amazonka-kms-1.4.3: Amazon Key Management Service SDK.

Copyright(c) 2013-2016 Brendan Hay
LicenseMozilla Public License, v. 2.0.
MaintainerBrendan Hay <brendan.g.hay@gmail.com>
Stabilityauto-generated
Portabilitynon-portable (GHC extensions)
Safe HaskellNone
LanguageHaskell2010

Network.AWS.KMS.ReEncrypt

Contents

Description

Encrypts data on the server side with a new customer master key without exposing the plaintext of the data on the client side. The data is first decrypted and then encrypted. This operation can also be used to change the encryption context of a ciphertext.

Unlike other actions, ReEncrypt is authorized twice - once as ReEncryptFrom on the source key and once as ReEncryptTo on the destination key. We therefore recommend that you include the '"action":"kms:ReEncrypt*"' statement in your key policies to permit re-encryption from or to the key. The statement is included automatically when you authorize use of the key through the console but must be included manually when you set a policy by using the PutKeyPolicy function.

Synopsis

Creating a Request

reEncrypt Source #

Arguments

:: ByteString

reCiphertextBlob

-> Text

reDestinationKeyId

-> ReEncrypt 

Creates a value of ReEncrypt with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

data ReEncrypt Source #

See: reEncrypt smart constructor.

Instances

Eq ReEncrypt Source # 
Data ReEncrypt Source # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> ReEncrypt -> c ReEncrypt #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c ReEncrypt #

toConstr :: ReEncrypt -> Constr #

dataTypeOf :: ReEncrypt -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c ReEncrypt) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c ReEncrypt) #

gmapT :: (forall b. Data b => b -> b) -> ReEncrypt -> ReEncrypt #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> ReEncrypt -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> ReEncrypt -> r #

gmapQ :: (forall d. Data d => d -> u) -> ReEncrypt -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> ReEncrypt -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> ReEncrypt -> m ReEncrypt #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> ReEncrypt -> m ReEncrypt #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> ReEncrypt -> m ReEncrypt #

Read ReEncrypt Source # 
Show ReEncrypt Source # 
Generic ReEncrypt Source # 

Associated Types

type Rep ReEncrypt :: * -> * #

Methods

from :: ReEncrypt -> Rep ReEncrypt x #

to :: Rep ReEncrypt x -> ReEncrypt #

ToJSON ReEncrypt Source # 
Hashable ReEncrypt Source # 
NFData ReEncrypt Source # 

Methods

rnf :: ReEncrypt -> () #

AWSRequest ReEncrypt Source # 
ToPath ReEncrypt Source # 
ToHeaders ReEncrypt Source # 

Methods

toHeaders :: ReEncrypt -> [Header] #

ToQuery ReEncrypt Source # 
type Rep ReEncrypt Source # 
type Rep ReEncrypt = D1 (MetaData "ReEncrypt" "Network.AWS.KMS.ReEncrypt" "amazonka-kms-1.4.3-71oGAJhe0mRBKSBLtKegjw" False) (C1 (MetaCons "ReEncrypt'" PrefixI True) ((:*:) ((:*:) (S1 (MetaSel (Just Symbol "_reDestinationEncryptionContext") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe (Map Text Text)))) (S1 (MetaSel (Just Symbol "_reSourceEncryptionContext") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe (Map Text Text))))) ((:*:) (S1 (MetaSel (Just Symbol "_reGrantTokens") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe [Text]))) ((:*:) (S1 (MetaSel (Just Symbol "_reCiphertextBlob") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Base64)) (S1 (MetaSel (Just Symbol "_reDestinationKeyId") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Text))))))
type Rs ReEncrypt Source # 

Request Lenses

reDestinationEncryptionContext :: Lens' ReEncrypt (HashMap Text Text) Source #

Encryption context to be used when the data is re-encrypted.

reSourceEncryptionContext :: Lens' ReEncrypt (HashMap Text Text) Source #

Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.

reGrantTokens :: Lens' ReEncrypt [Text] Source #

A list of grant tokens.

For more information, go to Grant Tokens in the AWS Key Management Service Developer Guide.

reCiphertextBlob :: Lens' ReEncrypt ByteString Source #

Ciphertext of the data to re-encrypt.

Note: This Lens automatically encodes and decodes Base64 data, despite what the AWS documentation might say. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This Lens accepts and returns only raw unencoded data.

reDestinationKeyId :: Lens' ReEncrypt Text Source #

A unique identifier for the customer master key used to re-encrypt the data. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".

  • Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
  • Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
  • Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
  • Alias Name Example - alias/MyAliasName

Destructuring the Response

reEncryptResponse Source #

Arguments

:: Int

rersResponseStatus

-> ReEncryptResponse 

Creates a value of ReEncryptResponse with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

data ReEncryptResponse Source #

See: reEncryptResponse smart constructor.

Instances

Eq ReEncryptResponse Source # 
Data ReEncryptResponse Source # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> ReEncryptResponse -> c ReEncryptResponse #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c ReEncryptResponse #

toConstr :: ReEncryptResponse -> Constr #

dataTypeOf :: ReEncryptResponse -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c ReEncryptResponse) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c ReEncryptResponse) #

gmapT :: (forall b. Data b => b -> b) -> ReEncryptResponse -> ReEncryptResponse #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> ReEncryptResponse -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> ReEncryptResponse -> r #

gmapQ :: (forall d. Data d => d -> u) -> ReEncryptResponse -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> ReEncryptResponse -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> ReEncryptResponse -> m ReEncryptResponse #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> ReEncryptResponse -> m ReEncryptResponse #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> ReEncryptResponse -> m ReEncryptResponse #

Read ReEncryptResponse Source # 
Show ReEncryptResponse Source # 
Generic ReEncryptResponse Source # 
NFData ReEncryptResponse Source # 

Methods

rnf :: ReEncryptResponse -> () #

type Rep ReEncryptResponse Source # 
type Rep ReEncryptResponse = D1 (MetaData "ReEncryptResponse" "Network.AWS.KMS.ReEncrypt" "amazonka-kms-1.4.3-71oGAJhe0mRBKSBLtKegjw" False) (C1 (MetaCons "ReEncryptResponse'" PrefixI True) ((:*:) ((:*:) (S1 (MetaSel (Just Symbol "_rersSourceKeyId") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text))) (S1 (MetaSel (Just Symbol "_rersKeyId") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text)))) ((:*:) (S1 (MetaSel (Just Symbol "_rersCiphertextBlob") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Base64))) (S1 (MetaSel (Just Symbol "_rersResponseStatus") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Int)))))

Response Lenses

rersSourceKeyId :: Lens' ReEncryptResponse (Maybe Text) Source #

Unique identifier of the key used to originally encrypt the data.

rersKeyId :: Lens' ReEncryptResponse (Maybe Text) Source #

Unique identifier of the key used to re-encrypt the data.

rersCiphertextBlob :: Lens' ReEncryptResponse (Maybe ByteString) Source #

The re-encrypted data. If you are using the CLI, the value is Base64 encoded. Otherwise, it is not encoded.

Note: This Lens automatically encodes and decodes Base64 data, despite what the AWS documentation might say. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This Lens accepts and returns only raw unencoded data.

rersResponseStatus :: Lens' ReEncryptResponse Int Source #

The response status code.