Safe Haskell	None
Language	Haskell2010

Network.AWS.KMS.Decrypt

Contents

Request
- Request constructor
- Request lenses
Response
- Response constructor
- Response lenses

Description

Decrypts ciphertext. Ciphertext is plaintext that has been previously encrypted by using any of the following functions: GenerateDataKey GenerateDataKeyWithoutPlaintext Encrypt

Note that if a caller has been granted access permissions to all keys (through, for example, IAM user policies that grant Decrypt permission on all resources), then ciphertext encrypted by using keys in other accounts where the key grants access to the caller can be decrypted. To remedy this, we recommend that you do not grant Decrypt access in an IAM user policy. Instead grant Decrypt access only in key policies. If you must grant Decrypt access in an IAM user policy, you should scope the resource to specific keys or to specific trusted accounts.

http://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html

Synopsis

Request

data Decrypt Source

Instances

Eq Decrypt
Read Decrypt
Show Decrypt
ToJSON Decrypt
AWSRequest Decrypt
ToQuery Decrypt
ToHeaders Decrypt
ToPath Decrypt
type Rs Decrypt = DecryptResponse
type Sv Decrypt = KMS

Request constructor

decrypt Source

Arguments

:: Base64	`dCiphertextBlob`
-> Decrypt

Decrypt constructor.

The fields accessible through corresponding lenses are:

dCiphertextBlob :: Base64
dEncryptionContext :: HashMap Text Text
dGrantTokens :: [Text]

Request lenses

dCiphertextBlob :: Lens' Decrypt Base64 Source

Ciphertext to be decrypted. The blob includes metadata.

dEncryptionContext :: Lens' Decrypt (HashMap Text Text) Source

The encryption context. If this was specified in the Encrypt function, it must be specified here or the decryption operation will fail. For more information, see Encryption Context.

dGrantTokens :: Lens' Decrypt [Text] Source

For more information, see Grant Tokens.

Response

data DecryptResponse Source

Instances

Eq DecryptResponse
Read DecryptResponse
Show DecryptResponse
FromJSON DecryptResponse

Response constructor

decryptResponse :: DecryptResponse Source

DecryptResponse constructor.

The fields accessible through corresponding lenses are:

drKeyId :: Maybe Text
drPlaintext :: Maybe Base64

Response lenses

drKeyId :: Lens' DecryptResponse (Maybe Text) Source

ARN of the key used to perform the decryption. This value is returned if no errors are encountered during the operation.

drPlaintext :: Lens' DecryptResponse (Maybe Base64) Source

Decrypted plaintext data. This value may not be returned if the customer master key is not available or if you didn't have permission to use it.