types

package
v1.31.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 8, 2024 License: Apache-2.0 Imports: 4 Imported by: 100

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AlgorithmSpec 

type AlgorithmSpec string
const (
	AlgorithmSpecRsaesPkcs1V15       AlgorithmSpec = "RSAES_PKCS1_V1_5"
	AlgorithmSpecRsaesOaepSha1       AlgorithmSpec = "RSAES_OAEP_SHA_1"
	AlgorithmSpecRsaesOaepSha256     AlgorithmSpec = "RSAES_OAEP_SHA_256"
	AlgorithmSpecRsaAesKeyWrapSha1   AlgorithmSpec = "RSA_AES_KEY_WRAP_SHA_1"
	AlgorithmSpecRsaAesKeyWrapSha256 AlgorithmSpec = "RSA_AES_KEY_WRAP_SHA_256"
)

Enum values for AlgorithmSpec

func (AlgorithmSpec) Values added in v0.29.0 

func (AlgorithmSpec) Values() []AlgorithmSpec

Values returns all known values for AlgorithmSpec. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type AliasListEntry 

type AliasListEntry struct {

	// String that contains the key ARN.
	AliasArn *string

	// String that contains the alias. This value begins with alias/ .
	AliasName *string

	// Date and time that the alias was most recently created in the account and
	// Region. Formatted as Unix time.
	CreationDate *time.Time

	// Date and time that the alias was most recently associated with a KMS key in the
	// account and Region. Formatted as Unix time.
	LastUpdatedDate *time.Time

	// String that contains the key identifier of the KMS key associated with the
	// alias.
	TargetKeyId *string
	// contains filtered or unexported fields
}

Contains information about an alias.

type AlreadyExistsException 

type AlreadyExistsException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because it attempted to create a resource that already exists.

func (*AlreadyExistsException) Error 

func (e *AlreadyExistsException) Error() string

func (*AlreadyExistsException) ErrorCode 

func (e *AlreadyExistsException) ErrorCode() string

func (*AlreadyExistsException) ErrorFault 

func (e *AlreadyExistsException) ErrorFault() smithy.ErrorFault

func (*AlreadyExistsException) ErrorMessage 

func (e *AlreadyExistsException) ErrorMessage() string

type CloudHsmClusterInUseException 

type CloudHsmClusterInUseException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the specified CloudHSM cluster is already associated with an CloudHSM key store in the account, or it shares a backup history with an CloudHSM key store in the account. Each CloudHSM key store in the account must be associated with a different CloudHSM cluster.

CloudHSM clusters that share a backup history have the same cluster certificate. To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters operation.

func (*CloudHsmClusterInUseException) Error 

func (e *CloudHsmClusterInUseException) Error() string

func (*CloudHsmClusterInUseException) ErrorCode 

func (e *CloudHsmClusterInUseException) ErrorCode() string

func (*CloudHsmClusterInUseException) ErrorFault 

func (e *CloudHsmClusterInUseException) ErrorFault() smithy.ErrorFault

func (*CloudHsmClusterInUseException) ErrorMessage 

func (e *CloudHsmClusterInUseException) ErrorMessage() string

type CloudHsmClusterInvalidConfigurationException 

type CloudHsmClusterInvalidConfigurationException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the associated CloudHSM cluster did not meet the configuration requirements for an CloudHSM key store.

  • The CloudHSM cluster must be configured with private subnets in at least two different Availability Zones in the Region.

  • The security group for the cluster(cloudhsm-cluster--sg) must include inbound rules and outbound rules that allow TCP traffic on ports 2223-2225. The Source in the inbound rules and the Destination in the outbound rules must match the security group ID. These rules are set by default when you create the CloudHSM cluster. Do not delete or change them. To get information about a particular security group, use the DescribeSecurityGroups operation.

  • The CloudHSM cluster must contain at least as many HSMs as the operation requires. To add HSMs, use the CloudHSM CreateHsmoperation.

For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKeyoperations, the CloudHSM cluster must have at least two active 

HSMs, each in a different Availability Zone. For the ConnectCustomKeyStoreoperation, the CloudHSM
must contain at least one active HSM.

For information about the requirements for an CloudHSM cluster that is associated with an CloudHSM key store, see Assemble the Prerequisitesin the Key Management Service Developer Guide. For information about creating a private subnet for an CloudHSM cluster, see Create a Private Subnetin the CloudHSM User Guide. For information about cluster security groups, see Configure a Default Security Groupin the CloudHSM User Guide .

func (*CloudHsmClusterInvalidConfigurationException) Error 

func (e *CloudHsmClusterInvalidConfigurationException) Error() string

func (*CloudHsmClusterInvalidConfigurationException) ErrorCode 

func (e *CloudHsmClusterInvalidConfigurationException) ErrorCode() string

func (*CloudHsmClusterInvalidConfigurationException) ErrorFault 

func (e *CloudHsmClusterInvalidConfigurationException) ErrorFault() smithy.ErrorFault

func (*CloudHsmClusterInvalidConfigurationException) ErrorMessage 

func (e *CloudHsmClusterInvalidConfigurationException) ErrorMessage() string

type CloudHsmClusterNotActiveException 

type CloudHsmClusterNotActiveException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the CloudHSM cluster associated with the CloudHSM key store is not active. Initialize and activate the cluster and try the command again. For detailed instructions, see Getting Startedin the CloudHSM User Guide.

func (*CloudHsmClusterNotActiveException) Error 

func (e *CloudHsmClusterNotActiveException) Error() string

func (*CloudHsmClusterNotActiveException) ErrorCode 

func (e *CloudHsmClusterNotActiveException) ErrorCode() string

func (*CloudHsmClusterNotActiveException) ErrorFault 

func (e *CloudHsmClusterNotActiveException) ErrorFault() smithy.ErrorFault

func (*CloudHsmClusterNotActiveException) ErrorMessage 

func (e *CloudHsmClusterNotActiveException) ErrorMessage() string

type CloudHsmClusterNotFoundException 

type CloudHsmClusterNotFoundException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because KMS cannot find the CloudHSM cluster with the specified cluster ID. Retry the request with a different cluster ID.

func (*CloudHsmClusterNotFoundException) Error 

func (e *CloudHsmClusterNotFoundException) Error() string

func (*CloudHsmClusterNotFoundException) ErrorCode 

func (e *CloudHsmClusterNotFoundException) ErrorCode() string

func (*CloudHsmClusterNotFoundException) ErrorFault 

func (e *CloudHsmClusterNotFoundException) ErrorFault() smithy.ErrorFault

func (*CloudHsmClusterNotFoundException) ErrorMessage 

func (e *CloudHsmClusterNotFoundException) ErrorMessage() string

type CloudHsmClusterNotRelatedException 

type CloudHsmClusterNotRelatedException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the specified CloudHSM cluster has a different cluster certificate than the original cluster. You cannot use the operation to specify an unrelated cluster for an CloudHSM key store.

Specify an CloudHSM cluster that shares a backup history with the original cluster. This includes clusters that were created from a backup of the current cluster, and clusters that were created from the same backup that produced the current cluster.

CloudHSM clusters that share a backup history have the same cluster certificate. To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters operation.

func (*CloudHsmClusterNotRelatedException) Error 

func (e *CloudHsmClusterNotRelatedException) Error() string

func (*CloudHsmClusterNotRelatedException) ErrorCode 

func (e *CloudHsmClusterNotRelatedException) ErrorCode() string

func (*CloudHsmClusterNotRelatedException) ErrorFault 

func (e *CloudHsmClusterNotRelatedException) ErrorFault() smithy.ErrorFault

func (*CloudHsmClusterNotRelatedException) ErrorMessage 

func (e *CloudHsmClusterNotRelatedException) ErrorMessage() string

type ConflictException added in v1.31.0 

type ConflictException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because an automatic rotation of this key is currently in progress or scheduled to begin within the next 20 minutes.

func (*ConflictException) Error added in v1.31.0 

func (e *ConflictException) Error() string

func (*ConflictException) ErrorCode added in v1.31.0 

func (e *ConflictException) ErrorCode() string

func (*ConflictException) ErrorFault added in v1.31.0 

func (e *ConflictException) ErrorFault() smithy.ErrorFault

func (*ConflictException) ErrorMessage added in v1.31.0 

func (e *ConflictException) ErrorMessage() string

type ConnectionErrorCodeType 

type ConnectionErrorCodeType string
const (
	ConnectionErrorCodeTypeInvalidCredentials                        ConnectionErrorCodeType = "INVALID_CREDENTIALS"
	ConnectionErrorCodeTypeClusterNotFound                           ConnectionErrorCodeType = "CLUSTER_NOT_FOUND"
	ConnectionErrorCodeTypeNetworkErrors                             ConnectionErrorCodeType = "NETWORK_ERRORS"
	ConnectionErrorCodeTypeInternalError                             ConnectionErrorCodeType = "INTERNAL_ERROR"
	ConnectionErrorCodeTypeInsufficientCloudhsmHsms                  ConnectionErrorCodeType = "INSUFFICIENT_CLOUDHSM_HSMS"
	ConnectionErrorCodeTypeUserLockedOut                             ConnectionErrorCodeType = "USER_LOCKED_OUT"
	ConnectionErrorCodeTypeUserNotFound                              ConnectionErrorCodeType = "USER_NOT_FOUND"
	ConnectionErrorCodeTypeUserLoggedIn                              ConnectionErrorCodeType = "USER_LOGGED_IN"
	ConnectionErrorCodeTypeSubnetNotFound                            ConnectionErrorCodeType = "SUBNET_NOT_FOUND"
	ConnectionErrorCodeTypeInsufficientFreeAddressesInSubnet         ConnectionErrorCodeType = "INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET"
	ConnectionErrorCodeTypeXksProxyAccessDenied                      ConnectionErrorCodeType = "XKS_PROXY_ACCESS_DENIED"
	ConnectionErrorCodeTypeXksProxyNotReachable                      ConnectionErrorCodeType = "XKS_PROXY_NOT_REACHABLE"
	ConnectionErrorCodeTypeXksVpcEndpointServiceNotFound             ConnectionErrorCodeType = "XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND"
	ConnectionErrorCodeTypeXksProxyInvalidResponse                   ConnectionErrorCodeType = "XKS_PROXY_INVALID_RESPONSE"
	ConnectionErrorCodeTypeXksProxyInvalidConfiguration              ConnectionErrorCodeType = "XKS_PROXY_INVALID_CONFIGURATION"
	ConnectionErrorCodeTypeXksVpcEndpointServiceInvalidConfiguration ConnectionErrorCodeType = "XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION"
	ConnectionErrorCodeTypeXksProxyTimedOut                          ConnectionErrorCodeType = "XKS_PROXY_TIMED_OUT"
	ConnectionErrorCodeTypeXksProxyInvalidTlsConfiguration           ConnectionErrorCodeType = "XKS_PROXY_INVALID_TLS_CONFIGURATION"
)

Enum values for ConnectionErrorCodeType

func (ConnectionErrorCodeType) Values added in v0.29.0 

func (ConnectionErrorCodeType) Values() []ConnectionErrorCodeType

Values returns all known values for ConnectionErrorCodeType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type ConnectionStateType 

type ConnectionStateType string
const (
	ConnectionStateTypeConnected     ConnectionStateType = "CONNECTED"
	ConnectionStateTypeConnecting    ConnectionStateType = "CONNECTING"
	ConnectionStateTypeFailed        ConnectionStateType = "FAILED"
	ConnectionStateTypeDisconnected  ConnectionStateType = "DISCONNECTED"
	ConnectionStateTypeDisconnecting ConnectionStateType = "DISCONNECTING"
)

Enum values for ConnectionStateType

func (ConnectionStateType) Values added in v0.29.0 

func (ConnectionStateType) Values() []ConnectionStateType

Values returns all known values for ConnectionStateType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type CustomKeyStoreHasCMKsException 

type CustomKeyStoreHasCMKsException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the custom key store contains KMS keys. After verifying that you do not need to use the KMS keys, use the ScheduleKeyDeletionoperation to delete the KMS keys. After they are deleted, you can delete the custom key store.

func (*CustomKeyStoreHasCMKsException) Error 

func (e *CustomKeyStoreHasCMKsException) Error() string

func (*CustomKeyStoreHasCMKsException) ErrorCode 

func (e *CustomKeyStoreHasCMKsException) ErrorCode() string

func (*CustomKeyStoreHasCMKsException) ErrorFault 

func (e *CustomKeyStoreHasCMKsException) ErrorFault() smithy.ErrorFault

func (*CustomKeyStoreHasCMKsException) ErrorMessage 

func (e *CustomKeyStoreHasCMKsException) ErrorMessage() string

type CustomKeyStoreInvalidStateException 

type CustomKeyStoreInvalidStateException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because of the ConnectionState of the custom key store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores operation.

This exception is thrown under the following conditions:

  • You requested the ConnectCustomKeyStoreoperation on a custom key store with a ConnectionState of DISCONNECTING or FAILED . This operation is valid for all other ConnectionState values. To reconnect a custom key store in a FAILED state, disconnect it (DisconnectCustomKeyStore ), then connect it ( ConnectCustomKeyStore ).

  • You requested the CreateKeyoperation in a custom key store that is not connected. This operations is valid only when the custom key store ConnectionState is CONNECTED .

  • You requested the DisconnectCustomKeyStoreoperation on a custom key store with a ConnectionState of DISCONNECTING or DISCONNECTED . This operation is valid for all other ConnectionState values.

  • You requested the UpdateCustomKeyStoreor DeleteCustomKeyStoreoperation on a custom key store that is not disconnected. This operation is valid only when the custom key store ConnectionState is DISCONNECTED .

  • You requested the GenerateRandomoperation in an CloudHSM key store that is not connected. This operation is valid only when the CloudHSM key store ConnectionState is CONNECTED .

func (*CustomKeyStoreInvalidStateException) Error 

func (e *CustomKeyStoreInvalidStateException) Error() string

func (*CustomKeyStoreInvalidStateException) ErrorCode 

func (e *CustomKeyStoreInvalidStateException) ErrorCode() string

func (*CustomKeyStoreInvalidStateException) ErrorFault 

func (e *CustomKeyStoreInvalidStateException) ErrorFault() smithy.ErrorFault

func (*CustomKeyStoreInvalidStateException) ErrorMessage 

func (e *CustomKeyStoreInvalidStateException) ErrorMessage() string

type CustomKeyStoreNameInUseException 

type CustomKeyStoreNameInUseException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the specified custom key store name is already assigned to another custom key store in the account. Try again with a custom key store name that is unique in the account.

func (*CustomKeyStoreNameInUseException) Error 

func (e *CustomKeyStoreNameInUseException) Error() string

func (*CustomKeyStoreNameInUseException) ErrorCode 

func (e *CustomKeyStoreNameInUseException) ErrorCode() string

func (*CustomKeyStoreNameInUseException) ErrorFault 

func (e *CustomKeyStoreNameInUseException) ErrorFault() smithy.ErrorFault

func (*CustomKeyStoreNameInUseException) ErrorMessage 

func (e *CustomKeyStoreNameInUseException) ErrorMessage() string

type CustomKeyStoreNotFoundException 

type CustomKeyStoreNotFoundException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because KMS cannot find a custom key store with the specified key store name or ID.

func (*CustomKeyStoreNotFoundException) Error 

func (e *CustomKeyStoreNotFoundException) Error() string

func (*CustomKeyStoreNotFoundException) ErrorCode 

func (e *CustomKeyStoreNotFoundException) ErrorCode() string

func (*CustomKeyStoreNotFoundException) ErrorFault 

func (e *CustomKeyStoreNotFoundException) ErrorFault() smithy.ErrorFault

func (*CustomKeyStoreNotFoundException) ErrorMessage 

func (e *CustomKeyStoreNotFoundException) ErrorMessage() string

type CustomKeyStoreType added in v1.19.0 

type CustomKeyStoreType string
const (
	CustomKeyStoreTypeAwsCloudhsm      CustomKeyStoreType = "AWS_CLOUDHSM"
	CustomKeyStoreTypeExternalKeyStore CustomKeyStoreType = "EXTERNAL_KEY_STORE"
)

Enum values for CustomKeyStoreType

func (CustomKeyStoreType) Values added in v1.19.0 

func (CustomKeyStoreType) Values() []CustomKeyStoreType

Values returns all known values for CustomKeyStoreType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type CustomKeyStoresListEntry 

type CustomKeyStoresListEntry struct {

	// A unique identifier for the CloudHSM cluster that is associated with an
	// CloudHSM key store. This field appears only when the CustomKeyStoreType is
	// AWS_CLOUDHSM .
	CloudHsmClusterId *string

	// Describes the connection error. This field appears in the response only when
	// the ConnectionState is FAILED .
	//
	// Many failures can be resolved by updating the properties of the custom key
	// store. To update a custom key store, disconnect it (DisconnectCustomKeyStore ), correct the errors (UpdateCustomKeyStore ),
	// and try to connect again (ConnectCustomKeyStore ). For additional help resolving these errors, see [How to Fix a Connection Failure]
	// in Key Management Service Developer Guide.
	//
	// All custom key stores:
	//
	//   - INTERNAL_ERROR — KMS could not complete the request due to an internal
	//   error. Retry the request. For ConnectCustomKeyStore requests, disconnect the
	//   custom key store before trying to connect again.
	//
	//   - NETWORK_ERRORS — Network errors are preventing KMS from connecting the
	//   custom key store to its backing key store.
	//
	// CloudHSM key stores:
	//
	//   - CLUSTER_NOT_FOUND — KMS cannot find the CloudHSM cluster with the specified
	//   cluster ID.
	//
	//   - INSUFFICIENT_CLOUDHSM_HSMS — The associated CloudHSM cluster does not
	//   contain any active HSMs. To connect a custom key store to its CloudHSM cluster,
	//   the cluster must contain at least one active HSM.
	//
	//   - INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET — At least one private subnet
	//   associated with the CloudHSM cluster doesn't have any available IP addresses. A
	//   CloudHSM key store connection requires one free IP address in each of the
	//   associated private subnets, although two are preferable. For details, see [How to Fix a Connection Failure]in
	//   the Key Management Service Developer Guide.
	//
	//   - INVALID_CREDENTIALS — The KeyStorePassword for the custom key store doesn't
	//   match the current password of the kmsuser crypto user in the CloudHSM cluster.
	//   Before you can connect your custom key store to its CloudHSM cluster, you must
	//   change the kmsuser account password and update the KeyStorePassword value for
	//   the custom key store.
	//
	//   - SUBNET_NOT_FOUND — A subnet in the CloudHSM cluster configuration was
	//   deleted. If KMS cannot find all of the subnets in the cluster configuration,
	//   attempts to connect the custom key store to the CloudHSM cluster fail. To fix
	//   this error, create a cluster from a recent backup and associate it with your
	//   custom key store. (This process creates a new cluster configuration with a VPC
	//   and private subnets.) For details, see [How to Fix a Connection Failure]in the Key Management Service
	//   Developer Guide.
	//
	//   - USER_LOCKED_OUT — The kmsuser CU account is locked out of the associated
	//   CloudHSM cluster due to too many failed password attempts. Before you can
	//   connect your custom key store to its CloudHSM cluster, you must change the
	//   kmsuser account password and update the key store password value for the
	//   custom key store.
	//
	//   - USER_LOGGED_IN — The kmsuser CU account is logged into the associated
	//   CloudHSM cluster. This prevents KMS from rotating the kmsuser account password
	//   and logging into the cluster. Before you can connect your custom key store to
	//   its CloudHSM cluster, you must log the kmsuser CU out of the cluster. If you
	//   changed the kmsuser password to log into the cluster, you must also and update
	//   the key store password value for the custom key store. For help, see [How to Log Out and Reconnect]in the
	//   Key Management Service Developer Guide.
	//
	//   - USER_NOT_FOUND — KMS cannot find a kmsuser CU account in the associated
	//   CloudHSM cluster. Before you can connect your custom key store to its CloudHSM
	//   cluster, you must create a kmsuser CU account in the cluster, and then update
	//   the key store password value for the custom key store.
	//
	// External key stores:
	//
	//   - INVALID_CREDENTIALS — One or both of the XksProxyAuthenticationCredential
	//   values is not valid on the specified external key store proxy.
	//
	//   - XKS_PROXY_ACCESS_DENIED — KMS requests are denied access to the external key
	//   store proxy. If the external key store proxy has authorization rules, verify
	//   that they permit KMS to communicate with the proxy on your behalf.
	//
	//   - XKS_PROXY_INVALID_CONFIGURATION — A configuration error is preventing the
	//   external key store from connecting to its proxy. Verify the value of the
	//   XksProxyUriPath .
	//
	//   - XKS_PROXY_INVALID_RESPONSE — KMS cannot interpret the response from the
	//   external key store proxy. If you see this connection error code repeatedly,
	//   notify your external key store proxy vendor.
	//
	//   - XKS_PROXY_INVALID_TLS_CONFIGURATION — KMS cannot connect to the external key
	//   store proxy because the TLS configuration is invalid. Verify that the XKS proxy
	//   supports TLS 1.2 or 1.3. Also, verify that the TLS certificate is not expired,
	//   and that it matches the hostname in the XksProxyUriEndpoint value, and that it
	//   is signed by a certificate authority included in the [Trusted Certificate Authorities]list.
	//
	//   - XKS_PROXY_NOT_REACHABLE — KMS can't communicate with your external key store
	//   proxy. Verify that the XksProxyUriEndpoint and XksProxyUriPath are correct.
	//   Use the tools for your external key store proxy to verify that the proxy is
	//   active and available on its network. Also, verify that your external key manager
	//   instances are operating properly. Connection attempts fail with this connection
	//   error code if the proxy reports that all external key manager instances are
	//   unavailable.
	//
	//   - XKS_PROXY_TIMED_OUT — KMS can connect to the external key store proxy, but
	//   the proxy does not respond to KMS in the time allotted. If you see this
	//   connection error code repeatedly, notify your external key store proxy vendor.
	//
	//   - XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION — The Amazon VPC endpoint
	//   service configuration doesn't conform to the requirements for an KMS external
	//   key store.
	//
	//   - The VPC endpoint service must be an endpoint service for interface
	//   endpoints in the caller's Amazon Web Services account.
	//
	//   - It must have a network load balancer (NLB) connected to at least two
	//   subnets, each in a different Availability Zone.
	//
	//   - The Allow principals list must include the KMS service principal for the
	//   Region, cks.kms..amazonaws.com , such as cks.kms.us-east-1.amazonaws.com .
	//
	//   - It must not require [acceptance]of connection requests.
	//
	//   - It must have a private DNS name. The private DNS name for an external key
	//   store with VPC_ENDPOINT_SERVICE connectivity must be unique in its Amazon Web
	//   Services Region.
	//
	//   - The domain of the private DNS name must have a [verification status]of verified .
	//
	//   - The [TLS certificate]specifies the private DNS hostname at which the endpoint is reachable.
	//
	//   - XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND — KMS can't find the VPC endpoint service
	//   that it uses to communicate with the external key store proxy. Verify that the
	//   XksProxyVpcEndpointServiceName is correct and the KMS service principal has
	//   service consumer permissions on the Amazon VPC endpoint service.
	//
	// [acceptance]: https://docs.aws.amazon.com/vpc/latest/privatelink/create-endpoint-service.html
	// [verification status]: https://docs.aws.amazon.com/vpc/latest/privatelink/verify-domains.html
	// [How to Log Out and Reconnect]: https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#login-kmsuser-2
	// [TLS certificate]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html
	// [Trusted Certificate Authorities]: https://github.com/aws/aws-kms-xksproxy-api-spec/blob/main/TrustedCertificateAuthorities
	// [How to Fix a Connection Failure]: https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed
	ConnectionErrorCode ConnectionErrorCodeType

	// Indicates whether the custom key store is connected to its backing key store.
	// For an CloudHSM key store, the ConnectionState indicates whether it is
	// connected to its CloudHSM cluster. For an external key store, the
	// ConnectionState indicates whether it is connected to the external key store
	// proxy that communicates with your external key manager.
	//
	// You can create and use KMS keys in your custom key stores only when its
	// ConnectionState is CONNECTED .
	//
	// The ConnectionState value is DISCONNECTED only if the key store has never been
	// connected or you use the DisconnectCustomKeyStoreoperation to disconnect it. If the value is CONNECTED
	// but you are having trouble using the custom key store, make sure that the
	// backing key store is reachable and active. For an CloudHSM key store, verify
	// that its associated CloudHSM cluster is active and contains at least one active
	// HSM. For an external key store, verify that the external key store proxy and
	// external key manager are connected and enabled.
	//
	// A value of FAILED indicates that an attempt to connect was unsuccessful. The
	// ConnectionErrorCode field in the response indicates the cause of the failure.
	// For help resolving a connection failure, see [Troubleshooting a custom key store]in the Key Management Service
	// Developer Guide.
	//
	// [Troubleshooting a custom key store]: https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html
	ConnectionState ConnectionStateType

	// The date and time when the custom key store was created.
	CreationDate *time.Time

	// A unique identifier for the custom key store.
	CustomKeyStoreId *string

	// The user-specified friendly name for the custom key store.
	CustomKeyStoreName *string

	// Indicates the type of the custom key store. AWS_CLOUDHSM indicates a custom key
	// store backed by an CloudHSM cluster. EXTERNAL_KEY_STORE indicates a custom key
	// store backed by an external key store proxy and external key manager outside of
	// Amazon Web Services.
	CustomKeyStoreType CustomKeyStoreType

	// The trust anchor certificate of the CloudHSM cluster associated with an
	// CloudHSM key store. When you [initialize the cluster], you create this certificate and save it in the
	// customerCA.crt file.
	//
	// This field appears only when the CustomKeyStoreType is AWS_CLOUDHSM .
	//
	// [initialize the cluster]: https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr
	TrustAnchorCertificate *string

	// Configuration settings for the external key store proxy (XKS proxy). The
	// external key store proxy translates KMS requests into a format that your
	// external key manager can understand. The proxy configuration includes connection
	// information that KMS requires.
	//
	// This field appears only when the CustomKeyStoreType is EXTERNAL_KEY_STORE .
	XksProxyConfiguration *XksProxyConfigurationType
	// contains filtered or unexported fields
}

Contains information about each custom key store in the custom key store list.

type CustomerMasterKeySpec 

type CustomerMasterKeySpec string
const (
	CustomerMasterKeySpecRsa2048          CustomerMasterKeySpec = "RSA_2048"
	CustomerMasterKeySpecRsa3072          CustomerMasterKeySpec = "RSA_3072"
	CustomerMasterKeySpecRsa4096          CustomerMasterKeySpec = "RSA_4096"
	CustomerMasterKeySpecEccNistP256      CustomerMasterKeySpec = "ECC_NIST_P256"
	CustomerMasterKeySpecEccNistP384      CustomerMasterKeySpec = "ECC_NIST_P384"
	CustomerMasterKeySpecEccNistP521      CustomerMasterKeySpec = "ECC_NIST_P521"
	CustomerMasterKeySpecEccSecgP256k1    CustomerMasterKeySpec = "ECC_SECG_P256K1"
	CustomerMasterKeySpecSymmetricDefault CustomerMasterKeySpec = "SYMMETRIC_DEFAULT"
	CustomerMasterKeySpecHmac224          CustomerMasterKeySpec = "HMAC_224"
	CustomerMasterKeySpecHmac256          CustomerMasterKeySpec = "HMAC_256"
	CustomerMasterKeySpecHmac384          CustomerMasterKeySpec = "HMAC_384"
	CustomerMasterKeySpecHmac512          CustomerMasterKeySpec = "HMAC_512"
	CustomerMasterKeySpecSm2              CustomerMasterKeySpec = "SM2"
)

Enum values for CustomerMasterKeySpec

func (CustomerMasterKeySpec) Values added in v0.29.0 

func (CustomerMasterKeySpec) Values() []CustomerMasterKeySpec

Values returns all known values for CustomerMasterKeySpec. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type DataKeyPairSpec 

type DataKeyPairSpec string
const (
	DataKeyPairSpecRsa2048       DataKeyPairSpec = "RSA_2048"
	DataKeyPairSpecRsa3072       DataKeyPairSpec = "RSA_3072"
	DataKeyPairSpecRsa4096       DataKeyPairSpec = "RSA_4096"
	DataKeyPairSpecEccNistP256   DataKeyPairSpec = "ECC_NIST_P256"
	DataKeyPairSpecEccNistP384   DataKeyPairSpec = "ECC_NIST_P384"
	DataKeyPairSpecEccNistP521   DataKeyPairSpec = "ECC_NIST_P521"
	DataKeyPairSpecEccSecgP256k1 DataKeyPairSpec = "ECC_SECG_P256K1"
	DataKeyPairSpecSm2           DataKeyPairSpec = "SM2"
)

Enum values for DataKeyPairSpec

func (DataKeyPairSpec) Values added in v0.29.0 

func (DataKeyPairSpec) Values() []DataKeyPairSpec

Values returns all known values for DataKeyPairSpec. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type DataKeySpec 

type DataKeySpec string
const (
	DataKeySpecAes256 DataKeySpec = "AES_256"
	DataKeySpecAes128 DataKeySpec = "AES_128"
)

Enum values for DataKeySpec

func (DataKeySpec) Values added in v0.29.0 

func (DataKeySpec) Values() []DataKeySpec

Values returns all known values for DataKeySpec. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type DependencyTimeoutException 

type DependencyTimeoutException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The system timed out while trying to fulfill the request. You can retry the request.

func (*DependencyTimeoutException) Error 

func (e *DependencyTimeoutException) Error() string

func (*DependencyTimeoutException) ErrorCode 

func (e *DependencyTimeoutException) ErrorCode() string

func (*DependencyTimeoutException) ErrorFault 

func (e *DependencyTimeoutException) ErrorFault() smithy.ErrorFault

func (*DependencyTimeoutException) ErrorMessage 

func (e *DependencyTimeoutException) ErrorMessage() string

type DisabledException 

type DisabledException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the specified KMS key is not enabled.

func (*DisabledException) Error 

func (e *DisabledException) Error() string

func (*DisabledException) ErrorCode 

func (e *DisabledException) ErrorCode() string

func (*DisabledException) ErrorFault 

func (e *DisabledException) ErrorFault() smithy.ErrorFault

func (*DisabledException) ErrorMessage 

func (e *DisabledException) ErrorMessage() string

type DryRunOperationException added in v1.23.0 

type DryRunOperationException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the DryRun parameter was specified.

func (*DryRunOperationException) Error added in v1.23.0 

func (e *DryRunOperationException) Error() string

func (*DryRunOperationException) ErrorCode added in v1.23.0 

func (e *DryRunOperationException) ErrorCode() string

func (*DryRunOperationException) ErrorFault added in v1.23.0 

func (e *DryRunOperationException) ErrorFault() smithy.ErrorFault

func (*DryRunOperationException) ErrorMessage added in v1.23.0 

func (e *DryRunOperationException) ErrorMessage() string

type EncryptionAlgorithmSpec 

type EncryptionAlgorithmSpec string
const (
	EncryptionAlgorithmSpecSymmetricDefault EncryptionAlgorithmSpec = "SYMMETRIC_DEFAULT"
	EncryptionAlgorithmSpecRsaesOaepSha1    EncryptionAlgorithmSpec = "RSAES_OAEP_SHA_1"
	EncryptionAlgorithmSpecRsaesOaepSha256  EncryptionAlgorithmSpec = "RSAES_OAEP_SHA_256"
	EncryptionAlgorithmSpecSm2pke           EncryptionAlgorithmSpec = "SM2PKE"
)

Enum values for EncryptionAlgorithmSpec

func (EncryptionAlgorithmSpec) Values added in v0.29.0 

func (EncryptionAlgorithmSpec) Values() []EncryptionAlgorithmSpec

Values returns all known values for EncryptionAlgorithmSpec. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type ExpirationModelType 

type ExpirationModelType string
const (
	ExpirationModelTypeKeyMaterialExpires       ExpirationModelType = "KEY_MATERIAL_EXPIRES"
	ExpirationModelTypeKeyMaterialDoesNotExpire ExpirationModelType = "KEY_MATERIAL_DOES_NOT_EXPIRE"
)

Enum values for ExpirationModelType

func (ExpirationModelType) Values added in v0.29.0 

func (ExpirationModelType) Values() []ExpirationModelType

Values returns all known values for ExpirationModelType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type ExpiredImportTokenException 

type ExpiredImportTokenException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the specified import token is expired. Use GetParametersForImport to get a new import token and public key, use the new public key to encrypt the key material, and then try the request again.

func (*ExpiredImportTokenException) Error 

func (e *ExpiredImportTokenException) Error() string

func (*ExpiredImportTokenException) ErrorCode 

func (e *ExpiredImportTokenException) ErrorCode() string

func (*ExpiredImportTokenException) ErrorFault 

func (e *ExpiredImportTokenException) ErrorFault() smithy.ErrorFault

func (*ExpiredImportTokenException) ErrorMessage 

func (e *ExpiredImportTokenException) ErrorMessage() string

type GrantConstraints 

type GrantConstraints struct {

	// A list of key-value pairs that must match the encryption context in the [cryptographic operation]
	// request. The grant allows the operation only when the encryption context in the
	// request is the same as the encryption context specified in this constraint.
	//
	// [cryptographic operation]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
	EncryptionContextEquals map[string]string

	// A list of key-value pairs that must be included in the encryption context of
	// the [cryptographic operation]request. The grant allows the cryptographic operation only when the
	// encryption context in the request includes the key-value pairs specified in this
	// constraint, although it can include additional key-value pairs.
	//
	// [cryptographic operation]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
	EncryptionContextSubset map[string]string
	// contains filtered or unexported fields
}

Use this structure to allow cryptographic operations in the grant only when the operation request includes the specified encryption context.

KMS applies the grant constraints only to cryptographic operations that support an encryption context, that is, all cryptographic operations with a symmetric KMS key. Grant constraints are not applied to operations that do not support an encryption context, such as cryptographic operations with asymmetric KMS keys and management operations, such as DescribeKeyor RetireGrant.

In a cryptographic operation, the encryption context in the decryption operation must be an exact, case-sensitive match for the keys and values in the encryption context of the encryption operation. Only the order of the pairs can vary.

However, in a grant constraint, the key in each key-value pair is not case sensitive, but the value is case sensitive.

To avoid confusion, do not use multiple encryption context pairs that differ only by case. To require a fully case-sensitive encryption context, use the kms:EncryptionContext: and kms:EncryptionContextKeys conditions in an IAM or key policy. For details, see kms:EncryptionContext:in the Key Management Service Developer Guide .

type GrantListEntry 

type GrantListEntry struct {

	// A list of key-value pairs that must be present in the encryption context of
	// certain subsequent operations that the grant allows.
	Constraints *GrantConstraints

	// The date and time when the grant was created.
	CreationDate *time.Time

	// The unique identifier for the grant.
	GrantId *string

	// The identity that gets the permissions in the grant.
	//
	// The GranteePrincipal field in the ListGrants response usually contains the user
	// or role designated as the grantee principal in the grant. However, when the
	// grantee principal in the grant is an Amazon Web Services service, the
	// GranteePrincipal field contains the [service principal], which might represent several different
	// grantee principals.
	//
	// [service principal]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services
	GranteePrincipal *string

	// The Amazon Web Services account under which the grant was issued.
	IssuingAccount *string

	// The unique identifier for the KMS key to which the grant applies.
	KeyId *string

	// The friendly name that identifies the grant. If a name was provided in the CreateGrant
	// request, that name is returned. Otherwise this value is null.
	Name *string

	// The list of operations permitted by the grant.
	Operations []GrantOperation

	// The principal that can retire the grant.
	RetiringPrincipal *string
	// contains filtered or unexported fields
}

Contains information about a grant.

type GrantOperation 

type GrantOperation string
const (
	GrantOperationDecrypt                             GrantOperation = "Decrypt"
	GrantOperationEncrypt                             GrantOperation = "Encrypt"
	GrantOperationGenerateDataKey                     GrantOperation = "GenerateDataKey"
	GrantOperationGenerateDataKeyWithoutPlaintext     GrantOperation = "GenerateDataKeyWithoutPlaintext"
	GrantOperationReEncryptFrom                       GrantOperation = "ReEncryptFrom"
	GrantOperationReEncryptTo                         GrantOperation = "ReEncryptTo"
	GrantOperationSign                                GrantOperation = "Sign"
	GrantOperationVerify                              GrantOperation = "Verify"
	GrantOperationGetPublicKey                        GrantOperation = "GetPublicKey"
	GrantOperationCreateGrant                         GrantOperation = "CreateGrant"
	GrantOperationRetireGrant                         GrantOperation = "RetireGrant"
	GrantOperationDescribeKey                         GrantOperation = "DescribeKey"
	GrantOperationGenerateDataKeyPair                 GrantOperation = "GenerateDataKeyPair"
	GrantOperationGenerateDataKeyPairWithoutPlaintext GrantOperation = "GenerateDataKeyPairWithoutPlaintext"
	GrantOperationGenerateMac                         GrantOperation = "GenerateMac"
	GrantOperationVerifyMac                           GrantOperation = "VerifyMac"
)

Enum values for GrantOperation

func (GrantOperation) Values added in v0.29.0 

func (GrantOperation) Values() []GrantOperation

Values returns all known values for GrantOperation. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type IncorrectKeyException 

type IncorrectKeyException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the specified KMS key cannot decrypt the data. The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request must identify the same KMS key that was used to encrypt the ciphertext.

func (*IncorrectKeyException) Error 

func (e *IncorrectKeyException) Error() string

func (*IncorrectKeyException) ErrorCode 

func (e *IncorrectKeyException) ErrorCode() string

func (*IncorrectKeyException) ErrorFault 

func (e *IncorrectKeyException) ErrorFault() smithy.ErrorFault

func (*IncorrectKeyException) ErrorMessage 

func (e *IncorrectKeyException) ErrorMessage() string

type IncorrectKeyMaterialException 

type IncorrectKeyMaterialException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the key material in the request is, expired, invalid, or is not the same key material that was previously imported into this KMS key.

func (*IncorrectKeyMaterialException) Error 

func (e *IncorrectKeyMaterialException) Error() string

func (*IncorrectKeyMaterialException) ErrorCode 

func (e *IncorrectKeyMaterialException) ErrorCode() string

func (*IncorrectKeyMaterialException) ErrorFault 

func (e *IncorrectKeyMaterialException) ErrorFault() smithy.ErrorFault

func (*IncorrectKeyMaterialException) ErrorMessage 

func (e *IncorrectKeyMaterialException) ErrorMessage() string

type IncorrectTrustAnchorException 

type IncorrectTrustAnchorException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the trust anchor certificate in the request to create an CloudHSM key store is not the trust anchor certificate for the specified CloudHSM cluster.

When you initialize the CloudHSM cluster, you create the trust anchor certificate and save it in the customerCA.crt file.

func (*IncorrectTrustAnchorException) Error 

func (e *IncorrectTrustAnchorException) Error() string

func (*IncorrectTrustAnchorException) ErrorCode 

func (e *IncorrectTrustAnchorException) ErrorCode() string

func (*IncorrectTrustAnchorException) ErrorFault 

func (e *IncorrectTrustAnchorException) ErrorFault() smithy.ErrorFault

func (*IncorrectTrustAnchorException) ErrorMessage 

func (e *IncorrectTrustAnchorException) ErrorMessage() string

type InvalidAliasNameException 

type InvalidAliasNameException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the specified alias name is not valid.

func (*InvalidAliasNameException) Error 

func (e *InvalidAliasNameException) Error() string

func (*InvalidAliasNameException) ErrorCode 

func (e *InvalidAliasNameException) ErrorCode() string

func (*InvalidAliasNameException) ErrorFault 

func (e *InvalidAliasNameException) ErrorFault() smithy.ErrorFault

func (*InvalidAliasNameException) ErrorMessage 

func (e *InvalidAliasNameException) ErrorMessage() string

type InvalidArnException 

type InvalidArnException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because a specified ARN, or an ARN in a key policy, is not valid.

func (*InvalidArnException) Error 

func (e *InvalidArnException) Error() string

func (*InvalidArnException) ErrorCode 

func (e *InvalidArnException) ErrorCode() string

func (*InvalidArnException) ErrorFault 

func (e *InvalidArnException) ErrorFault() smithy.ErrorFault

func (*InvalidArnException) ErrorMessage 

func (e *InvalidArnException) ErrorMessage() string

type InvalidCiphertextException 

type InvalidCiphertextException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

From the Decrypt or ReEncrypt operation, the request was rejected because the specified ciphertext, or additional authenticated data incorporated into the ciphertext, such as the encryption context, is corrupted, missing, or otherwise invalid.

From the ImportKeyMaterial operation, the request was rejected because KMS could not decrypt the encrypted (wrapped) key material.

func (*InvalidCiphertextException) Error 

func (e *InvalidCiphertextException) Error() string

func (*InvalidCiphertextException) ErrorCode 

func (e *InvalidCiphertextException) ErrorCode() string

func (*InvalidCiphertextException) ErrorFault 

func (e *InvalidCiphertextException) ErrorFault() smithy.ErrorFault

func (*InvalidCiphertextException) ErrorMessage 

func (e *InvalidCiphertextException) ErrorMessage() string

type InvalidGrantIdException 

type InvalidGrantIdException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the specified GrantId is not valid.

func (*InvalidGrantIdException) Error 

func (e *InvalidGrantIdException) Error() string

func (*InvalidGrantIdException) ErrorCode 

func (e *InvalidGrantIdException) ErrorCode() string

func (*InvalidGrantIdException) ErrorFault 

func (e *InvalidGrantIdException) ErrorFault() smithy.ErrorFault

func (*InvalidGrantIdException) ErrorMessage 

func (e *InvalidGrantIdException) ErrorMessage() string

type InvalidGrantTokenException 

type InvalidGrantTokenException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the specified grant token is not valid.

func (*InvalidGrantTokenException) Error 

func (e *InvalidGrantTokenException) Error() string

func (*InvalidGrantTokenException) ErrorCode 

func (e *InvalidGrantTokenException) ErrorCode() string

func (*InvalidGrantTokenException) ErrorFault 

func (e *InvalidGrantTokenException) ErrorFault() smithy.ErrorFault

func (*InvalidGrantTokenException) ErrorMessage 

func (e *InvalidGrantTokenException) ErrorMessage() string

type InvalidImportTokenException 

type InvalidImportTokenException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the provided import token is invalid or is associated with a different KMS key.

func (*InvalidImportTokenException) Error 

func (e *InvalidImportTokenException) Error() string

func (*InvalidImportTokenException) ErrorCode 

func (e *InvalidImportTokenException) ErrorCode() string

func (*InvalidImportTokenException) ErrorFault 

func (e *InvalidImportTokenException) ErrorFault() smithy.ErrorFault

func (*InvalidImportTokenException) ErrorMessage 

func (e *InvalidImportTokenException) ErrorMessage() string

type InvalidKeyUsageException 

type InvalidKeyUsageException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected for one of the following reasons:

  • The KeyUsage value of the KMS key is incompatible with the API operation.

  • The encryption algorithm or signing algorithm specified for the operation is incompatible with the type of key material in the KMS key (KeySpec ).

For encrypting, decrypting, re-encrypting, and generating data keys, the KeyUsage must be ENCRYPT_DECRYPT . For signing and verifying messages, the KeyUsage must be SIGN_VERIFY . For generating and verifying message authentication codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC . To find the KeyUsage of a KMS key, use the DescribeKey operation.

To find the encryption or signing algorithms supported for a particular KMS key, use the DescribeKeyoperation.

func (*InvalidKeyUsageException) Error 

func (e *InvalidKeyUsageException) Error() string

func (*InvalidKeyUsageException) ErrorCode 

func (e *InvalidKeyUsageException) ErrorCode() string

func (*InvalidKeyUsageException) ErrorFault 

func (e *InvalidKeyUsageException) ErrorFault() smithy.ErrorFault

func (*InvalidKeyUsageException) ErrorMessage 

func (e *InvalidKeyUsageException) ErrorMessage() string

type InvalidMarkerException 

type InvalidMarkerException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the marker that specifies where pagination should next begin is not valid.

func (*InvalidMarkerException) Error 

func (e *InvalidMarkerException) Error() string

func (*InvalidMarkerException) ErrorCode 

func (e *InvalidMarkerException) ErrorCode() string

func (*InvalidMarkerException) ErrorFault 

func (e *InvalidMarkerException) ErrorFault() smithy.ErrorFault

func (*InvalidMarkerException) ErrorMessage 

func (e *InvalidMarkerException) ErrorMessage() string

type KMSInternalException 

type KMSInternalException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because an internal exception occurred. The request can be retried.

func (*KMSInternalException) Error 

func (e *KMSInternalException) Error() string

func (*KMSInternalException) ErrorCode 

func (e *KMSInternalException) ErrorCode() string

func (*KMSInternalException) ErrorFault 

func (e *KMSInternalException) ErrorFault() smithy.ErrorFault

func (*KMSInternalException) ErrorMessage 

func (e *KMSInternalException) ErrorMessage() string

type KMSInvalidMacException added in v1.17.0 

type KMSInvalidMacException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the HMAC verification failed. HMAC verification fails when the HMAC computed by using the specified message, HMAC KMS key, and MAC algorithm does not match the HMAC specified in the request.

func (*KMSInvalidMacException) Error added in v1.17.0 

func (e *KMSInvalidMacException) Error() string

func (*KMSInvalidMacException) ErrorCode added in v1.17.0 

func (e *KMSInvalidMacException) ErrorCode() string

func (*KMSInvalidMacException) ErrorFault added in v1.17.0 

func (e *KMSInvalidMacException) ErrorFault() smithy.ErrorFault

func (*KMSInvalidMacException) ErrorMessage added in v1.17.0 

func (e *KMSInvalidMacException) ErrorMessage() string

type KMSInvalidSignatureException 

type KMSInvalidSignatureException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the signature verification failed. Signature verification fails when it cannot confirm that signature was produced by signing the specified message with the specified KMS key and signing algorithm.

func (*KMSInvalidSignatureException) Error 

func (e *KMSInvalidSignatureException) Error() string

func (*KMSInvalidSignatureException) ErrorCode 

func (e *KMSInvalidSignatureException) ErrorCode() string

func (*KMSInvalidSignatureException) ErrorFault 

func (e *KMSInvalidSignatureException) ErrorFault() smithy.ErrorFault

func (*KMSInvalidSignatureException) ErrorMessage 

func (e *KMSInvalidSignatureException) ErrorMessage() string

type KMSInvalidStateException 

type KMSInvalidStateException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the state of the specified resource is not valid for this request.

This exceptions means one of the following:

  • The key state of the KMS key is not compatible with the operation.

To find the key state, use the DescribeKeyoperation. For more information about which key 

states are compatible with each KMS operation, see [Key states of KMS keys]in the Key Management
Service Developer Guide .

- For cryptographic operations on KMS keys in custom key stores, this
exception represents a general failure with many possible causes. To identify
the cause, see the error message that accompanies the exception.

func (*KMSInvalidStateException) Error 

func (e *KMSInvalidStateException) Error() string

func (*KMSInvalidStateException) ErrorCode 

func (e *KMSInvalidStateException) ErrorCode() string

func (*KMSInvalidStateException) ErrorFault 

func (e *KMSInvalidStateException) ErrorFault() smithy.ErrorFault

func (*KMSInvalidStateException) ErrorMessage 

func (e *KMSInvalidStateException) ErrorMessage() string

type KeyEncryptionMechanism added in v1.21.0 

type KeyEncryptionMechanism string
const (
	KeyEncryptionMechanismRsaesOaepSha256 KeyEncryptionMechanism = "RSAES_OAEP_SHA_256"
)

Enum values for KeyEncryptionMechanism

func (KeyEncryptionMechanism) Values added in v1.21.0 

func (KeyEncryptionMechanism) Values() []KeyEncryptionMechanism

Values returns all known values for KeyEncryptionMechanism. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type KeyListEntry 

type KeyListEntry struct {

	// ARN of the key.
	KeyArn *string

	// Unique identifier of the key.
	KeyId *string
	// contains filtered or unexported fields
}

Contains information about each entry in the key list.

type KeyManagerType 

type KeyManagerType string
const (
	KeyManagerTypeAws      KeyManagerType = "AWS"
	KeyManagerTypeCustomer KeyManagerType = "CUSTOMER"
)

Enum values for KeyManagerType

func (KeyManagerType) Values added in v0.29.0 

func (KeyManagerType) Values() []KeyManagerType

Values returns all known values for KeyManagerType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type KeyMetadata 

type KeyMetadata struct {

	// The globally unique identifier for the KMS key.
	//
	// This member is required.
	KeyId *string

	// The twelve-digit account ID of the Amazon Web Services account that owns the
	// KMS key.
	AWSAccountId *string

	// The Amazon Resource Name (ARN) of the KMS key. For examples, see [Key Management Service (KMS)] in the
	// Example ARNs section of the Amazon Web Services General Reference.
	//
	// [Key Management Service (KMS)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms
	Arn *string

	// The cluster ID of the CloudHSM cluster that contains the key material for the
	// KMS key. When you create a KMS key in an CloudHSM [custom key store], KMS creates the key
	// material for the KMS key in the associated CloudHSM cluster. This field is
	// present only when the KMS key is created in an CloudHSM key store.
	//
	// [custom key store]: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
	CloudHsmClusterId *string

	// The date and time when the KMS key was created.
	CreationDate *time.Time

	// A unique identifier for the [custom key store] that contains the KMS key. This field is present
	// only when the KMS key is created in a custom key store.
	//
	// [custom key store]: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
	CustomKeyStoreId *string

	// Instead, use the KeySpec field.
	//
	// The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend
	// that you use the KeySpec field in your code. However, to avoid breaking
	// changes, KMS supports both fields.
	//
	// Deprecated: This field has been deprecated. Instead, use the KeySpec field.
	CustomerMasterKeySpec CustomerMasterKeySpec

	// The date and time after which KMS deletes this KMS key. This value is present
	// only when the KMS key is scheduled for deletion, that is, when its KeyState is
	// PendingDeletion .
	//
	// When the primary key in a multi-Region key is scheduled for deletion but still
	// has replica keys, its key state is PendingReplicaDeletion and the length of its
	// waiting period is displayed in the PendingDeletionWindowInDays field.
	DeletionDate *time.Time

	// The description of the KMS key.
	Description *string

	// Specifies whether the KMS key is enabled. When KeyState is Enabled this value
	// is true, otherwise it is false.
	Enabled bool

	// The encryption algorithms that the KMS key supports. You cannot use the KMS key
	// with other encryption algorithms within KMS.
	//
	// This value is present only when the KeyUsage of the KMS key is ENCRYPT_DECRYPT .
	EncryptionAlgorithms []EncryptionAlgorithmSpec

	// Specifies whether the KMS key's key material expires. This value is present
	// only when Origin is EXTERNAL , otherwise this value is omitted.
	ExpirationModel ExpirationModelType

	// The manager of the KMS key. KMS keys in your Amazon Web Services account are
	// either customer managed or Amazon Web Services managed. For more information
	// about the difference, see [KMS keys]in the Key Management Service Developer Guide.
	//
	// [KMS keys]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys
	KeyManager KeyManagerType

	// Describes the type of key material in the KMS key.
	KeySpec KeySpec

	// The current status of the KMS key.
	//
	// For more information about how key state affects the use of a KMS key, see [Key states of KMS keys] in
	// the Key Management Service Developer Guide.
	//
	// [Key states of KMS keys]: https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
	KeyState KeyState

	// The [cryptographic operations] for which you can use the KMS key.
	//
	// [cryptographic operations]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
	KeyUsage KeyUsageType

	// The message authentication code (MAC) algorithm that the HMAC KMS key supports.
	//
	// This value is present only when the KeyUsage of the KMS key is
	// GENERATE_VERIFY_MAC .
	MacAlgorithms []MacAlgorithmSpec

	// Indicates whether the KMS key is a multi-Region ( True ) or regional ( False )
	// key. This value is True for multi-Region primary and replica keys and False for
	// regional KMS keys.
	//
	// For more information about multi-Region keys, see [Multi-Region keys in KMS] in the Key Management
	// Service Developer Guide.
	//
	// [Multi-Region keys in KMS]: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html
	MultiRegion *bool

	// Lists the primary and replica keys in same multi-Region key. This field is
	// present only when the value of the MultiRegion field is True .
	//
	// For more information about any listed KMS key, use the DescribeKey operation.
	//
	//   - MultiRegionKeyType indicates whether the KMS key is a PRIMARY or REPLICA key.
	//
	//   - PrimaryKey displays the key ARN and Region of the primary key. This field
	//   displays the current KMS key if it is the primary key.
	//
	//   - ReplicaKeys displays the key ARNs and Regions of all replica keys. This
	//   field includes the current KMS key if it is a replica key.
	MultiRegionConfiguration *MultiRegionConfiguration

	// The source of the key material for the KMS key. When this value is AWS_KMS , KMS
	// created the key material. When this value is EXTERNAL , the key material was
	// imported or the KMS key doesn't have any key material. When this value is
	// AWS_CLOUDHSM , the key material was created in the CloudHSM cluster associated
	// with a custom key store.
	Origin OriginType

	// The waiting period before the primary key in a multi-Region key is deleted.
	// This waiting period begins when the last of its replica keys is deleted. This
	// value is present only when the KeyState of the KMS key is PendingReplicaDeletion
	// . That indicates that the KMS key is the primary key in a multi-Region key, it
	// is scheduled for deletion, and it still has existing replica keys.
	//
	// When a single-Region KMS key or a multi-Region replica key is scheduled for
	// deletion, its deletion date is displayed in the DeletionDate field. However,
	// when the primary key in a multi-Region key is scheduled for deletion, its
	// waiting period doesn't begin until all of its replica keys are deleted. This
	// value displays that waiting period. When the last replica key in the
	// multi-Region key is deleted, the KeyState of the scheduled primary key changes
	// from PendingReplicaDeletion to PendingDeletion and the deletion date appears in
	// the DeletionDate field.
	PendingDeletionWindowInDays *int32

	// The signing algorithms that the KMS key supports. You cannot use the KMS key
	// with other signing algorithms within KMS.
	//
	// This field appears only when the KeyUsage of the KMS key is SIGN_VERIFY .
	SigningAlgorithms []SigningAlgorithmSpec

	// The time at which the imported key material expires. When the key material
	// expires, KMS deletes the key material and the KMS key becomes unusable. This
	// value is present only for KMS keys whose Origin is EXTERNAL and whose
	// ExpirationModel is KEY_MATERIAL_EXPIRES , otherwise this value is omitted.
	ValidTo *time.Time

	// Information about the external key that is associated with a KMS key in an
	// external key store.
	//
	// For more information, see [External key] in the Key Management Service Developer Guide.
	//
	// [External key]: https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key
	XksKeyConfiguration *XksKeyConfigurationType
	// contains filtered or unexported fields
}

Contains metadata about a KMS key.

This data type is used as a response element for the CreateKey, DescribeKey, and ReplicateKey operations.

type KeySpec added in v1.6.0 

type KeySpec string
const (
	KeySpecRsa2048          KeySpec = "RSA_2048"
	KeySpecRsa3072          KeySpec = "RSA_3072"
	KeySpecRsa4096          KeySpec = "RSA_4096"
	KeySpecEccNistP256      KeySpec = "ECC_NIST_P256"
	KeySpecEccNistP384      KeySpec = "ECC_NIST_P384"
	KeySpecEccNistP521      KeySpec = "ECC_NIST_P521"
	KeySpecEccSecgP256k1    KeySpec = "ECC_SECG_P256K1"
	KeySpecSymmetricDefault KeySpec = "SYMMETRIC_DEFAULT"
	KeySpecHmac224          KeySpec = "HMAC_224"
	KeySpecHmac256          KeySpec = "HMAC_256"
	KeySpecHmac384          KeySpec = "HMAC_384"
	KeySpecHmac512          KeySpec = "HMAC_512"
	KeySpecSm2              KeySpec = "SM2"
)

Enum values for KeySpec

func (KeySpec) Values added in v1.6.0 

func (KeySpec) Values() []KeySpec

Values returns all known values for KeySpec. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type KeyState 

type KeyState string
const (
	KeyStateCreating               KeyState = "Creating"
	KeyStateEnabled                KeyState = "Enabled"
	KeyStateDisabled               KeyState = "Disabled"
	KeyStatePendingDeletion        KeyState = "PendingDeletion"
	KeyStatePendingImport          KeyState = "PendingImport"
	KeyStatePendingReplicaDeletion KeyState = "PendingReplicaDeletion"
	KeyStateUnavailable            KeyState = "Unavailable"
	KeyStateUpdating               KeyState = "Updating"
)

Enum values for KeyState

func (KeyState) Values added in v0.29.0 

func (KeyState) Values() []KeyState

Values returns all known values for KeyState. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type KeyUnavailableException 

type KeyUnavailableException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the specified KMS key was not available. You can retry the request.

func (*KeyUnavailableException) Error 

func (e *KeyUnavailableException) Error() string

func (*KeyUnavailableException) ErrorCode 

func (e *KeyUnavailableException) ErrorCode() string

func (*KeyUnavailableException) ErrorFault 

func (e *KeyUnavailableException) ErrorFault() smithy.ErrorFault

func (*KeyUnavailableException) ErrorMessage 

func (e *KeyUnavailableException) ErrorMessage() string

type KeyUsageType 

type KeyUsageType string
const (
	KeyUsageTypeSignVerify        KeyUsageType = "SIGN_VERIFY"
	KeyUsageTypeEncryptDecrypt    KeyUsageType = "ENCRYPT_DECRYPT"
	KeyUsageTypeGenerateVerifyMac KeyUsageType = "GENERATE_VERIFY_MAC"
)

Enum values for KeyUsageType

func (KeyUsageType) Values added in v0.29.0 

func (KeyUsageType) Values() []KeyUsageType

Values returns all known values for KeyUsageType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type LimitExceededException 

type LimitExceededException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because a quota was exceeded. For more information, see Quotasin the Key Management Service Developer Guide.

func (*LimitExceededException) Error 

func (e *LimitExceededException) Error() string

func (*LimitExceededException) ErrorCode 

func (e *LimitExceededException) ErrorCode() string

func (*LimitExceededException) ErrorFault 

func (e *LimitExceededException) ErrorFault() smithy.ErrorFault

func (*LimitExceededException) ErrorMessage 

func (e *LimitExceededException) ErrorMessage() string

type MacAlgorithmSpec added in v1.17.0 

type MacAlgorithmSpec string
const (
	MacAlgorithmSpecHmacSha224 MacAlgorithmSpec = "HMAC_SHA_224"
	MacAlgorithmSpecHmacSha256 MacAlgorithmSpec = "HMAC_SHA_256"
	MacAlgorithmSpecHmacSha384 MacAlgorithmSpec = "HMAC_SHA_384"
	MacAlgorithmSpecHmacSha512 MacAlgorithmSpec = "HMAC_SHA_512"
)

Enum values for MacAlgorithmSpec

func (MacAlgorithmSpec) Values added in v1.17.0 

func (MacAlgorithmSpec) Values() []MacAlgorithmSpec

Values returns all known values for MacAlgorithmSpec. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type MalformedPolicyDocumentException 

type MalformedPolicyDocumentException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the specified policy is not syntactically or semantically correct.

func (*MalformedPolicyDocumentException) Error 

func (e *MalformedPolicyDocumentException) Error() string

func (*MalformedPolicyDocumentException) ErrorCode 

func (e *MalformedPolicyDocumentException) ErrorCode() string

func (*MalformedPolicyDocumentException) ErrorFault 

func (e *MalformedPolicyDocumentException) ErrorFault() smithy.ErrorFault

func (*MalformedPolicyDocumentException) ErrorMessage 

func (e *MalformedPolicyDocumentException) ErrorMessage() string

type MessageType 

type MessageType string
const (
	MessageTypeRaw    MessageType = "RAW"
	MessageTypeDigest MessageType = "DIGEST"
)

Enum values for MessageType

func (MessageType) Values added in v0.29.0 

func (MessageType) Values() []MessageType

Values returns all known values for MessageType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type MultiRegionConfiguration added in v1.4.0 

type MultiRegionConfiguration struct {

	// Indicates whether the KMS key is a PRIMARY or REPLICA key.
	MultiRegionKeyType MultiRegionKeyType

	// Displays the key ARN and Region of the primary key. This field includes the
	// current KMS key if it is the primary key.
	PrimaryKey *MultiRegionKey

	// displays the key ARNs and Regions of all replica keys. This field includes the
	// current KMS key if it is a replica key.
	ReplicaKeys []MultiRegionKey
	// contains filtered or unexported fields
}

Describes the configuration of this multi-Region key. This field appears only when the KMS key is a primary or replica of a multi-Region key.

For more information about any listed KMS key, use the DescribeKey operation.

type MultiRegionKey added in v1.4.0 

type MultiRegionKey struct {

	// Displays the key ARN of a primary or replica key of a multi-Region key.
	Arn *string

	// Displays the Amazon Web Services Region of a primary or replica key in a
	// multi-Region key.
	Region *string
	// contains filtered or unexported fields
}

Describes the primary or replica key in a multi-Region key.

type MultiRegionKeyType added in v1.4.0 

type MultiRegionKeyType string
const (
	MultiRegionKeyTypePrimary MultiRegionKeyType = "PRIMARY"
	MultiRegionKeyTypeReplica MultiRegionKeyType = "REPLICA"
)

Enum values for MultiRegionKeyType

func (MultiRegionKeyType) Values added in v1.4.0 

func (MultiRegionKeyType) Values() []MultiRegionKeyType

Values returns all known values for MultiRegionKeyType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type NotFoundException 

type NotFoundException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the specified entity or resource could not be found.

func (*NotFoundException) Error 

func (e *NotFoundException) Error() string

func (*NotFoundException) ErrorCode 

func (e *NotFoundException) ErrorCode() string

func (*NotFoundException) ErrorFault 

func (e *NotFoundException) ErrorFault() smithy.ErrorFault

func (*NotFoundException) ErrorMessage 

func (e *NotFoundException) ErrorMessage() string

type OriginType 

type OriginType string
const (
	OriginTypeAwsKms           OriginType = "AWS_KMS"
	OriginTypeExternal         OriginType = "EXTERNAL"
	OriginTypeAwsCloudhsm      OriginType = "AWS_CLOUDHSM"
	OriginTypeExternalKeyStore OriginType = "EXTERNAL_KEY_STORE"
)

Enum values for OriginType

func (OriginType) Values added in v0.29.0 

func (OriginType) Values() []OriginType

Values returns all known values for OriginType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type RecipientInfo added in v1.21.0 

type RecipientInfo struct {

	// The attestation document for an Amazon Web Services Nitro Enclave. This
	// document includes the enclave's public key.
	AttestationDocument []byte

	// The encryption algorithm that KMS should use with the public key for an Amazon
	// Web Services Nitro Enclave to encrypt plaintext values for the response. The
	// only valid value is RSAES_OAEP_SHA_256 .
	KeyEncryptionAlgorithm KeyEncryptionMechanism
	// contains filtered or unexported fields
}

Contains information about the party that receives the response from the API operation.

This data type is designed to support Amazon Web Services Nitro Enclaves, which lets you create an isolated compute environment in Amazon EC2. For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.

type RotationType added in v1.31.0 

type RotationType string
const (
	RotationTypeAutomatic RotationType = "AUTOMATIC"
	RotationTypeOnDemand  RotationType = "ON_DEMAND"
)

Enum values for RotationType

func (RotationType) Values added in v1.31.0 

func (RotationType) Values() []RotationType

Values returns all known values for RotationType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type RotationsListEntry added in v1.31.0 

type RotationsListEntry struct {

	// Unique identifier of the key.
	KeyId *string

	// Date and time that the key material rotation completed. Formatted as Unix time.
	RotationDate *time.Time

	// Identifies whether the key material rotation was a scheduled [automatic rotation] or an [on-demand rotation].
	//
	// [automatic rotation]: https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotating-keys-enable-disable
	// [on-demand rotation]: https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotating-keys-on-demand
	RotationType RotationType
	// contains filtered or unexported fields
}

Contains information about completed key material rotations.

type SigningAlgorithmSpec 

type SigningAlgorithmSpec string
const (
	SigningAlgorithmSpecRsassaPssSha256      SigningAlgorithmSpec = "RSASSA_PSS_SHA_256"
	SigningAlgorithmSpecRsassaPssSha384      SigningAlgorithmSpec = "RSASSA_PSS_SHA_384"
	SigningAlgorithmSpecRsassaPssSha512      SigningAlgorithmSpec = "RSASSA_PSS_SHA_512"
	SigningAlgorithmSpecRsassaPkcs1V15Sha256 SigningAlgorithmSpec = "RSASSA_PKCS1_V1_5_SHA_256"
	SigningAlgorithmSpecRsassaPkcs1V15Sha384 SigningAlgorithmSpec = "RSASSA_PKCS1_V1_5_SHA_384"
	SigningAlgorithmSpecRsassaPkcs1V15Sha512 SigningAlgorithmSpec = "RSASSA_PKCS1_V1_5_SHA_512"
	SigningAlgorithmSpecEcdsaSha256          SigningAlgorithmSpec = "ECDSA_SHA_256"
	SigningAlgorithmSpecEcdsaSha384          SigningAlgorithmSpec = "ECDSA_SHA_384"
	SigningAlgorithmSpecEcdsaSha512          SigningAlgorithmSpec = "ECDSA_SHA_512"
	SigningAlgorithmSpecSm2dsa               SigningAlgorithmSpec = "SM2DSA"
)

Enum values for SigningAlgorithmSpec

func (SigningAlgorithmSpec) Values added in v0.29.0 

func (SigningAlgorithmSpec) Values() []SigningAlgorithmSpec

Values returns all known values for SigningAlgorithmSpec. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type Tag 

type Tag struct {

	// The key of the tag.
	//
	// This member is required.
	TagKey *string

	// The value of the tag.
	//
	// This member is required.
	TagValue *string
	// contains filtered or unexported fields
}

A key-value pair. A tag consists of a tag key and a tag value. Tag keys and tag values are both required, but tag values can be empty (null) strings.

Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

For information about the rules that apply to tag keys and tag values, see User-Defined Tag Restrictions in the Amazon Web Services Billing and Cost Management User Guide.

type TagException 

type TagException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because one or more tags are not valid.

func (*TagException) Error 

func (e *TagException) Error() string

func (*TagException) ErrorCode 

func (e *TagException) ErrorCode() string

func (*TagException) ErrorFault 

func (e *TagException) ErrorFault() smithy.ErrorFault

func (*TagException) ErrorMessage 

func (e *TagException) ErrorMessage() string

type UnsupportedOperationException 

type UnsupportedOperationException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because a specified parameter is not supported or a specified resource is not valid for this operation.

func (*UnsupportedOperationException) Error 

func (e *UnsupportedOperationException) Error() string

func (*UnsupportedOperationException) ErrorCode 

func (e *UnsupportedOperationException) ErrorCode() string

func (*UnsupportedOperationException) ErrorFault 

func (e *UnsupportedOperationException) ErrorFault() smithy.ErrorFault

func (*UnsupportedOperationException) ErrorMessage 

func (e *UnsupportedOperationException) ErrorMessage() string

type WrappingKeySpec 

type WrappingKeySpec string
const (
	WrappingKeySpecRsa2048 WrappingKeySpec = "RSA_2048"
	WrappingKeySpecRsa3072 WrappingKeySpec = "RSA_3072"
	WrappingKeySpecRsa4096 WrappingKeySpec = "RSA_4096"
)

Enum values for WrappingKeySpec

func (WrappingKeySpec) Values added in v0.29.0 

func (WrappingKeySpec) Values() []WrappingKeySpec

Values returns all known values for WrappingKeySpec. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type XksKeyAlreadyInUseException added in v1.19.0 

type XksKeyAlreadyInUseException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the ( XksKeyId ) is already associated with another KMS key in this external key store. Each KMS key in an external key store must be associated with a different external key.

func (*XksKeyAlreadyInUseException) Error added in v1.19.0 

func (e *XksKeyAlreadyInUseException) Error() string

func (*XksKeyAlreadyInUseException) ErrorCode added in v1.19.0 

func (e *XksKeyAlreadyInUseException) ErrorCode() string

func (*XksKeyAlreadyInUseException) ErrorFault added in v1.19.0 

func (e *XksKeyAlreadyInUseException) ErrorFault() smithy.ErrorFault

func (*XksKeyAlreadyInUseException) ErrorMessage added in v1.19.0 

func (e *XksKeyAlreadyInUseException) ErrorMessage() string

type XksKeyConfigurationType added in v1.19.0 

type XksKeyConfigurationType struct {

	// The ID of the external key in its external key manager. This is the ID that the
	// external key store proxy uses to identify the external key.
	Id *string
	// contains filtered or unexported fields
}

Information about the external keythat is associated with a KMS key in an external key store.

This element appears in a CreateKey or DescribeKey response only for a KMS key in an external key store.

The external key is a symmetric encryption key that is hosted by an external key manager outside of Amazon Web Services. When you use the KMS key in an external key store in a cryptographic operation, the cryptographic operation is performed in the external key manager using the specified external key. For more information, see External keyin the Key Management Service Developer Guide.

type XksKeyInvalidConfigurationException added in v1.19.0 

type XksKeyInvalidConfigurationException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the external key specified by the XksKeyId parameter did not meet the configuration requirements for an external key store.

The external key must be an AES-256 symmetric key that is enabled and performs encryption and decryption.

func (*XksKeyInvalidConfigurationException) Error added in v1.19.0 

func (e *XksKeyInvalidConfigurationException) Error() string

func (*XksKeyInvalidConfigurationException) ErrorCode added in v1.19.0 

func (e *XksKeyInvalidConfigurationException) ErrorCode() string

func (*XksKeyInvalidConfigurationException) ErrorFault added in v1.19.0 

func (e *XksKeyInvalidConfigurationException) ErrorFault() smithy.ErrorFault

func (*XksKeyInvalidConfigurationException) ErrorMessage added in v1.19.0 

func (e *XksKeyInvalidConfigurationException) ErrorMessage() string

type XksKeyNotFoundException added in v1.19.0 

type XksKeyNotFoundException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the external key store proxy could not find the external key. This exception is thrown when the value of the XksKeyId parameter doesn't identify a key in the external key manager associated with the external key proxy.

Verify that the XksKeyId represents an existing key in the external key manager. Use the key identifier that the external key store proxy uses to identify the key. For details, see the documentation provided with your external key store proxy or key manager.

func (*XksKeyNotFoundException) Error added in v1.19.0 

func (e *XksKeyNotFoundException) Error() string

func (*XksKeyNotFoundException) ErrorCode added in v1.19.0 

func (e *XksKeyNotFoundException) ErrorCode() string

func (*XksKeyNotFoundException) ErrorFault added in v1.19.0 

func (e *XksKeyNotFoundException) ErrorFault() smithy.ErrorFault

func (*XksKeyNotFoundException) ErrorMessage added in v1.19.0 

func (e *XksKeyNotFoundException) ErrorMessage() string

type XksProxyAuthenticationCredentialType added in v1.19.0 

type XksProxyAuthenticationCredentialType struct {

	// A unique identifier for the raw secret access key.
	//
	// This member is required.
	AccessKeyId *string

	// A secret string of 43-64 characters. Valid characters are a-z, A-Z, 0-9, /, +,
	// and =.
	//
	// This member is required.
	RawSecretAccessKey *string
	// contains filtered or unexported fields
}

KMS uses the authentication credential to sign requests that it sends to the external key store proxy (XKS proxy) on your behalf. You establish these credentials on your external key store proxy and report them to KMS.

The XksProxyAuthenticationCredential includes two required elements.

type XksProxyConfigurationType added in v1.19.0 

type XksProxyConfigurationType struct {

	// The part of the external key store [proxy authentication credential] that uniquely identifies the secret access
	// key.
	//
	// [proxy authentication credential]: https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateCustomKeyStore.html#KMS-CreateCustomKeyStore-request-XksProxyAuthenticationCredential
	AccessKeyId *string

	// Indicates whether the external key store proxy uses a public endpoint or an
	// Amazon VPC endpoint service to communicate with KMS.
	Connectivity XksProxyConnectivityType

	// The URI endpoint for the external key store proxy.
	//
	// If the external key store proxy has a public endpoint, it is displayed here.
	//
	// If the external key store proxy uses an Amazon VPC endpoint service name, this
	// field displays the private DNS name associated with the VPC endpoint service.
	UriEndpoint *string

	// The path to the external key store proxy APIs.
	UriPath *string

	// The Amazon VPC endpoint service used to communicate with the external key store
	// proxy. This field appears only when the external key store proxy uses an Amazon
	// VPC endpoint service to communicate with KMS.
	VpcEndpointServiceName *string
	// contains filtered or unexported fields
}

Detailed information about the external key store proxy (XKS proxy). Your external key store proxy translates KMS requests into a format that your external key manager can understand. These fields appear in a DescribeCustomKeyStoresresponse only when the CustomKeyStoreType is EXTERNAL_KEY_STORE .

type XksProxyConnectivityType added in v1.19.0 

type XksProxyConnectivityType string
const (
	XksProxyConnectivityTypePublicEndpoint     XksProxyConnectivityType = "PUBLIC_ENDPOINT"
	XksProxyConnectivityTypeVpcEndpointService XksProxyConnectivityType = "VPC_ENDPOINT_SERVICE"
)

Enum values for XksProxyConnectivityType

func (XksProxyConnectivityType) Values added in v1.19.0 

func (XksProxyConnectivityType) Values() []XksProxyConnectivityType

Values returns all known values for XksProxyConnectivityType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type XksProxyIncorrectAuthenticationCredentialException added in v1.19.0 

type XksProxyIncorrectAuthenticationCredentialException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the proxy credentials failed to authenticate to the specified external key store proxy. The specified external key store proxy rejected a status request from KMS due to invalid credentials. This can indicate an error in the credentials or in the identification of the external key store proxy.

func (*XksProxyIncorrectAuthenticationCredentialException) Error added in v1.19.0 

func (e *XksProxyIncorrectAuthenticationCredentialException) Error() string

func (*XksProxyIncorrectAuthenticationCredentialException) ErrorCode added in v1.19.0 

func (e *XksProxyIncorrectAuthenticationCredentialException) ErrorCode() string

func (*XksProxyIncorrectAuthenticationCredentialException) ErrorFault added in v1.19.0 

func (e *XksProxyIncorrectAuthenticationCredentialException) ErrorFault() smithy.ErrorFault

func (*XksProxyIncorrectAuthenticationCredentialException) ErrorMessage added in v1.19.0 

func (e *XksProxyIncorrectAuthenticationCredentialException) ErrorMessage() string

type XksProxyInvalidConfigurationException added in v1.19.0 

type XksProxyInvalidConfigurationException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the external key store proxy is not configured correctly. To identify the cause, see the error message that accompanies the exception.

func (*XksProxyInvalidConfigurationException) Error added in v1.19.0 

func (e *XksProxyInvalidConfigurationException) Error() string

func (*XksProxyInvalidConfigurationException) ErrorCode added in v1.19.0 

func (e *XksProxyInvalidConfigurationException) ErrorCode() string

func (*XksProxyInvalidConfigurationException) ErrorFault added in v1.19.0 

func (e *XksProxyInvalidConfigurationException) ErrorFault() smithy.ErrorFault

func (*XksProxyInvalidConfigurationException) ErrorMessage added in v1.19.0 

func (e *XksProxyInvalidConfigurationException) ErrorMessage() string

type XksProxyInvalidResponseException added in v1.19.0 

type XksProxyInvalidResponseException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

KMS cannot interpret the response it received from the external key store proxy. The problem might be a poorly constructed response, but it could also be a transient network issue. If you see this error repeatedly, report it to the proxy vendor.

func (*XksProxyInvalidResponseException) Error added in v1.19.0 

func (e *XksProxyInvalidResponseException) Error() string

func (*XksProxyInvalidResponseException) ErrorCode added in v1.19.0 

func (e *XksProxyInvalidResponseException) ErrorCode() string

func (*XksProxyInvalidResponseException) ErrorFault added in v1.19.0 

func (e *XksProxyInvalidResponseException) ErrorFault() smithy.ErrorFault

func (*XksProxyInvalidResponseException) ErrorMessage added in v1.19.0 

func (e *XksProxyInvalidResponseException) ErrorMessage() string

type XksProxyUriEndpointInUseException added in v1.19.0 

type XksProxyUriEndpointInUseException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the XksProxyUriEndpoint is already associated with another external key store in this Amazon Web Services Region. To identify the cause, see the error message that accompanies the exception.

func (*XksProxyUriEndpointInUseException) Error added in v1.19.0 

func (e *XksProxyUriEndpointInUseException) Error() string

func (*XksProxyUriEndpointInUseException) ErrorCode added in v1.19.0 

func (e *XksProxyUriEndpointInUseException) ErrorCode() string

func (*XksProxyUriEndpointInUseException) ErrorFault added in v1.19.0 

func (e *XksProxyUriEndpointInUseException) ErrorFault() smithy.ErrorFault

func (*XksProxyUriEndpointInUseException) ErrorMessage added in v1.19.0 

func (e *XksProxyUriEndpointInUseException) ErrorMessage() string

type XksProxyUriInUseException added in v1.19.0 

type XksProxyUriInUseException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the concatenation of the XksProxyUriEndpoint and XksProxyUriPath is already associated with another external key store in this Amazon Web Services Region. Each external key store in a Region must use a unique external key store proxy API address.

func (*XksProxyUriInUseException) Error added in v1.19.0 

func (e *XksProxyUriInUseException) Error() string

func (*XksProxyUriInUseException) ErrorCode added in v1.19.0 

func (e *XksProxyUriInUseException) ErrorCode() string

func (*XksProxyUriInUseException) ErrorFault added in v1.19.0 

func (e *XksProxyUriInUseException) ErrorFault() smithy.ErrorFault

func (*XksProxyUriInUseException) ErrorMessage added in v1.19.0 

func (e *XksProxyUriInUseException) ErrorMessage() string

type XksProxyUriUnreachableException added in v1.19.0 

type XksProxyUriUnreachableException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

KMS was unable to reach the specified XksProxyUriPath . The path must be reachable before you create the external key store or update its settings.

This exception is also thrown when the external key store proxy response to a GetHealthStatus request indicates that all external key manager instances are unavailable.

func (*XksProxyUriUnreachableException) Error added in v1.19.0 

func (e *XksProxyUriUnreachableException) Error() string

func (*XksProxyUriUnreachableException) ErrorCode added in v1.19.0 

func (e *XksProxyUriUnreachableException) ErrorCode() string

func (*XksProxyUriUnreachableException) ErrorFault added in v1.19.0 

func (e *XksProxyUriUnreachableException) ErrorFault() smithy.ErrorFault

func (*XksProxyUriUnreachableException) ErrorMessage added in v1.19.0 

func (e *XksProxyUriUnreachableException) ErrorMessage() string

type XksProxyVpcEndpointServiceInUseException added in v1.19.0 

type XksProxyVpcEndpointServiceInUseException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the specified Amazon VPC endpoint service is already associated with another external key store in this Amazon Web Services Region. Each external key store in a Region must use a different Amazon VPC endpoint service.

func (*XksProxyVpcEndpointServiceInUseException) Error added in v1.19.0 

func (e *XksProxyVpcEndpointServiceInUseException) Error() string

func (*XksProxyVpcEndpointServiceInUseException) ErrorCode added in v1.19.0 

func (e *XksProxyVpcEndpointServiceInUseException) ErrorCode() string

func (*XksProxyVpcEndpointServiceInUseException) ErrorFault added in v1.19.0 

func (e *XksProxyVpcEndpointServiceInUseException) ErrorFault() smithy.ErrorFault

func (*XksProxyVpcEndpointServiceInUseException) ErrorMessage added in v1.19.0 

func (e *XksProxyVpcEndpointServiceInUseException) ErrorMessage() string

type XksProxyVpcEndpointServiceInvalidConfigurationException added in v1.19.0 

type XksProxyVpcEndpointServiceInvalidConfigurationException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the Amazon VPC endpoint service configuration does not fulfill the requirements for an external key store. To identify the cause, see the error message that accompanies the exception and review the requirementsfor Amazon VPC endpoint service connectivity for an external key store.

func (*XksProxyVpcEndpointServiceInvalidConfigurationException) Error added in v1.19.0 

func (e *XksProxyVpcEndpointServiceInvalidConfigurationException) Error() string

func (*XksProxyVpcEndpointServiceInvalidConfigurationException) ErrorCode added in v1.19.0 

func (e *XksProxyVpcEndpointServiceInvalidConfigurationException) ErrorCode() string

func (*XksProxyVpcEndpointServiceInvalidConfigurationException) ErrorFault added in v1.19.0 

func (e *XksProxyVpcEndpointServiceInvalidConfigurationException) ErrorFault() smithy.ErrorFault

func (*XksProxyVpcEndpointServiceInvalidConfigurationException) ErrorMessage added in v1.19.0 

func (e *XksProxyVpcEndpointServiceInvalidConfigurationException) ErrorMessage() string

type XksProxyVpcEndpointServiceNotFoundException added in v1.19.0 

type XksProxyVpcEndpointServiceNotFoundException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because KMS could not find the specified VPC endpoint service. Use DescribeCustomKeyStoresto verify the VPC endpoint service name for the external key store. Also, confirm that the Allow principals list for the VPC endpoint service includes the KMS service principal for the Region, such as cks.kms.us-east-1.amazonaws.com .

func (*XksProxyVpcEndpointServiceNotFoundException) Error added in v1.19.0 

func (e *XksProxyVpcEndpointServiceNotFoundException) Error() string

func (*XksProxyVpcEndpointServiceNotFoundException) ErrorCode added in v1.19.0 

func (e *XksProxyVpcEndpointServiceNotFoundException) ErrorCode() string

func (*XksProxyVpcEndpointServiceNotFoundException) ErrorFault added in v1.19.0 

func (e *XksProxyVpcEndpointServiceNotFoundException) ErrorFault() smithy.ErrorFault

func (*XksProxyVpcEndpointServiceNotFoundException) ErrorMessage added in v1.19.0 

func (e *XksProxyVpcEndpointServiceNotFoundException) ErrorMessage() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.