amazonka-kms-1.0.1: Amazon Key Management Service SDK.

Copyright(c) 2013-2015 Brendan Hay
LicenseMozilla Public License, v. 2.0.
MaintainerBrendan Hay <brendan.g.hay@gmail.com>
Stabilityauto-generated
Portabilitynon-portable (GHC extensions)
Safe HaskellNone
LanguageHaskell2010

Network.AWS.KMS.GenerateDataKeyWithoutPlaintext

Contents

Description

Returns a data key encrypted by a customer master key without the plaintext copy of that key. Otherwise, this API functions exactly like GenerateDataKey. You can use this API to, for example, satisfy an audit requirement that an encrypted key be made available without exposing the plaintext copy of that key.

See: AWS API Reference for GenerateDataKeyWithoutPlaintext.

Synopsis

Creating a Request

generateDataKeyWithoutPlaintext Source

Creates a value of GenerateDataKeyWithoutPlaintext with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

Request Lenses

gdkwpKeySpec :: Lens' GenerateDataKeyWithoutPlaintext (Maybe DataKeySpec) Source

Value that identifies the encryption algorithm and key size. Currently this can be AES_128 or AES_256.

gdkwpEncryptionContext :: Lens' GenerateDataKeyWithoutPlaintext (HashMap Text Text) Source

Name:value pair that contains additional data to be authenticated during the encryption and decryption processes.

gdkwpNumberOfBytes :: Lens' GenerateDataKeyWithoutPlaintext (Maybe Natural) Source

Integer that contains the number of bytes to generate. Common values are 128, 256, 512, 1024 and so on. We recommend that you use the KeySpec parameter instead.

gdkwpKeyId :: Lens' GenerateDataKeyWithoutPlaintext Text Source

A unique identifier for the customer master key. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".

  • Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
  • Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
  • Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
  • Alias Name Example - alias/MyAliasName

Destructuring the Response

generateDataKeyWithoutPlaintextResponse Source

Creates a value of GenerateDataKeyWithoutPlaintextResponse with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

Response Lenses

gdkwprsKeyId :: Lens' GenerateDataKeyWithoutPlaintextResponse (Maybe Text) Source

System generated unique identifier of the key to be used to decrypt the encrypted copy of the data key.

gdkwprsCiphertextBlob :: Lens' GenerateDataKeyWithoutPlaintextResponse (Maybe ByteString) Source

Ciphertext that contains the wrapped data key. You must store the blob and encryption context so that the key can be used in a future decrypt operation.

If you are using the CLI, the value is Base64 encoded. Otherwise, it is not encoded.