Copyright | (c) 2013-2016 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Language | Haskell2010 |
Encrypts data on the server side with a new customer master key without exposing the plaintext of the data on the client side. The data is first decrypted and then encrypted. This operation can also be used to change the encryption context of a ciphertext.
Unlike other actions, ReEncrypt
is authorized twice - once as ReEncryptFrom
on the source key and once as ReEncryptTo
on the destination key. We therefore recommend that you include the '"action":"kms:ReEncrypt*"' statement in your key policies to permit re-encryption from or to the key. The statement is included automatically when you authorize use of the key through the console but must be included manually when you set a policy by using the PutKeyPolicy function.
- reEncrypt :: ByteString -> Text -> ReEncrypt
- data ReEncrypt
- reDestinationEncryptionContext :: Lens' ReEncrypt (HashMap Text Text)
- reSourceEncryptionContext :: Lens' ReEncrypt (HashMap Text Text)
- reGrantTokens :: Lens' ReEncrypt [Text]
- reCiphertextBlob :: Lens' ReEncrypt ByteString
- reDestinationKeyId :: Lens' ReEncrypt Text
- reEncryptResponse :: Int -> ReEncryptResponse
- data ReEncryptResponse
- rersSourceKeyId :: Lens' ReEncryptResponse (Maybe Text)
- rersKeyId :: Lens' ReEncryptResponse (Maybe Text)
- rersCiphertextBlob :: Lens' ReEncryptResponse (Maybe ByteString)
- rersResponseStatus :: Lens' ReEncryptResponse Int
Creating a Request
Creates a value of ReEncrypt
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
See: reEncrypt
smart constructor.
Request Lenses
reDestinationEncryptionContext :: Lens' ReEncrypt (HashMap Text Text) Source #
Encryption context to be used when the data is re-encrypted.
reSourceEncryptionContext :: Lens' ReEncrypt (HashMap Text Text) Source #
Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob
parameter.
reGrantTokens :: Lens' ReEncrypt [Text] Source #
A list of grant tokens.
For more information, go to Grant Tokens in the AWS Key Management Service Developer Guide.
reCiphertextBlob :: Lens' ReEncrypt ByteString Source #
Ciphertext of the data to re-encrypt.
Note: This Lens
automatically encodes and decodes Base64 data,
despite what the AWS documentation might say.
The underlying isomorphism will encode to Base64 representation during
serialisation, and decode from Base64 representation during deserialisation.
This Lens
accepts and returns only raw unencoded data.
reDestinationKeyId :: Lens' ReEncrypt Text Source #
A unique identifier for the customer master key used to re-encrypt the data. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".
- Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
- Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
- Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
- Alias Name Example - alias/MyAliasName
Destructuring the Response
Creates a value of ReEncryptResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
data ReEncryptResponse Source #
See: reEncryptResponse
smart constructor.
Response Lenses
rersSourceKeyId :: Lens' ReEncryptResponse (Maybe Text) Source #
Unique identifier of the key used to originally encrypt the data.
rersKeyId :: Lens' ReEncryptResponse (Maybe Text) Source #
Unique identifier of the key used to re-encrypt the data.
rersCiphertextBlob :: Lens' ReEncryptResponse (Maybe ByteString) Source #
The re-encrypted data. If you are using the CLI, the value is Base64 encoded. Otherwise, it is not encoded.
Note: This Lens
automatically encodes and decodes Base64 data,
despite what the AWS documentation might say.
The underlying isomorphism will encode to Base64 representation during
serialisation, and decode from Base64 representation during deserialisation.
This Lens
accepts and returns only raw unencoded data.
rersResponseStatus :: Lens' ReEncryptResponse Int Source #
The response status code.