Copyright	(c) 2013-2018 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay <brendan.g.hay+amazonka@gmail.com>
Stability	auto-generated
Portability	non-portable (GHC extensions)
Safe Haskell	None
Language	Haskell2010

Network.AWS.KMS.ImportKeyMaterial

Contents

Creating a Request
Request Lenses
Destructuring the Response
Response Lenses

Description

Imports key material into an existing AWS KMS customer master key (CMK) that was created without key material. You cannot perform this operation on a CMK in a different AWS account. For more information about creating CMKs with no key material and then importing key material, see Importing Key Material in the AWS Key Management Service Developer Guide .

Before using this operation, call GetParametersForImport . Its response includes a public key and an import token. Use the public key to encrypt the key material. Then, submit the import token from the same GetParametersForImport response.

When calling this operation, you must specify the following values:

The key ID or key ARN of a CMK with no key material. Its Origin must be EXTERNAL .

To create a CMK with no key material, call CreateKey and set the value of its Origin parameter to EXTERNAL . To get the Origin of a CMK, call DescribeKey .)

The encrypted key material. To get the public key to encrypt the key material, call GetParametersForImport .
The import token that GetParametersForImport returned. This token and the public key used to encrypt the key material must have come from the same response.
Whether the key material expires and if so, when. If you set an expiration date, you can change it only by reimporting the same key material and specifying a new expiration date. If the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. To use the CMK again, you must reimport the same key material.

When this operation is successful, the CMK's key state changes from PendingImport to Enabled , and you can use the CMK. After you successfully import key material into a CMK, you can reimport the same key material into that CMK, but you cannot import different key material.

Creating a Request

importKeyMaterial Source #

Arguments

:: Text	`ikmKeyId`
-> ByteString	`ikmImportToken`
-> ByteString	`ikmEncryptedKeyMaterial`
-> ImportKeyMaterial

Creates a value of ImportKeyMaterial with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

ikmExpirationModel - Specifies whether the key material expires. The default is KEY_MATERIAL_EXPIRES , in which case you must include the ValidTo parameter. When this parameter is set to KEY_MATERIAL_DOES_NOT_EXPIRE , you must omit the ValidTo parameter.
ikmValidTo - The time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. You must omit this parameter when the ExpirationModel parameter is set to KEY_MATERIAL_DOES_NOT_EXPIRE . Otherwise it is required.
ikmKeyId - The identifier of the CMK to import the key material into. The CMK's Origin must be EXTERNAL . Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey .
ikmImportToken - The import token that you received in the response to a previous GetParametersForImport request. It must be from the same response that contained the public key that you used to encrypt the key material.-- Note: This Lens automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This Lens accepts and returns only raw unencoded data.
ikmEncryptedKeyMaterial - The encrypted key material to import. It must be encrypted with the public key that you received in the response to a previous GetParametersForImport request, using the wrapping algorithm that you specified in that request.-- Note: This Lens automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This Lens accepts and returns only raw unencoded data.

data ImportKeyMaterial Source #

See: importKeyMaterial smart constructor.

Instances

Eq ImportKeyMaterial Source #
Methods (==) :: ImportKeyMaterial -> ImportKeyMaterial -> Bool # (/=) :: ImportKeyMaterial -> ImportKeyMaterial -> Bool #
Data ImportKeyMaterial Source #
Methods gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> ImportKeyMaterial -> c ImportKeyMaterial # gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c ImportKeyMaterial # toConstr :: ImportKeyMaterial -> Constr # dataTypeOf :: ImportKeyMaterial -> DataType # dataCast1 :: Typeable (* -> ) t => (forall d. Data d => c (t d)) -> Maybe (c ImportKeyMaterial) # dataCast2 :: Typeable ( -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c ImportKeyMaterial) # gmapT :: (forall b. Data b => b -> b) -> ImportKeyMaterial -> ImportKeyMaterial # gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> ImportKeyMaterial -> r # gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> ImportKeyMaterial -> r # gmapQ :: (forall d. Data d => d -> u) -> ImportKeyMaterial -> [u] # gmapQi :: Int -> (forall d. Data d => d -> u) -> ImportKeyMaterial -> u # gmapM :: Monad m => (forall d. Data d => d -> m d) -> ImportKeyMaterial -> m ImportKeyMaterial # gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> ImportKeyMaterial -> m ImportKeyMaterial # gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> ImportKeyMaterial -> m ImportKeyMaterial #
Read ImportKeyMaterial Source #
Methods readsPrec :: Int -> ReadS ImportKeyMaterial # readList :: ReadS [ImportKeyMaterial] # readPrec :: ReadPrec ImportKeyMaterial # readListPrec :: ReadPrec [ImportKeyMaterial] #
Show ImportKeyMaterial Source #
Methods showsPrec :: Int -> ImportKeyMaterial -> ShowS # show :: ImportKeyMaterial -> String # showList :: [ImportKeyMaterial] -> ShowS #
Generic ImportKeyMaterial Source #
Associated Types type Rep ImportKeyMaterial :: * -> * # Methods from :: ImportKeyMaterial -> Rep ImportKeyMaterial x # to :: Rep ImportKeyMaterial x -> ImportKeyMaterial #
Hashable ImportKeyMaterial Source #
Methods hashWithSalt :: Int -> ImportKeyMaterial -> Int # hash :: ImportKeyMaterial -> Int #
ToJSON ImportKeyMaterial Source #
Methods toJSON :: ImportKeyMaterial -> Value # toEncoding :: ImportKeyMaterial -> Encoding # toJSONList :: [ImportKeyMaterial] -> Value # toEncodingList :: [ImportKeyMaterial] -> Encoding #
NFData ImportKeyMaterial Source #
Methods rnf :: ImportKeyMaterial -> () #
AWSRequest ImportKeyMaterial Source #
Associated Types type Rs ImportKeyMaterial :: * # Methods request :: ImportKeyMaterial -> Request ImportKeyMaterial # response :: (MonadResource m, MonadThrow m) => Logger -> Service -> Proxy * ImportKeyMaterial -> ClientResponse -> m (Response ImportKeyMaterial) #
ToHeaders ImportKeyMaterial Source #
Methods toHeaders :: ImportKeyMaterial -> [Header] #
ToPath ImportKeyMaterial Source #
Methods toPath :: ImportKeyMaterial -> ByteString #
ToQuery ImportKeyMaterial Source #
Methods toQuery :: ImportKeyMaterial -> QueryString #
type Rep ImportKeyMaterial Source #
type Rep ImportKeyMaterial = D1 * (MetaData "ImportKeyMaterial" "Network.AWS.KMS.ImportKeyMaterial" "amazonka-kms-1.6.0-6a1SDMHmleyARI8mxMgB7S" False) (C1 * (MetaCons "ImportKeyMaterial'" PrefixI True) ((::) ((::) (S1 * (MetaSel (Just Symbol "_ikmExpirationModel") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe ExpirationModelType))) (S1 * (MetaSel (Just Symbol "_ikmValidTo") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe POSIX)))) ((::) (S1 * (MetaSel (Just Symbol "_ikmKeyId") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * Text)) ((::) (S1 * (MetaSel (Just Symbol "_ikmImportToken") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * Base64)) (S1 * (MetaSel (Just Symbol "_ikmEncryptedKeyMaterial") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * Base64))))))
type Rs ImportKeyMaterial Source #
type Rs ImportKeyMaterial = ImportKeyMaterialResponse

Request Lenses

ikmExpirationModel :: Lens' ImportKeyMaterial (Maybe ExpirationModelType) Source #

Specifies whether the key material expires. The default is KEY_MATERIAL_EXPIRES , in which case you must include the ValidTo parameter. When this parameter is set to KEY_MATERIAL_DOES_NOT_EXPIRE , you must omit the ValidTo parameter.

ikmValidTo :: Lens' ImportKeyMaterial (Maybe UTCTime) Source #

The time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. You must omit this parameter when the ExpirationModel parameter is set to KEY_MATERIAL_DOES_NOT_EXPIRE . Otherwise it is required.

ikmKeyId :: Lens' ImportKeyMaterial Text Source #

The identifier of the CMK to import the key material into. The CMK's Origin must be EXTERNAL . Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey .

ikmImportToken :: Lens' ImportKeyMaterial ByteString Source #

The import token that you received in the response to a previous GetParametersForImport request. It must be from the same response that contained the public key that you used to encrypt the key material.-- Note: This Lens automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This Lens accepts and returns only raw unencoded data.

ikmEncryptedKeyMaterial :: Lens' ImportKeyMaterial ByteString Source #

The encrypted key material to import. It must be encrypted with the public key that you received in the response to a previous GetParametersForImport request, using the wrapping algorithm that you specified in that request.-- Note: This Lens automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This Lens accepts and returns only raw unencoded data.

Destructuring the Response

importKeyMaterialResponse Source #

Arguments

:: Int	`ikmrsResponseStatus`
-> ImportKeyMaterialResponse

Creates a value of ImportKeyMaterialResponse with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

ikmrsResponseStatus - -- | The response status code.

data ImportKeyMaterialResponse Source #

See: importKeyMaterialResponse smart constructor.

Instances

Eq ImportKeyMaterialResponse Source #
Methods (==) :: ImportKeyMaterialResponse -> ImportKeyMaterialResponse -> Bool # (/=) :: ImportKeyMaterialResponse -> ImportKeyMaterialResponse -> Bool #
Data ImportKeyMaterialResponse Source #
Methods gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> ImportKeyMaterialResponse -> c ImportKeyMaterialResponse # gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c ImportKeyMaterialResponse # toConstr :: ImportKeyMaterialResponse -> Constr # dataTypeOf :: ImportKeyMaterialResponse -> DataType # dataCast1 :: Typeable (* -> ) t => (forall d. Data d => c (t d)) -> Maybe (c ImportKeyMaterialResponse) # dataCast2 :: Typeable ( -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c ImportKeyMaterialResponse) # gmapT :: (forall b. Data b => b -> b) -> ImportKeyMaterialResponse -> ImportKeyMaterialResponse # gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> ImportKeyMaterialResponse -> r # gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> ImportKeyMaterialResponse -> r # gmapQ :: (forall d. Data d => d -> u) -> ImportKeyMaterialResponse -> [u] # gmapQi :: Int -> (forall d. Data d => d -> u) -> ImportKeyMaterialResponse -> u # gmapM :: Monad m => (forall d. Data d => d -> m d) -> ImportKeyMaterialResponse -> m ImportKeyMaterialResponse # gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> ImportKeyMaterialResponse -> m ImportKeyMaterialResponse # gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> ImportKeyMaterialResponse -> m ImportKeyMaterialResponse #
Read ImportKeyMaterialResponse Source #
Methods readsPrec :: Int -> ReadS ImportKeyMaterialResponse # readList :: ReadS [ImportKeyMaterialResponse] # readPrec :: ReadPrec ImportKeyMaterialResponse # readListPrec :: ReadPrec [ImportKeyMaterialResponse] #
Show ImportKeyMaterialResponse Source #
Methods showsPrec :: Int -> ImportKeyMaterialResponse -> ShowS # show :: ImportKeyMaterialResponse -> String # showList :: [ImportKeyMaterialResponse] -> ShowS #
Generic ImportKeyMaterialResponse Source #
Associated Types type Rep ImportKeyMaterialResponse :: * -> * # Methods from :: ImportKeyMaterialResponse -> Rep ImportKeyMaterialResponse x # to :: Rep ImportKeyMaterialResponse x -> ImportKeyMaterialResponse #
NFData ImportKeyMaterialResponse Source #
Methods rnf :: ImportKeyMaterialResponse -> () #
type Rep ImportKeyMaterialResponse Source #
type Rep ImportKeyMaterialResponse = D1 * (MetaData "ImportKeyMaterialResponse" "Network.AWS.KMS.ImportKeyMaterial" "amazonka-kms-1.6.0-6a1SDMHmleyARI8mxMgB7S" True) (C1 * (MetaCons "ImportKeyMaterialResponse'" PrefixI True) (S1 * (MetaSel (Just Symbol "_ikmrsResponseStatus") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 * Int)))

Response Lenses

ikmrsResponseStatus :: Lens' ImportKeyMaterialResponse Int Source #

- | The response status code.