Lens' ReEncrypt Text Source
A unique identifier for the customer master key used to re-encrypt the data. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/". Key ARN Example - arn:aws:kms:us-east-1:123456789012:key12345678-1234-1234-1234-123456789012 Alias ARN Example - arn:aws:kms:us-east-1:123456789012:aliasMyAliasName Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 Alias Name Example - alias/MyAliasName
reGrantTokens :: Lens' ReEncrypt [Text] Source
For more information, see Grant Tokens.
reSourceEncryptionContext :: Lens' ReEncrypt (HashMap Text Text) Source
Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.
Response
data ReEncryptResponse Source
Response constructor
reEncryptResponse :: ReEncryptResponse Source
ReEncryptResponse constructor.
The fields accessible through corresponding lenses are:
Response lenses
rerCiphertextBlob :: Lens' ReEncryptResponse (Maybe Base64) Source
The re-encrypted data. If you are using the CLI, the value is Base64 encoded. Otherwise, it is not encoded.
rerKeyId :: Lens' ReEncryptResponse (Maybe Text) Source
Unique identifier of the key used to re-encrypt the data.
rerSourceKeyId :: Lens' ReEncryptResponse (Maybe Text) Source
Unique identifier of the key used to originally encrypt the data.