amazonka-kms-1.4.1: Amazon Key Management Service SDK.

Copyright(c) 2013-2016 Brendan Hay
LicenseMozilla Public License, v. 2.0.
MaintainerBrendan Hay <brendan.g.hay@gmail.com>
Stabilityauto-generated
Portabilitynon-portable (GHC extensions)
Safe HaskellNone
LanguageHaskell2010

Network.AWS.KMS.GenerateDataKeyWithoutPlaintext

Contents

Description

Returns a data key encrypted by a customer master key without the plaintext copy of that key. Otherwise, this API functions exactly like GenerateDataKey. You can use this API to, for example, satisfy an audit requirement that an encrypted key be made available without exposing the plaintext copy of that key.

Synopsis

Creating a Request

generateDataKeyWithoutPlaintext Source #

Creates a value of GenerateDataKeyWithoutPlaintext with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

data GenerateDataKeyWithoutPlaintext Source #

See: generateDataKeyWithoutPlaintext smart constructor.

Instances

Eq GenerateDataKeyWithoutPlaintext Source # 
Data GenerateDataKeyWithoutPlaintext Source # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> GenerateDataKeyWithoutPlaintext -> c GenerateDataKeyWithoutPlaintext #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c GenerateDataKeyWithoutPlaintext #

toConstr :: GenerateDataKeyWithoutPlaintext -> Constr #

dataTypeOf :: GenerateDataKeyWithoutPlaintext -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c GenerateDataKeyWithoutPlaintext) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c GenerateDataKeyWithoutPlaintext) #

gmapT :: (forall b. Data b => b -> b) -> GenerateDataKeyWithoutPlaintext -> GenerateDataKeyWithoutPlaintext #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> GenerateDataKeyWithoutPlaintext -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> GenerateDataKeyWithoutPlaintext -> r #

gmapQ :: (forall d. Data d => d -> u) -> GenerateDataKeyWithoutPlaintext -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> GenerateDataKeyWithoutPlaintext -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> GenerateDataKeyWithoutPlaintext -> m GenerateDataKeyWithoutPlaintext #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> GenerateDataKeyWithoutPlaintext -> m GenerateDataKeyWithoutPlaintext #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> GenerateDataKeyWithoutPlaintext -> m GenerateDataKeyWithoutPlaintext #

Read GenerateDataKeyWithoutPlaintext Source # 
Show GenerateDataKeyWithoutPlaintext Source # 
Generic GenerateDataKeyWithoutPlaintext Source # 
Hashable GenerateDataKeyWithoutPlaintext Source # 
ToJSON GenerateDataKeyWithoutPlaintext Source # 
NFData GenerateDataKeyWithoutPlaintext Source # 
AWSRequest GenerateDataKeyWithoutPlaintext Source # 
ToQuery GenerateDataKeyWithoutPlaintext Source # 
ToPath GenerateDataKeyWithoutPlaintext Source # 
ToHeaders GenerateDataKeyWithoutPlaintext Source # 
type Rep GenerateDataKeyWithoutPlaintext Source # 
type Rep GenerateDataKeyWithoutPlaintext = D1 (MetaData "GenerateDataKeyWithoutPlaintext" "Network.AWS.KMS.GenerateDataKeyWithoutPlaintext" "amazonka-kms-1.4.1-GF628EecSPSCenC7tCeKjK" False) (C1 (MetaCons "GenerateDataKeyWithoutPlaintext'" PrefixI True) ((:*:) ((:*:) (S1 (MetaSel (Just Symbol "_gdkwpKeySpec") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe DataKeySpec))) (S1 (MetaSel (Just Symbol "_gdkwpEncryptionContext") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe (Map Text Text))))) ((:*:) (S1 (MetaSel (Just Symbol "_gdkwpNumberOfBytes") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Nat))) ((:*:) (S1 (MetaSel (Just Symbol "_gdkwpGrantTokens") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe [Text]))) (S1 (MetaSel (Just Symbol "_gdkwpKeyId") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Text))))))
type Rs GenerateDataKeyWithoutPlaintext Source # 

Request Lenses

gdkwpKeySpec :: Lens' GenerateDataKeyWithoutPlaintext (Maybe DataKeySpec) Source #

Value that identifies the encryption algorithm and key size. Currently this can be AES_128 or AES_256.

gdkwpEncryptionContext :: Lens' GenerateDataKeyWithoutPlaintext (HashMap Text Text) Source #

Name:value pair that contains additional data to be authenticated during the encryption and decryption processes.

gdkwpNumberOfBytes :: Lens' GenerateDataKeyWithoutPlaintext (Maybe Natural) Source #

Integer that contains the number of bytes to generate. Common values are 128, 256, 512, 1024 and so on. We recommend that you use the KeySpec parameter instead.

gdkwpGrantTokens :: Lens' GenerateDataKeyWithoutPlaintext [Text] Source #

A list of grant tokens.

For more information, go to Grant Tokens in the AWS Key Management Service Developer Guide.

gdkwpKeyId :: Lens' GenerateDataKeyWithoutPlaintext Text Source #

A unique identifier for the customer master key. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".

  • Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
  • Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
  • Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
  • Alias Name Example - alias/MyAliasName

Destructuring the Response

generateDataKeyWithoutPlaintextResponse Source #

Creates a value of GenerateDataKeyWithoutPlaintextResponse with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

data GenerateDataKeyWithoutPlaintextResponse Source #

Instances

Eq GenerateDataKeyWithoutPlaintextResponse Source # 
Data GenerateDataKeyWithoutPlaintextResponse Source # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> GenerateDataKeyWithoutPlaintextResponse -> c GenerateDataKeyWithoutPlaintextResponse #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c GenerateDataKeyWithoutPlaintextResponse #

toConstr :: GenerateDataKeyWithoutPlaintextResponse -> Constr #

dataTypeOf :: GenerateDataKeyWithoutPlaintextResponse -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c GenerateDataKeyWithoutPlaintextResponse) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c GenerateDataKeyWithoutPlaintextResponse) #

gmapT :: (forall b. Data b => b -> b) -> GenerateDataKeyWithoutPlaintextResponse -> GenerateDataKeyWithoutPlaintextResponse #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> GenerateDataKeyWithoutPlaintextResponse -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> GenerateDataKeyWithoutPlaintextResponse -> r #

gmapQ :: (forall d. Data d => d -> u) -> GenerateDataKeyWithoutPlaintextResponse -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> GenerateDataKeyWithoutPlaintextResponse -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> GenerateDataKeyWithoutPlaintextResponse -> m GenerateDataKeyWithoutPlaintextResponse #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> GenerateDataKeyWithoutPlaintextResponse -> m GenerateDataKeyWithoutPlaintextResponse #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> GenerateDataKeyWithoutPlaintextResponse -> m GenerateDataKeyWithoutPlaintextResponse #

Read GenerateDataKeyWithoutPlaintextResponse Source # 
Show GenerateDataKeyWithoutPlaintextResponse Source # 
Generic GenerateDataKeyWithoutPlaintextResponse Source # 
NFData GenerateDataKeyWithoutPlaintextResponse Source # 
type Rep GenerateDataKeyWithoutPlaintextResponse Source # 
type Rep GenerateDataKeyWithoutPlaintextResponse = D1 (MetaData "GenerateDataKeyWithoutPlaintextResponse" "Network.AWS.KMS.GenerateDataKeyWithoutPlaintext" "amazonka-kms-1.4.1-GF628EecSPSCenC7tCeKjK" False) (C1 (MetaCons "GenerateDataKeyWithoutPlaintextResponse'" PrefixI True) ((:*:) (S1 (MetaSel (Just Symbol "_gdkwprsKeyId") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text))) ((:*:) (S1 (MetaSel (Just Symbol "_gdkwprsCiphertextBlob") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Base64))) (S1 (MetaSel (Just Symbol "_gdkwprsResponseStatus") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Int)))))

Response Lenses

gdkwprsKeyId :: Lens' GenerateDataKeyWithoutPlaintextResponse (Maybe Text) Source #

System generated unique identifier of the key to be used to decrypt the encrypted copy of the data key.

gdkwprsCiphertextBlob :: Lens' GenerateDataKeyWithoutPlaintextResponse (Maybe ByteString) Source #

Ciphertext that contains the wrapped data key. You must store the blob and encryption context so that the key can be used in a future decrypt operation.

If you are using the CLI, the value is Base64 encoded. Otherwise, it is not encoded.

Note: This Lens automatically encodes and decodes Base64 data, despite what the AWS documentation might say. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This Lens accepts and returns only raw unencoded data.