package types

const (
	AlgorithmSpecRsaesPkcs1V15   AlgorithmSpec = "RSAES_PKCS1_V1_5"
	AlgorithmSpecRsaesOaepSha1   AlgorithmSpec = "RSAES_OAEP_SHA_1"
	AlgorithmSpecRsaesOaepSha256 AlgorithmSpec = "RSAES_OAEP_SHA_256"
)

Enum values for AlgorithmSpec

func (AlgorithmSpec) Values ¶

func (AlgorithmSpec) Values() []AlgorithmSpec

Values returns all known values for AlgorithmSpec. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type AliasListEntry ¶

type AliasListEntry struct {

	// String that contains the key ARN.
	AliasArn *string

	// String that contains the alias. This value begins with alias/.
	AliasName *string

	// Date and time that the alias was most recently created in the account and
	// Region. Formatted as Unix time.
	CreationDate *time.Time

	// Date and time that the alias was most recently associated with a KMS key in the
	// account and Region. Formatted as Unix time.
	LastUpdatedDate *time.Time

	// String that contains the key identifier of the KMS key associated with the
	// alias.
	TargetKeyId *string
	// contains filtered or unexported fields
}

Contains information about an alias.

type AlreadyExistsException ¶

type AlreadyExistsException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because it attempted to create a resource that already exists.

func (*AlreadyExistsException) Error ¶

func (e *AlreadyExistsException) Error() string

func (*AlreadyExistsException) ErrorCode ¶

func (e *AlreadyExistsException) ErrorCode() string

func (*AlreadyExistsException) ErrorFault ¶

func (e *AlreadyExistsException) ErrorFault() smithy.ErrorFault

func (*AlreadyExistsException) ErrorMessage ¶

func (e *AlreadyExistsException) ErrorMessage() string

type CloudHsmClusterInUseException ¶

type CloudHsmClusterInUseException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because the specified CloudHSM cluster is already associated with a custom key store or it shares a backup history with a cluster that is associated with a custom key store. Each custom key store must be associated with a different CloudHSM cluster. Clusters that share a backup history have the same cluster certificate. To view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) operation.

func (*CloudHsmClusterInUseException) Error ¶

func (e *CloudHsmClusterInUseException) Error() string

func (*CloudHsmClusterInUseException) ErrorCode ¶

func (e *CloudHsmClusterInUseException) ErrorCode() string

func (*CloudHsmClusterInUseException) ErrorFault ¶

func (e *CloudHsmClusterInUseException) ErrorFault() smithy.ErrorFault

func (*CloudHsmClusterInUseException) ErrorMessage ¶

func (e *CloudHsmClusterInUseException) ErrorMessage() string

type CloudHsmClusterInvalidConfigurationException ¶

type CloudHsmClusterInvalidConfigurationException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because the associated CloudHSM cluster did not meet the configuration requirements for a custom key store.

* The cluster must be configured with private subnets in at least two different Availability Zones in the Region.

* The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) (cloudhsm-cluster--sg) must include inbound rules and outbound rules that allow TCP traffic on ports 2223-2225. The Source in the inbound rules and the Destination in the outbound rules must match the security group ID. These rules are set by default when you create the cluster. Do not delete or change them. To get information about a particular security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) operation.

* The cluster must contain at least as many HSMs as the operation requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey operations, the CloudHSM cluster must have at least two active HSMs, each in a different Availability Zone. For the ConnectCustomKeyStore operation, the CloudHSM must contain at least one active HSM.

For information about the requirements for an CloudHSM cluster that is associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) in the Key Management Service Developer Guide. For information about creating a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) in the CloudHSM User Guide. For information about cluster security groups, see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) in the CloudHSM User Guide .

func (*CloudHsmClusterInvalidConfigurationException) Error ¶

func (e *CloudHsmClusterInvalidConfigurationException) Error() string

func (*CloudHsmClusterInvalidConfigurationException) ErrorCode ¶

func (e *CloudHsmClusterInvalidConfigurationException) ErrorCode() string

func (*CloudHsmClusterInvalidConfigurationException) ErrorFault ¶

func (e *CloudHsmClusterInvalidConfigurationException) ErrorFault() smithy.ErrorFault

func (*CloudHsmClusterInvalidConfigurationException) ErrorMessage ¶

func (e *CloudHsmClusterInvalidConfigurationException) ErrorMessage() string

type CloudHsmClusterNotActiveException ¶

type CloudHsmClusterNotActiveException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because the CloudHSM cluster that is associated with the custom key store is not active. Initialize and activate the cluster and try the command again. For detailed instructions, see Getting Started (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) in the CloudHSM User Guide.

func (*CloudHsmClusterNotActiveException) Error ¶

func (e *CloudHsmClusterNotActiveException) Error() string

func (*CloudHsmClusterNotActiveException) ErrorCode ¶

func (e *CloudHsmClusterNotActiveException) ErrorCode() string

func (*CloudHsmClusterNotActiveException) ErrorFault ¶

func (e *CloudHsmClusterNotActiveException) ErrorFault() smithy.ErrorFault

func (*CloudHsmClusterNotActiveException) ErrorMessage ¶

func (e *CloudHsmClusterNotActiveException) ErrorMessage() string

type CloudHsmClusterNotFoundException ¶

type CloudHsmClusterNotFoundException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because KMS cannot find the CloudHSM cluster with the specified cluster ID. Retry the request with a different cluster ID.

func (*CloudHsmClusterNotFoundException) Error ¶

func (e *CloudHsmClusterNotFoundException) Error() string

func (*CloudHsmClusterNotFoundException) ErrorCode ¶

func (e *CloudHsmClusterNotFoundException) ErrorCode() string

func (*CloudHsmClusterNotFoundException) ErrorFault ¶

func (e *CloudHsmClusterNotFoundException) ErrorFault() smithy.ErrorFault

func (*CloudHsmClusterNotFoundException) ErrorMessage ¶

func (e *CloudHsmClusterNotFoundException) ErrorMessage() string

type CloudHsmClusterNotRelatedException ¶

type CloudHsmClusterNotRelatedException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because the specified CloudHSM cluster has a different cluster certificate than the original cluster. You cannot use the operation to specify an unrelated cluster. Specify a cluster that shares a backup history with the original cluster. This includes clusters that were created from a backup of the current cluster, and clusters that were created from the same backup that produced the current cluster. Clusters that share a backup history have the same cluster certificate. To view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) operation.

func (*CloudHsmClusterNotRelatedException) Error ¶

func (e *CloudHsmClusterNotRelatedException) Error() string

func (*CloudHsmClusterNotRelatedException) ErrorCode ¶

func (e *CloudHsmClusterNotRelatedException) ErrorCode() string

func (*CloudHsmClusterNotRelatedException) ErrorFault ¶

func (e *CloudHsmClusterNotRelatedException) ErrorFault() smithy.ErrorFault

func (*CloudHsmClusterNotRelatedException) ErrorMessage ¶

func (e *CloudHsmClusterNotRelatedException) ErrorMessage() string

type ConnectionErrorCodeType ¶

type ConnectionErrorCodeType string

const (
	ConnectionErrorCodeTypeInvalidCredentials                ConnectionErrorCodeType = "INVALID_CREDENTIALS"
	ConnectionErrorCodeTypeClusterNotFound                   ConnectionErrorCodeType = "CLUSTER_NOT_FOUND"
	ConnectionErrorCodeTypeNetworkErrors                     ConnectionErrorCodeType = "NETWORK_ERRORS"
	ConnectionErrorCodeTypeInternalError                     ConnectionErrorCodeType = "INTERNAL_ERROR"
	ConnectionErrorCodeTypeInsufficientCloudhsmHsms          ConnectionErrorCodeType = "INSUFFICIENT_CLOUDHSM_HSMS"
	ConnectionErrorCodeTypeUserLockedOut                     ConnectionErrorCodeType = "USER_LOCKED_OUT"
	ConnectionErrorCodeTypeUserNotFound                      ConnectionErrorCodeType = "USER_NOT_FOUND"
	ConnectionErrorCodeTypeUserLoggedIn                      ConnectionErrorCodeType = "USER_LOGGED_IN"
	ConnectionErrorCodeTypeSubnetNotFound                    ConnectionErrorCodeType = "SUBNET_NOT_FOUND"
	ConnectionErrorCodeTypeInsufficientFreeAddressesInSubnet ConnectionErrorCodeType = "INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET"
)

Enum values for ConnectionErrorCodeType

func (ConnectionErrorCodeType) Values ¶

func (ConnectionErrorCodeType) Values() []ConnectionErrorCodeType

Values returns all known values for ConnectionErrorCodeType. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type ConnectionStateType ¶

type ConnectionStateType string

const (
	ConnectionStateTypeConnected     ConnectionStateType = "CONNECTED"
	ConnectionStateTypeConnecting    ConnectionStateType = "CONNECTING"
	ConnectionStateTypeFailed        ConnectionStateType = "FAILED"
	ConnectionStateTypeDisconnected  ConnectionStateType = "DISCONNECTED"
	ConnectionStateTypeDisconnecting ConnectionStateType = "DISCONNECTING"
)

Enum values for ConnectionStateType

func (ConnectionStateType) Values ¶

func (ConnectionStateType) Values() []ConnectionStateType

Values returns all known values for ConnectionStateType. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type CustomKeyStoreHasCMKsException ¶

type CustomKeyStoreHasCMKsException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because the custom key store contains KMS keys. After verifying that you do not need to use the KMS keys, use the ScheduleKeyDeletion operation to delete the KMS keys. After they are deleted, you can delete the custom key store.

func (*CustomKeyStoreHasCMKsException) Error ¶

func (e *CustomKeyStoreHasCMKsException) Error() string

func (*CustomKeyStoreHasCMKsException) ErrorCode ¶

func (e *CustomKeyStoreHasCMKsException) ErrorCode() string

func (*CustomKeyStoreHasCMKsException) ErrorFault ¶

func (e *CustomKeyStoreHasCMKsException) ErrorFault() smithy.ErrorFault

func (*CustomKeyStoreHasCMKsException) ErrorMessage ¶

func (e *CustomKeyStoreHasCMKsException) ErrorMessage() string

type CustomKeyStoreInvalidStateException ¶

type CustomKeyStoreInvalidStateException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because of the ConnectionState of the custom key store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores operation. This exception is thrown under the following conditions:

* You requested the CreateKey or GenerateRandom operation in a custom key store that is not connected. These operations are valid only when the custom key store ConnectionState is CONNECTED.

* You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation on a custom key store that is not disconnected. This operation is valid only when the custom key store ConnectionState is DISCONNECTED.

* You requested the ConnectCustomKeyStore operation on a custom key store with a ConnectionState of DISCONNECTING or FAILED. This operation is valid for all other ConnectionState values.

func (*CustomKeyStoreInvalidStateException) Error ¶

func (e *CustomKeyStoreInvalidStateException) Error() string

func (*CustomKeyStoreInvalidStateException) ErrorCode ¶

func (e *CustomKeyStoreInvalidStateException) ErrorCode() string

func (*CustomKeyStoreInvalidStateException) ErrorFault ¶

func (e *CustomKeyStoreInvalidStateException) ErrorFault() smithy.ErrorFault

func (*CustomKeyStoreInvalidStateException) ErrorMessage ¶

func (e *CustomKeyStoreInvalidStateException) ErrorMessage() string

type CustomKeyStoreNameInUseException ¶

type CustomKeyStoreNameInUseException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because the specified custom key store name is already assigned to another custom key store in the account. Try again with a custom key store name that is unique in the account.

func (*CustomKeyStoreNameInUseException) Error ¶

func (e *CustomKeyStoreNameInUseException) Error() string

func (*CustomKeyStoreNameInUseException) ErrorCode ¶

func (e *CustomKeyStoreNameInUseException) ErrorCode() string

func (*CustomKeyStoreNameInUseException) ErrorFault ¶

func (e *CustomKeyStoreNameInUseException) ErrorFault() smithy.ErrorFault

func (*CustomKeyStoreNameInUseException) ErrorMessage ¶

func (e *CustomKeyStoreNameInUseException) ErrorMessage() string

type CustomKeyStoreNotFoundException ¶

type CustomKeyStoreNotFoundException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because KMS cannot find a custom key store with the specified key store name or ID.

func (*CustomKeyStoreNotFoundException) Error ¶

func (e *CustomKeyStoreNotFoundException) Error() string

func (*CustomKeyStoreNotFoundException) ErrorCode ¶

func (e *CustomKeyStoreNotFoundException) ErrorCode() string

func (*CustomKeyStoreNotFoundException) ErrorFault ¶

func (e *CustomKeyStoreNotFoundException) ErrorFault() smithy.ErrorFault

func (*CustomKeyStoreNotFoundException) ErrorMessage ¶

func (e *CustomKeyStoreNotFoundException) ErrorMessage() string

type CustomKeyStoresListEntry ¶

type CustomKeyStoresListEntry struct {

	// A unique identifier for the CloudHSM cluster that is associated with the custom
	// key store.
	CloudHsmClusterId *string

	// Describes the connection error. This field appears in the response only when the
	// ConnectionState is FAILED. For help resolving these errors, see How to Fix a
	// Connection Failure
	// (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed)
	// in Key Management Service Developer Guide. Valid values are:
	//
	// *
	// CLUSTER_NOT_FOUND - KMS cannot find the CloudHSM cluster with the specified
	// cluster ID.
	//
	// * INSUFFICIENT_CLOUDHSM_HSMS - The associated CloudHSM cluster does
	// not contain any active HSMs. To connect a custom key store to its CloudHSM
	// cluster, the cluster must contain at least one active HSM.
	//
	// * INTERNAL_ERROR -
	// KMS could not complete the request due to an internal error. Retry the request.
	// For ConnectCustomKeyStore requests, disconnect the custom key store before
	// trying to connect again.
	//
	// * INVALID_CREDENTIALS - KMS does not have the correct
	// password for the kmsuser crypto user in the CloudHSM cluster. Before you can
	// connect your custom key store to its CloudHSM cluster, you must change the
	// kmsuser account password and update the key store password value for the custom
	// key store.
	//
	// * NETWORK_ERRORS - Network errors are preventing KMS from connecting
	// to the custom key store.
	//
	// * SUBNET_NOT_FOUND - A subnet in the CloudHSM cluster
	// configuration was deleted. If KMS cannot find all of the subnets in the cluster
	// configuration, attempts to connect the custom key store to the CloudHSM cluster
	// fail. To fix this error, create a cluster from a recent backup and associate it
	// with your custom key store. (This process creates a new cluster configuration
	// with a VPC and private subnets.) For details, see How to Fix a Connection
	// Failure
	// (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed)
	// in the Key Management Service Developer Guide.
	//
	// * USER_LOCKED_OUT - The kmsuser
	// CU account is locked out of the associated CloudHSM cluster due to too many
	// failed password attempts. Before you can connect your custom key store to its
	// CloudHSM cluster, you must change the kmsuser account password and update the
	// key store password value for the custom key store.
	//
	// * USER_LOGGED_IN - The
	// kmsuser CU account is logged into the the associated CloudHSM cluster. This
	// prevents KMS from rotating the kmsuser account password and logging into the
	// cluster. Before you can connect your custom key store to its CloudHSM cluster,
	// you must log the kmsuser CU out of the cluster. If you changed the kmsuser
	// password to log into the cluster, you must also and update the key store
	// password value for the custom key store. For help, see How to Log Out and
	// Reconnect
	// (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#login-kmsuser-2)
	// in the Key Management Service Developer Guide.
	//
	// * USER_NOT_FOUND - KMS cannot
	// find a kmsuser CU account in the associated CloudHSM cluster. Before you can
	// connect your custom key store to its CloudHSM cluster, you must create a kmsuser
	// CU account in the cluster, and then update the key store password value for the
	// custom key store.
	ConnectionErrorCode ConnectionErrorCodeType

	// Indicates whether the custom key store is connected to its CloudHSM cluster. You
	// can create and use KMS keys in your custom key stores only when its connection
	// state is CONNECTED. The value is DISCONNECTED if the key store has never been
	// connected or you use the DisconnectCustomKeyStore operation to disconnect it. If
	// the value is CONNECTED but you are having trouble using the custom key store,
	// make sure that its associated CloudHSM cluster is active and contains at least
	// one active HSM. A value of FAILED indicates that an attempt to connect was
	// unsuccessful. The ConnectionErrorCode field in the response indicates the cause
	// of the failure. For help resolving a connection failure, see Troubleshooting a
	// Custom Key Store
	// (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) in the
	// Key Management Service Developer Guide.
	ConnectionState ConnectionStateType

	// The date and time when the custom key store was created.
	CreationDate *time.Time

	// A unique identifier for the custom key store.
	CustomKeyStoreId *string

	// The user-specified friendly name for the custom key store.
	CustomKeyStoreName *string

	// The trust anchor certificate of the associated CloudHSM cluster. When you
	// initialize the cluster
	// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr),
	// you create this certificate and save it in the customerCA.crt file.
	TrustAnchorCertificate *string
	// contains filtered or unexported fields
}

Contains information about each custom key store in the custom key store list.

type CustomerMasterKeySpec ¶

type CustomerMasterKeySpec string

const (
	CustomerMasterKeySpecRsa2048          CustomerMasterKeySpec = "RSA_2048"
	CustomerMasterKeySpecRsa3072          CustomerMasterKeySpec = "RSA_3072"
	CustomerMasterKeySpecRsa4096          CustomerMasterKeySpec = "RSA_4096"
	CustomerMasterKeySpecEccNistP256      CustomerMasterKeySpec = "ECC_NIST_P256"
	CustomerMasterKeySpecEccNistP384      CustomerMasterKeySpec = "ECC_NIST_P384"
	CustomerMasterKeySpecEccNistP521      CustomerMasterKeySpec = "ECC_NIST_P521"
	CustomerMasterKeySpecEccSecgP256k1    CustomerMasterKeySpec = "ECC_SECG_P256K1"
	CustomerMasterKeySpecSymmetricDefault CustomerMasterKeySpec = "SYMMETRIC_DEFAULT"
	CustomerMasterKeySpecHmac224          CustomerMasterKeySpec = "HMAC_224"
	CustomerMasterKeySpecHmac256          CustomerMasterKeySpec = "HMAC_256"
	CustomerMasterKeySpecHmac384          CustomerMasterKeySpec = "HMAC_384"
	CustomerMasterKeySpecHmac512          CustomerMasterKeySpec = "HMAC_512"
	CustomerMasterKeySpecSm2              CustomerMasterKeySpec = "SM2"
)

Enum values for CustomerMasterKeySpec

func (CustomerMasterKeySpec) Values ¶

func (CustomerMasterKeySpec) Values() []CustomerMasterKeySpec

Values returns all known values for CustomerMasterKeySpec. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type DataKeyPairSpec ¶

type DataKeyPairSpec string

const (
	DataKeyPairSpecRsa2048       DataKeyPairSpec = "RSA_2048"
	DataKeyPairSpecRsa3072       DataKeyPairSpec = "RSA_3072"
	DataKeyPairSpecRsa4096       DataKeyPairSpec = "RSA_4096"
	DataKeyPairSpecEccNistP256   DataKeyPairSpec = "ECC_NIST_P256"
	DataKeyPairSpecEccNistP384   DataKeyPairSpec = "ECC_NIST_P384"
	DataKeyPairSpecEccNistP521   DataKeyPairSpec = "ECC_NIST_P521"
	DataKeyPairSpecEccSecgP256k1 DataKeyPairSpec = "ECC_SECG_P256K1"
	DataKeyPairSpecSm2           DataKeyPairSpec = "SM2"
)

Enum values for DataKeyPairSpec

func (DataKeyPairSpec) Values ¶

func (DataKeyPairSpec) Values() []DataKeyPairSpec

Values returns all known values for DataKeyPairSpec. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type DataKeySpec ¶

type DataKeySpec string

const (
	DataKeySpecAes256 DataKeySpec = "AES_256"
	DataKeySpecAes128 DataKeySpec = "AES_128"
)

Enum values for DataKeySpec

func (DataKeySpec) Values ¶

func (DataKeySpec) Values() []DataKeySpec

Values returns all known values for DataKeySpec. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type DependencyTimeoutException ¶

type DependencyTimeoutException struct {
	Message *string
	// contains filtered or unexported fields
}

The system timed out while trying to fulfill the request. The request can be retried.

func (*DependencyTimeoutException) Error ¶

func (e *DependencyTimeoutException) Error() string

func (*DependencyTimeoutException) ErrorCode ¶

func (e *DependencyTimeoutException) ErrorCode() string

func (*DependencyTimeoutException) ErrorFault ¶

func (e *DependencyTimeoutException) ErrorFault() smithy.ErrorFault

func (*DependencyTimeoutException) ErrorMessage ¶

func (e *DependencyTimeoutException) ErrorMessage() string

type DisabledException ¶

type DisabledException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because the specified KMS key is not enabled.

func (*DisabledException) Error ¶

func (e *DisabledException) Error() string

func (*DisabledException) ErrorCode ¶

func (e *DisabledException) ErrorCode() string

func (*DisabledException) ErrorFault ¶

func (e *DisabledException) ErrorFault() smithy.ErrorFault

func (*DisabledException) ErrorMessage ¶

func (e *DisabledException) ErrorMessage() string

type EncryptionAlgorithmSpec ¶

type EncryptionAlgorithmSpec string

const (
	EncryptionAlgorithmSpecSymmetricDefault EncryptionAlgorithmSpec = "SYMMETRIC_DEFAULT"
	EncryptionAlgorithmSpecRsaesOaepSha1    EncryptionAlgorithmSpec = "RSAES_OAEP_SHA_1"
	EncryptionAlgorithmSpecRsaesOaepSha256  EncryptionAlgorithmSpec = "RSAES_OAEP_SHA_256"
	EncryptionAlgorithmSpecSm2pke           EncryptionAlgorithmSpec = "SM2PKE"
)

Enum values for EncryptionAlgorithmSpec

func (EncryptionAlgorithmSpec) Values ¶

func (EncryptionAlgorithmSpec) Values() []EncryptionAlgorithmSpec

Values returns all known values for EncryptionAlgorithmSpec. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type ExpirationModelType ¶

type ExpirationModelType string

const (
	ExpirationModelTypeKeyMaterialExpires       ExpirationModelType = "KEY_MATERIAL_EXPIRES"
	ExpirationModelTypeKeyMaterialDoesNotExpire ExpirationModelType = "KEY_MATERIAL_DOES_NOT_EXPIRE"
)

Enum values for ExpirationModelType

func (ExpirationModelType) Values ¶

func (ExpirationModelType) Values() []ExpirationModelType

Values returns all known values for ExpirationModelType. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type ExpiredImportTokenException ¶

type ExpiredImportTokenException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because the specified import token is expired. Use GetParametersForImport to get a new import token and public key, use the new public key to encrypt the key material, and then try the request again.

func (*ExpiredImportTokenException) Error ¶

func (e *ExpiredImportTokenException) Error() string

func (*ExpiredImportTokenException) ErrorCode ¶

func (e *ExpiredImportTokenException) ErrorCode() string

func (*ExpiredImportTokenException) ErrorFault ¶

func (e *ExpiredImportTokenException) ErrorFault() smithy.ErrorFault

func (*ExpiredImportTokenException) ErrorMessage ¶

func (e *ExpiredImportTokenException) ErrorMessage() string

type GrantConstraints ¶

type GrantConstraints struct {

	// A list of key-value pairs that must match the encryption context in the
	// cryptographic operation
	// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations)
	// request. The grant allows the operation only when the encryption context in the
	// request is the same as the encryption context specified in this constraint.
	EncryptionContextEquals map[string]string

	// A list of key-value pairs that must be included in the encryption context of the
	// cryptographic operation
	// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations)
	// request. The grant allows the cryptographic operation only when the encryption
	// context in the request includes the key-value pairs specified in this
	// constraint, although it can include additional key-value pairs.
	EncryptionContextSubset map[string]string
	// contains filtered or unexported fields
}

Use this structure to allow cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) in the grant only when the operation request includes the specified encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context). KMS applies the grant constraints only to cryptographic operations that support an encryption context, that is, all cryptographic operations with a symmetric encryption KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#symmetric-cmks). Grant constraints are not applied to operations that do not support an encryption context, such as cryptographic operations with HMAC KMS keys or asymmetric KMS keys, and management operations, such as DescribeKey or RetireGrant. In a cryptographic operation, the encryption context in the decryption operation must be an exact, case-sensitive match for the keys and values in the encryption context of the encryption operation. Only the order of the pairs can vary. However, in a grant constraint, the key in each key-value pair is not case sensitive, but the value is case sensitive. To avoid confusion, do not use multiple encryption context pairs that differ only by case. To require a fully case-sensitive encryption context, use the kms:EncryptionContext: and kms:EncryptionContextKeys conditions in an IAM or key policy. For details, see kms:EncryptionContext: (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-context) in the Key Management Service Developer Guide .

type GrantListEntry ¶

type GrantListEntry struct {

	// A list of key-value pairs that must be present in the encryption context of
	// certain subsequent operations that the grant allows.
	Constraints *GrantConstraints

	// The date and time when the grant was created.
	CreationDate *time.Time

	// The unique identifier for the grant.
	GrantId *string

	// The identity that gets the permissions in the grant. The GranteePrincipal field
	// in the ListGrants response usually contains the user or role designated as the
	// grantee principal in the grant. However, when the grantee principal in the grant
	// is an Amazon Web Services service, the GranteePrincipal field contains the
	// service principal
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services),
	// which might represent several different grantee principals.
	GranteePrincipal *string

	// The Amazon Web Services account under which the grant was issued.
	IssuingAccount *string

	// The unique identifier for the KMS key to which the grant applies.
	KeyId *string

	// The friendly name that identifies the grant. If a name was provided in the
	// CreateGrant request, that name is returned. Otherwise this value is null.
	Name *string

	// The list of operations permitted by the grant.
	Operations []GrantOperation

	// The principal that can retire the grant.
	RetiringPrincipal *string
	// contains filtered or unexported fields
}

Contains information about a grant.

type GrantOperation ¶

type GrantOperation string

const (
	GrantOperationDecrypt                             GrantOperation = "Decrypt"
	GrantOperationEncrypt                             GrantOperation = "Encrypt"
	GrantOperationGenerateDataKey                     GrantOperation = "GenerateDataKey"
	GrantOperationGenerateDataKeyWithoutPlaintext     GrantOperation = "GenerateDataKeyWithoutPlaintext"
	GrantOperationReEncryptFrom                       GrantOperation = "ReEncryptFrom"
	GrantOperationReEncryptTo                         GrantOperation = "ReEncryptTo"
	GrantOperationSign                                GrantOperation = "Sign"
	GrantOperationVerify                              GrantOperation = "Verify"
	GrantOperationGetPublicKey                        GrantOperation = "GetPublicKey"
	GrantOperationCreateGrant                         GrantOperation = "CreateGrant"
	GrantOperationRetireGrant                         GrantOperation = "RetireGrant"
	GrantOperationDescribeKey                         GrantOperation = "DescribeKey"
	GrantOperationGenerateDataKeyPair                 GrantOperation = "GenerateDataKeyPair"
	GrantOperationGenerateDataKeyPairWithoutPlaintext GrantOperation = "GenerateDataKeyPairWithoutPlaintext"
	GrantOperationGenerateMac                         GrantOperation = "GenerateMac"
	GrantOperationVerifyMac                           GrantOperation = "VerifyMac"
)

Enum values for GrantOperation

func (GrantOperation) Values ¶

func (GrantOperation) Values() []GrantOperation

Values returns all known values for GrantOperation. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type IncorrectKeyException ¶

type IncorrectKeyException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because the specified KMS key cannot decrypt the data. The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request must identify the same KMS key that was used to encrypt the ciphertext.

func (*IncorrectKeyException) Error ¶

func (e *IncorrectKeyException) Error() string

func (*IncorrectKeyException) ErrorCode ¶

func (e *IncorrectKeyException) ErrorCode() string

func (*IncorrectKeyException) ErrorFault ¶

func (e *IncorrectKeyException) ErrorFault() smithy.ErrorFault

func (*IncorrectKeyException) ErrorMessage ¶

func (e *IncorrectKeyException) ErrorMessage() string

type IncorrectKeyMaterialException ¶

type IncorrectKeyMaterialException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because the key material in the request is, expired, invalid, or is not the same key material that was previously imported into this KMS key.

func (*IncorrectKeyMaterialException) Error ¶

func (e *IncorrectKeyMaterialException) Error() string

func (*IncorrectKeyMaterialException) ErrorCode ¶

func (e *IncorrectKeyMaterialException) ErrorCode() string

func (*IncorrectKeyMaterialException) ErrorFault ¶

func (e *IncorrectKeyMaterialException) ErrorFault() smithy.ErrorFault

func (*IncorrectKeyMaterialException) ErrorMessage ¶

func (e *IncorrectKeyMaterialException) ErrorMessage() string

type IncorrectTrustAnchorException ¶

type IncorrectTrustAnchorException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because the trust anchor certificate in the request is not the trust anchor certificate for the specified CloudHSM cluster. When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), you create the trust anchor certificate and save it in the customerCA.crt file.

func (*IncorrectTrustAnchorException) Error ¶

func (e *IncorrectTrustAnchorException) Error() string

func (*IncorrectTrustAnchorException) ErrorCode ¶

func (e *IncorrectTrustAnchorException) ErrorCode() string

func (*IncorrectTrustAnchorException) ErrorFault ¶

func (e *IncorrectTrustAnchorException) ErrorFault() smithy.ErrorFault

func (*IncorrectTrustAnchorException) ErrorMessage ¶

func (e *IncorrectTrustAnchorException) ErrorMessage() string

type InvalidAliasNameException ¶

type InvalidAliasNameException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because the specified alias name is not valid.

func (*InvalidAliasNameException) Error ¶

func (e *InvalidAliasNameException) Error() string

func (*InvalidAliasNameException) ErrorCode ¶

func (e *InvalidAliasNameException) ErrorCode() string

func (*InvalidAliasNameException) ErrorFault ¶

func (e *InvalidAliasNameException) ErrorFault() smithy.ErrorFault

func (*InvalidAliasNameException) ErrorMessage ¶

func (e *InvalidAliasNameException) ErrorMessage() string

type InvalidArnException ¶

type InvalidArnException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because a specified ARN, or an ARN in a key policy, is not valid.

func (*InvalidArnException) Error ¶

func (e *InvalidArnException) Error() string

func (*InvalidArnException) ErrorCode ¶

func (e *InvalidArnException) ErrorCode() string

func (*InvalidArnException) ErrorFault ¶

func (e *InvalidArnException) ErrorFault() smithy.ErrorFault

func (*InvalidArnException) ErrorMessage ¶

func (e *InvalidArnException) ErrorMessage() string

type InvalidCiphertextException ¶

type InvalidCiphertextException struct {
	Message *string
	// contains filtered or unexported fields
}

From the Decrypt or ReEncrypt operation, the request was rejected because the specified ciphertext, or additional authenticated data incorporated into the ciphertext, such as the encryption context, is corrupted, missing, or otherwise invalid. From the ImportKeyMaterial operation, the request was rejected because KMS could not decrypt the encrypted (wrapped) key material.

func (*InvalidCiphertextException) Error ¶

func (e *InvalidCiphertextException) Error() string

func (*InvalidCiphertextException) ErrorCode ¶

func (e *InvalidCiphertextException) ErrorCode() string

func (*InvalidCiphertextException) ErrorFault ¶

func (e *InvalidCiphertextException) ErrorFault() smithy.ErrorFault

func (*InvalidCiphertextException) ErrorMessage ¶

func (e *InvalidCiphertextException) ErrorMessage() string

type InvalidGrantIdException ¶

type InvalidGrantIdException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because the specified GrantId is not valid.

func (*InvalidGrantIdException) Error ¶

func (e *InvalidGrantIdException) Error() string

func (*InvalidGrantIdException) ErrorCode ¶

func (e *InvalidGrantIdException) ErrorCode() string

func (*InvalidGrantIdException) ErrorFault ¶

func (e *InvalidGrantIdException) ErrorFault() smithy.ErrorFault

func (*InvalidGrantIdException) ErrorMessage ¶

func (e *InvalidGrantIdException) ErrorMessage() string

type InvalidGrantTokenException ¶

type InvalidGrantTokenException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because the specified grant token is not valid.

func (*InvalidGrantTokenException) Error ¶

func (e *InvalidGrantTokenException) Error() string

func (*InvalidGrantTokenException) ErrorCode ¶

func (e *InvalidGrantTokenException) ErrorCode() string

func (*InvalidGrantTokenException) ErrorFault ¶

func (e *InvalidGrantTokenException) ErrorFault() smithy.ErrorFault

func (*InvalidGrantTokenException) ErrorMessage ¶

func (e *InvalidGrantTokenException) ErrorMessage() string

type InvalidImportTokenException ¶

type InvalidImportTokenException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because the provided import token is invalid or is associated with a different KMS key.

func (*InvalidImportTokenException) Error ¶

func (e *InvalidImportTokenException) Error() string

func (*InvalidImportTokenException) ErrorCode ¶

func (e *InvalidImportTokenException) ErrorCode() string

func (*InvalidImportTokenException) ErrorFault ¶

func (e *InvalidImportTokenException) ErrorFault() smithy.ErrorFault

func (*InvalidImportTokenException) ErrorMessage ¶

func (e *InvalidImportTokenException) ErrorMessage() string

type InvalidKeyUsageException ¶

type InvalidKeyUsageException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected for one of the following reasons:

* The KeyUsage value of the KMS key is incompatible with the API operation.

* The encryption algorithm or signing algorithm specified for the operation is incompatible with the type of key material in the KMS key (KeySpec).

For encrypting, decrypting, re-encrypting, and generating data keys, the KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. To find the KeyUsage of a KMS key, use the DescribeKey operation. To find the encryption or signing algorithms supported for a particular KMS key, use the DescribeKey operation.

func (*InvalidKeyUsageException) Error ¶

func (e *InvalidKeyUsageException) Error() string

func (*InvalidKeyUsageException) ErrorCode ¶

func (e *InvalidKeyUsageException) ErrorCode() string

func (*InvalidKeyUsageException) ErrorFault ¶

func (e *InvalidKeyUsageException) ErrorFault() smithy.ErrorFault

func (*InvalidKeyUsageException) ErrorMessage ¶

func (e *InvalidKeyUsageException) ErrorMessage() string

type InvalidMarkerException ¶

type InvalidMarkerException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because the marker that specifies where pagination should next begin is not valid.

func (*InvalidMarkerException) Error ¶

func (e *InvalidMarkerException) Error() string

func (*InvalidMarkerException) ErrorCode ¶

func (e *InvalidMarkerException) ErrorCode() string

func (*InvalidMarkerException) ErrorFault ¶

func (e *InvalidMarkerException) ErrorFault() smithy.ErrorFault

func (*InvalidMarkerException) ErrorMessage ¶

func (e *InvalidMarkerException) ErrorMessage() string

type KMSInternalException ¶

type KMSInternalException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because an internal exception occurred. The request can be retried.

func (*KMSInternalException) Error ¶

func (e *KMSInternalException) Error() string

func (*KMSInternalException) ErrorCode ¶

func (e *KMSInternalException) ErrorCode() string

func (*KMSInternalException) ErrorFault ¶

func (e *KMSInternalException) ErrorFault() smithy.ErrorFault

func (*KMSInternalException) ErrorMessage ¶

func (e *KMSInternalException) ErrorMessage() string

type KMSInvalidMacException ¶

type KMSInvalidMacException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because the HMAC verification failed. HMAC verification fails when the HMAC computed by using the specified message, HMAC KMS key, and MAC algorithm does not match the HMAC specified in the request.

func (*KMSInvalidMacException) Error ¶

func (e *KMSInvalidMacException) Error() string

func (*KMSInvalidMacException) ErrorCode ¶

func (e *KMSInvalidMacException) ErrorCode() string

func (*KMSInvalidMacException) ErrorFault ¶

func (e *KMSInvalidMacException) ErrorFault() smithy.ErrorFault

func (*KMSInvalidMacException) ErrorMessage ¶

func (e *KMSInvalidMacException) ErrorMessage() string

type KMSInvalidSignatureException ¶

type KMSInvalidSignatureException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because the signature verification failed. Signature verification fails when it cannot confirm that signature was produced by signing the specified message with the specified KMS key and signing algorithm.

func (*KMSInvalidSignatureException) Error ¶

func (e *KMSInvalidSignatureException) Error() string

func (*KMSInvalidSignatureException) ErrorCode ¶

func (e *KMSInvalidSignatureException) ErrorCode() string

func (*KMSInvalidSignatureException) ErrorFault ¶

func (e *KMSInvalidSignatureException) ErrorFault() smithy.ErrorFault

func (*KMSInvalidSignatureException) ErrorMessage ¶

func (e *KMSInvalidSignatureException) ErrorMessage() string

type KMSInvalidStateException ¶

type KMSInvalidStateException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because the state of the specified resource is not valid for this request. For more information about how key state affects the use of a KMS key, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) in the Key Management Service Developer Guide .

func (*KMSInvalidStateException) Error ¶

func (e *KMSInvalidStateException) Error() string

func (*KMSInvalidStateException) ErrorCode ¶

func (e *KMSInvalidStateException) ErrorCode() string

func (*KMSInvalidStateException) ErrorFault ¶

func (e *KMSInvalidStateException) ErrorFault() smithy.ErrorFault

func (*KMSInvalidStateException) ErrorMessage ¶

func (e *KMSInvalidStateException) ErrorMessage() string

type KeyListEntry ¶

type KeyListEntry struct {

	// ARN of the key.
	KeyArn *string

	// Unique identifier of the key.
	KeyId *string
	// contains filtered or unexported fields
}

Contains information about each entry in the key list.

type KeyManagerType ¶

type KeyManagerType string

const (
	KeyManagerTypeAws      KeyManagerType = "AWS"
	KeyManagerTypeCustomer KeyManagerType = "CUSTOMER"
)

Enum values for KeyManagerType

func (KeyManagerType) Values ¶

func (KeyManagerType) Values() []KeyManagerType

Values returns all known values for KeyManagerType. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type KeyMetadata ¶

type KeyMetadata struct {

	// The globally unique identifier for the KMS key.
	//
	// This member is required.
	KeyId *string

	// The twelve-digit account ID of the Amazon Web Services account that owns the KMS
	// key.
	AWSAccountId *string

	// The Amazon Resource Name (ARN) of the KMS key. For examples, see Key Management
	// Service (KMS)
	// (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms)
	// in the Example ARNs section of the Amazon Web Services General Reference.
	Arn *string

	// The cluster ID of the CloudHSM cluster that contains the key material for the
	// KMS key. When you create a KMS key in a custom key store
	// (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html),
	// KMS creates the key material for the KMS key in the associated CloudHSM cluster.
	// This value is present only when the KMS key is created in a custom key store.
	CloudHsmClusterId *string

	// The date and time when the KMS key was created.
	CreationDate *time.Time

	// A unique identifier for the custom key store
	// (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
	// that contains the KMS key. This value is present only when the KMS key is
	// created in a custom key store.
	CustomKeyStoreId *string

	// Instead, use the KeySpec field. The KeySpec and CustomerMasterKeySpec fields
	// have the same value. We recommend that you use the KeySpec field in your code.
	// However, to avoid breaking changes, KMS will support both fields.
	//
	// Deprecated: This field has been deprecated. Instead, use the KeySpec field.
	CustomerMasterKeySpec CustomerMasterKeySpec

	// The date and time after which KMS deletes this KMS key. This value is present
	// only when the KMS key is scheduled for deletion, that is, when its KeyState is
	// PendingDeletion. When the primary key in a multi-Region key is scheduled for
	// deletion but still has replica keys, its key state is PendingReplicaDeletion and
	// the length of its waiting period is displayed in the PendingDeletionWindowInDays
	// field.
	DeletionDate *time.Time

	// The description of the KMS key.
	Description *string

	// Specifies whether the KMS key is enabled. When KeyState is Enabled this value is
	// true, otherwise it is false.
	Enabled bool

	// The encryption algorithms that the KMS key supports. You cannot use the KMS key
	// with other encryption algorithms within KMS. This value is present only when the
	// KeyUsage of the KMS key is ENCRYPT_DECRYPT.
	EncryptionAlgorithms []EncryptionAlgorithmSpec

	// Specifies whether the KMS key's key material expires. This value is present only
	// when Origin is EXTERNAL, otherwise this value is omitted.
	ExpirationModel ExpirationModelType

	// The manager of the KMS key. KMS keys in your Amazon Web Services account are
	// either customer managed or Amazon Web Services managed. For more information
	// about the difference, see KMS keys
	// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys)
	// in the Key Management Service Developer Guide.
	KeyManager KeyManagerType

	// Describes the type of key material in the KMS key.
	KeySpec KeySpec

	// The current status of the KMS key. For more information about how key state
	// affects the use of a KMS key, see Key states of KMS keys
	// (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) in the
	// Key Management Service Developer Guide.
	KeyState KeyState

	// The cryptographic operations
	// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations)
	// for which you can use the KMS key.
	KeyUsage KeyUsageType

	// The message authentication code (MAC) algorithm that the HMAC KMS key supports.
	// This value is present only when the KeyUsage of the KMS key is
	// GENERATE_VERIFY_MAC.
	MacAlgorithms []MacAlgorithmSpec

	// Indicates whether the KMS key is a multi-Region (True) or regional (False) key.
	// This value is True for multi-Region primary and replica keys and False for
	// regional KMS keys. For more information about multi-Region keys, see
	// Multi-Region keys in KMS
	// (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html)
	// in the Key Management Service Developer Guide.
	MultiRegion *bool

	// Lists the primary and replica keys in same multi-Region key. This field is
	// present only when the value of the MultiRegion field is True. For more
	// information about any listed KMS key, use the DescribeKey operation.
	//
	// *
	// MultiRegionKeyType indicates whether the KMS key is a PRIMARY or REPLICA key.
	//
	// *
	// PrimaryKey displays the key ARN and Region of the primary key. This field
	// displays the current KMS key if it is the primary key.
	//
	// * ReplicaKeys displays
	// the key ARNs and Regions of all replica keys. This field includes the current
	// KMS key if it is a replica key.
	MultiRegionConfiguration *MultiRegionConfiguration

	// The source of the key material for the KMS key. When this value is AWS_KMS, KMS
	// created the key material. When this value is EXTERNAL, the key material was
	// imported or the KMS key doesn't have any key material. When this value is
	// AWS_CLOUDHSM, the key material was created in the CloudHSM cluster associated
	// with a custom key store.
	Origin OriginType

	// The waiting period before the primary key in a multi-Region key is deleted. This
	// waiting period begins when the last of its replica keys is deleted. This value
	// is present only when the KeyState of the KMS key is PendingReplicaDeletion. That
	// indicates that the KMS key is the primary key in a multi-Region key, it is
	// scheduled for deletion, and it still has existing replica keys. When a
	// single-Region KMS key or a multi-Region replica key is scheduled for deletion,
	// its deletion date is displayed in the DeletionDate field. However, when the
	// primary key in a multi-Region key is scheduled for deletion, its waiting period
	// doesn't begin until all of its replica keys are deleted. This value displays
	// that waiting period. When the last replica key in the multi-Region key is
	// deleted, the KeyState of the scheduled primary key changes from
	// PendingReplicaDeletion to PendingDeletion and the deletion date appears in the
	// DeletionDate field.
	PendingDeletionWindowInDays *int32

	// The signing algorithms that the KMS key supports. You cannot use the KMS key
	// with other signing algorithms within KMS. This field appears only when the
	// KeyUsage of the KMS key is SIGN_VERIFY.
	SigningAlgorithms []SigningAlgorithmSpec

	// The time at which the imported key material expires. When the key material
	// expires, KMS deletes the key material and the KMS key becomes unusable. This
	// value is present only for KMS keys whose Origin is EXTERNAL and whose
	// ExpirationModel is KEY_MATERIAL_EXPIRES, otherwise this value is omitted.
	ValidTo *time.Time
	// contains filtered or unexported fields
}

Contains metadata about a KMS key. This data type is used as a response element for the CreateKey and DescribeKey operations.

type KeySpec ¶

type KeySpec string

const (
	KeySpecRsa2048          KeySpec = "RSA_2048"
	KeySpecRsa3072          KeySpec = "RSA_3072"
	KeySpecRsa4096          KeySpec = "RSA_4096"
	KeySpecEccNistP256      KeySpec = "ECC_NIST_P256"
	KeySpecEccNistP384      KeySpec = "ECC_NIST_P384"
	KeySpecEccNistP521      KeySpec = "ECC_NIST_P521"
	KeySpecEccSecgP256k1    KeySpec = "ECC_SECG_P256K1"
	KeySpecSymmetricDefault KeySpec = "SYMMETRIC_DEFAULT"
	KeySpecHmac224          KeySpec = "HMAC_224"
	KeySpecHmac256          KeySpec = "HMAC_256"
	KeySpecHmac384          KeySpec = "HMAC_384"
	KeySpecHmac512          KeySpec = "HMAC_512"
	KeySpecSm2              KeySpec = "SM2"
)

Enum values for KeySpec

func (KeySpec) Values ¶

func (KeySpec) Values() []KeySpec

Values returns all known values for KeySpec. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type KeyState ¶

type KeyState string

const (
	KeyStateCreating               KeyState = "Creating"
	KeyStateEnabled                KeyState = "Enabled"
	KeyStateDisabled               KeyState = "Disabled"
	KeyStatePendingDeletion        KeyState = "PendingDeletion"
	KeyStatePendingImport          KeyState = "PendingImport"
	KeyStatePendingReplicaDeletion KeyState = "PendingReplicaDeletion"
	KeyStateUnavailable            KeyState = "Unavailable"
	KeyStateUpdating               KeyState = "Updating"
)

Enum values for KeyState

func (KeyState) Values ¶

func (KeyState) Values() []KeyState

Values returns all known values for KeyState. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type KeyUnavailableException ¶

type KeyUnavailableException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because the specified KMS key was not available. You can retry the request.

func (*KeyUnavailableException) Error ¶

func (e *KeyUnavailableException) Error() string

func (*KeyUnavailableException) ErrorCode ¶

func (e *KeyUnavailableException) ErrorCode() string

func (*KeyUnavailableException) ErrorFault ¶

func (e *KeyUnavailableException) ErrorFault() smithy.ErrorFault

func (*KeyUnavailableException) ErrorMessage ¶

func (e *KeyUnavailableException) ErrorMessage() string

type KeyUsageType ¶

type KeyUsageType string

const (
	KeyUsageTypeSignVerify        KeyUsageType = "SIGN_VERIFY"
	KeyUsageTypeEncryptDecrypt    KeyUsageType = "ENCRYPT_DECRYPT"
	KeyUsageTypeGenerateVerifyMac KeyUsageType = "GENERATE_VERIFY_MAC"
)

Enum values for KeyUsageType

func (KeyUsageType) Values ¶

func (KeyUsageType) Values() []KeyUsageType

Values returns all known values for KeyUsageType. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type LimitExceededException ¶

type LimitExceededException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because a quota was exceeded. For more information, see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) in the Key Management Service Developer Guide.

func (*LimitExceededException) Error ¶

func (e *LimitExceededException) Error() string

func (*LimitExceededException) ErrorCode ¶

func (e *LimitExceededException) ErrorCode() string

func (*LimitExceededException) ErrorFault ¶

func (e *LimitExceededException) ErrorFault() smithy.ErrorFault

func (*LimitExceededException) ErrorMessage ¶

func (e *LimitExceededException) ErrorMessage() string

type MacAlgorithmSpec ¶

type MacAlgorithmSpec string

const (
	MacAlgorithmSpecHmacSha224 MacAlgorithmSpec = "HMAC_SHA_224"
	MacAlgorithmSpecHmacSha256 MacAlgorithmSpec = "HMAC_SHA_256"
	MacAlgorithmSpecHmacSha384 MacAlgorithmSpec = "HMAC_SHA_384"
	MacAlgorithmSpecHmacSha512 MacAlgorithmSpec = "HMAC_SHA_512"
)

Enum values for MacAlgorithmSpec

func (MacAlgorithmSpec) Values ¶

func (MacAlgorithmSpec) Values() []MacAlgorithmSpec

Values returns all known values for MacAlgorithmSpec. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type MalformedPolicyDocumentException ¶

type MalformedPolicyDocumentException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because the specified policy is not syntactically or semantically correct.

func (*MalformedPolicyDocumentException) Error ¶

func (e *MalformedPolicyDocumentException) Error() string

func (*MalformedPolicyDocumentException) ErrorCode ¶

func (e *MalformedPolicyDocumentException) ErrorCode() string

func (*MalformedPolicyDocumentException) ErrorFault ¶

func (e *MalformedPolicyDocumentException) ErrorFault() smithy.ErrorFault

func (*MalformedPolicyDocumentException) ErrorMessage ¶

func (e *MalformedPolicyDocumentException) ErrorMessage() string

type MessageType ¶

type MessageType string

const (
	MessageTypeRaw    MessageType = "RAW"
	MessageTypeDigest MessageType = "DIGEST"
)

Enum values for MessageType

func (MessageType) Values ¶

func (MessageType) Values() []MessageType

Values returns all known values for MessageType. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type MultiRegionConfiguration ¶

type MultiRegionConfiguration struct {

	// Indicates whether the KMS key is a PRIMARY or REPLICA key.
	MultiRegionKeyType MultiRegionKeyType

	// Displays the key ARN and Region of the primary key. This field includes the
	// current KMS key if it is the primary key.
	PrimaryKey *MultiRegionKey

	// displays the key ARNs and Regions of all replica keys. This field includes the
	// current KMS key if it is a replica key.
	ReplicaKeys []MultiRegionKey
	// contains filtered or unexported fields
}

Describes the configuration of this multi-Region key. This field appears only when the KMS key is a primary or replica of a multi-Region key. For more information about any listed KMS key, use the DescribeKey operation.

type MultiRegionKey ¶

type MultiRegionKey struct {

	// Displays the key ARN of a primary or replica key of a multi-Region key.
	Arn *string

	// Displays the Amazon Web Services Region of a primary or replica key in a
	// multi-Region key.
	Region *string
	// contains filtered or unexported fields
}

Describes the primary or replica key in a multi-Region key.

type MultiRegionKeyType ¶

type MultiRegionKeyType string

const (
	MultiRegionKeyTypePrimary MultiRegionKeyType = "PRIMARY"
	MultiRegionKeyTypeReplica MultiRegionKeyType = "REPLICA"
)

Enum values for MultiRegionKeyType

func (MultiRegionKeyType) Values ¶

func (MultiRegionKeyType) Values() []MultiRegionKeyType

Values returns all known values for MultiRegionKeyType. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type NotFoundException ¶

type NotFoundException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because the specified entity or resource could not be found.

func (*NotFoundException) Error ¶

func (e *NotFoundException) Error() string

func (*NotFoundException) ErrorCode ¶

func (e *NotFoundException) ErrorCode() string

func (*NotFoundException) ErrorFault ¶

func (e *NotFoundException) ErrorFault() smithy.ErrorFault

func (*NotFoundException) ErrorMessage ¶

func (e *NotFoundException) ErrorMessage() string

type OriginType ¶

type OriginType string

const (
	OriginTypeAwsKms      OriginType = "AWS_KMS"
	OriginTypeExternal    OriginType = "EXTERNAL"
	OriginTypeAwsCloudhsm OriginType = "AWS_CLOUDHSM"
)

Enum values for OriginType

func (OriginType) Values ¶

func (OriginType) Values() []OriginType

Values returns all known values for OriginType. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type SigningAlgorithmSpec ¶

type SigningAlgorithmSpec string

const (
	SigningAlgorithmSpecRsassaPssSha256      SigningAlgorithmSpec = "RSASSA_PSS_SHA_256"
	SigningAlgorithmSpecRsassaPssSha384      SigningAlgorithmSpec = "RSASSA_PSS_SHA_384"
	SigningAlgorithmSpecRsassaPssSha512      SigningAlgorithmSpec = "RSASSA_PSS_SHA_512"
	SigningAlgorithmSpecRsassaPkcs1V15Sha256 SigningAlgorithmSpec = "RSASSA_PKCS1_V1_5_SHA_256"
	SigningAlgorithmSpecRsassaPkcs1V15Sha384 SigningAlgorithmSpec = "RSASSA_PKCS1_V1_5_SHA_384"
	SigningAlgorithmSpecRsassaPkcs1V15Sha512 SigningAlgorithmSpec = "RSASSA_PKCS1_V1_5_SHA_512"
	SigningAlgorithmSpecEcdsaSha256          SigningAlgorithmSpec = "ECDSA_SHA_256"
	SigningAlgorithmSpecEcdsaSha384          SigningAlgorithmSpec = "ECDSA_SHA_384"
	SigningAlgorithmSpecEcdsaSha512          SigningAlgorithmSpec = "ECDSA_SHA_512"
	SigningAlgorithmSpecSm2dsa               SigningAlgorithmSpec = "SM2DSA"
)

Enum values for SigningAlgorithmSpec

func (SigningAlgorithmSpec) Values ¶

func (SigningAlgorithmSpec) Values() []SigningAlgorithmSpec

Values returns all known values for SigningAlgorithmSpec. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type Tag ¶

type Tag struct {

	// The key of the tag.
	//
	// This member is required.
	TagKey *string

	// The value of the tag.
	//
	// This member is required.
	TagValue *string
	// contains filtered or unexported fields
}

A key-value pair. A tag consists of a tag key and a tag value. Tag keys and tag values are both required, but tag values can be empty (null) strings. For information about the rules that apply to tag keys and tag values, see User-Defined Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html) in the Amazon Web Services Billing and Cost Management User Guide.

type TagException ¶

type TagException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because one or more tags are not valid.

func (*TagException) Error ¶

func (e *TagException) Error() string

func (*TagException) ErrorCode ¶

func (e *TagException) ErrorCode() string

func (*TagException) ErrorFault ¶

func (e *TagException) ErrorFault() smithy.ErrorFault

func (*TagException) ErrorMessage ¶

func (e *TagException) ErrorMessage() string

type UnsupportedOperationException ¶

type UnsupportedOperationException struct {
	Message *string
	// contains filtered or unexported fields
}

The request was rejected because a specified parameter is not supported or a specified resource is not valid for this operation.

func (*UnsupportedOperationException) Error ¶

func (e *UnsupportedOperationException) Error() string

func (*UnsupportedOperationException) ErrorCode ¶

func (e *UnsupportedOperationException) ErrorCode() string

func (*UnsupportedOperationException) ErrorFault ¶

func (e *UnsupportedOperationException) ErrorFault() smithy.ErrorFault

func (*UnsupportedOperationException) ErrorMessage ¶

func (e *UnsupportedOperationException) ErrorMessage() string

type WrappingKeySpec ¶

type WrappingKeySpec string

const (
	WrappingKeySpecRsa2048 WrappingKeySpec = "RSA_2048"
)

Enum values for WrappingKeySpec

func (WrappingKeySpec) Values ¶

func (WrappingKeySpec) Values() []WrappingKeySpec

Values returns all known values for WrappingKeySpec. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

Source Files ¶

enums.go errors.go types.go

Version: v1.18.7
Published: Aug 30, 2022
Platform: darwin/amd64
Imports: 4 packages
Last checked: 8 hours ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples