Copyright | (c) 2013-2016 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Language | Haskell2010 |
Returns a data key encrypted by a customer master key without the plaintext copy of that key. Otherwise, this API functions exactly like GenerateDataKey. You can use this API to, for example, satisfy an audit requirement that an encrypted key be made available without exposing the plaintext copy of that key.
- generateDataKeyWithoutPlaintext :: Text -> GenerateDataKeyWithoutPlaintext
- data GenerateDataKeyWithoutPlaintext
- gdkwpKeySpec :: Lens' GenerateDataKeyWithoutPlaintext (Maybe DataKeySpec)
- gdkwpEncryptionContext :: Lens' GenerateDataKeyWithoutPlaintext (HashMap Text Text)
- gdkwpNumberOfBytes :: Lens' GenerateDataKeyWithoutPlaintext (Maybe Natural)
- gdkwpGrantTokens :: Lens' GenerateDataKeyWithoutPlaintext [Text]
- gdkwpKeyId :: Lens' GenerateDataKeyWithoutPlaintext Text
- generateDataKeyWithoutPlaintextResponse :: Int -> GenerateDataKeyWithoutPlaintextResponse
- data GenerateDataKeyWithoutPlaintextResponse
- gdkwprsKeyId :: Lens' GenerateDataKeyWithoutPlaintextResponse (Maybe Text)
- gdkwprsCiphertextBlob :: Lens' GenerateDataKeyWithoutPlaintextResponse (Maybe ByteString)
- gdkwprsResponseStatus :: Lens' GenerateDataKeyWithoutPlaintextResponse Int
Creating a Request
generateDataKeyWithoutPlaintext Source #
Creates a value of GenerateDataKeyWithoutPlaintext
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
data GenerateDataKeyWithoutPlaintext Source #
See: generateDataKeyWithoutPlaintext
smart constructor.
Request Lenses
gdkwpKeySpec :: Lens' GenerateDataKeyWithoutPlaintext (Maybe DataKeySpec) Source #
Value that identifies the encryption algorithm and key size. Currently this can be AES_128 or AES_256.
gdkwpEncryptionContext :: Lens' GenerateDataKeyWithoutPlaintext (HashMap Text Text) Source #
Name:value pair that contains additional data to be authenticated during the encryption and decryption processes.
gdkwpNumberOfBytes :: Lens' GenerateDataKeyWithoutPlaintext (Maybe Natural) Source #
Integer that contains the number of bytes to generate. Common values are
128, 256, 512, 1024 and so on. We recommend that you use the KeySpec
parameter instead.
gdkwpGrantTokens :: Lens' GenerateDataKeyWithoutPlaintext [Text] Source #
A list of grant tokens.
For more information, go to Grant Tokens in the AWS Key Management Service Developer Guide.
gdkwpKeyId :: Lens' GenerateDataKeyWithoutPlaintext Text Source #
A unique identifier for the customer master key. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".
- Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
- Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
- Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
- Alias Name Example - alias/MyAliasName
Destructuring the Response
generateDataKeyWithoutPlaintextResponse Source #
Creates a value of GenerateDataKeyWithoutPlaintextResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
data GenerateDataKeyWithoutPlaintextResponse Source #
See: generateDataKeyWithoutPlaintextResponse
smart constructor.
Response Lenses
gdkwprsKeyId :: Lens' GenerateDataKeyWithoutPlaintextResponse (Maybe Text) Source #
System generated unique identifier of the key to be used to decrypt the encrypted copy of the data key.
gdkwprsCiphertextBlob :: Lens' GenerateDataKeyWithoutPlaintextResponse (Maybe ByteString) Source #
Ciphertext that contains the wrapped data key. You must store the blob and encryption context so that the key can be used in a future decrypt operation.
If you are using the CLI, the value is Base64 encoded. Otherwise, it is not encoded.
Note: This Lens
automatically encodes and decodes Base64 data,
despite what the AWS documentation might say.
The underlying isomorphism will encode to Base64 representation during
serialisation, and decode from Base64 representation during deserialisation.
This Lens
accepts and returns only raw unencoded data.
gdkwprsResponseStatus :: Lens' GenerateDataKeyWithoutPlaintextResponse Int Source #
The response status code.