Struct: kms.EncryptInput
Implemented Interfaces
s3crypto.Cipher, s3manager.ReadSeekerWriteTo, request.Validator, s3manager.WriterReadFrom
Structure Field Summary collapse
-
EncryptionAlgorithm *string
Specifies the encryption algorithm that KMS will use to encrypt the plaintext message.
-
EncryptionContext map[string]*string
Specifies the encryption context that will be used to encrypt the data.
-
GrantTokens []*string
A list of grant tokens.
-
KeyId *string
Identifies the KMS key to use in the encryption operation.
-
Plaintext []byte
Data to be encrypted.
- _ struct{}
Service Operations collapse
-
GoString() string
operation
GoString returns the string representation.
-
SetEncryptionAlgorithm(string) *EncryptInput
operation
SetEncryptionAlgorithm sets the EncryptionAlgorithm field's value.
-
SetEncryptionContext(map[string]*string) *EncryptInput
operation
SetEncryptionContext sets the EncryptionContext field's value.
-
SetGrantTokens([]*string) *EncryptInput
operation
SetGrantTokens sets the GrantTokens field's value.
-
SetKeyId(string) *EncryptInput
operation
SetKeyId sets the KeyId field's value.
-
SetPlaintext([]byte) *EncryptInput
operation
SetPlaintext sets the Plaintext field's value.
-
String() string
operation
String returns the string representation.
-
Validate() error
operation
Validate inspects the fields of the type to determine if they are valid.
Structure Field Details
EncryptionAlgorithm *string
`type:"string" enum:"EncryptionAlgorithmSpec"`
Specifies the encryption algorithm that KMS will use to encrypt the plaintext message. The algorithm must be compatible with the KMS key that you specify.
This parameter is required only for asymmetric KMS keys. The default value, SYMMETRIC_DEFAULT, is the algorithm used for symmetric encryption KMS keys. If you are using an asymmetric KMS key, we recommend RSAES_OAEP_SHA_256.
The SM2PKE algorithm is only available in China Regions.
EncryptionContext map[string]*string
`type:"map"`
Specifies the encryption context that will be used to encrypt the data. An encryption context is valid only for cryptographic operations (docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) with a symmetric encryption KMS key. The standard asymmetric encryption algorithms and HMAC algorithms that KMS uses do not support an encryption context.
Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.
For more information, see Encryption context (docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) in the Key Management Service Developer Guide.
GrantTokens []*string
`type:"list"`
A list of grant tokens.
For more information, see Grant Tokens (docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) in the AWS Key Management Service Developer Guide.
KeyId *string
`min:"1" type:"string" required:"true"`
Identifies the KMS key to use in the encryption operation. The KMS key must have a KeyUsage of ENCRYPT_DECRYPT. To find the KeyUsage of a KMS key, use the DescribeKey operation.
To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with “alias/”. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.
For example:
-
Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
-
Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
-
Alias name: alias/ExampleAlias
-
Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.
KeyId is a required field
Plaintext []byte
`min:"1" type:"blob" required:"true" sensitive:"true"`
Data to be encrypted.
Plaintext is a sensitive parameter and its value will be replaced with “sensitive” in string returned by EncryptInput's String and GoString methods.
Plaintext is automatically base64 encoded/decoded by the SDK.
Plaintext is a required field
_ struct{}
`type:"structure"`
Method Details
func (s EncryptInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as “sensitive” in the API will not be included in the string output. The member name will be present, but the value will be replaced with “sensitive”.
11253 11254 11255 |
// File 'service/kms/api.go', line 11253
|
func (s *EncryptInput) SetEncryptionAlgorithm(v string) *EncryptInput
SetEncryptionAlgorithm sets the EncryptionAlgorithm field's value.
11280 11281 11282 11283 |
// File 'service/kms/api.go', line 11280
|
func (s *EncryptInput) SetEncryptionContext(v map[string]*string) *EncryptInput
SetEncryptionContext sets the EncryptionContext field's value.
11286 11287 11288 11289 |
// File 'service/kms/api.go', line 11286
|
func (s *EncryptInput) SetGrantTokens(v []*string) *EncryptInput
SetGrantTokens sets the GrantTokens field's value.
11292 11293 11294 11295 |
// File 'service/kms/api.go', line 11292
|
func (s *EncryptInput) SetKeyId(v string) *EncryptInput
SetKeyId sets the KeyId field's value.
11298 11299 11300 11301 |
// File 'service/kms/api.go', line 11298
|
func (s *EncryptInput) SetPlaintext(v []byte) *EncryptInput
SetPlaintext sets the Plaintext field's value.
11304 11305 11306 11307 |
// File 'service/kms/api.go', line 11304
|
func (s EncryptInput) String() string
String returns the string representation.
API parameter values that are decorated as “sensitive” in the API will not be included in the string output. The member name will be present, but the value will be replaced with “sensitive”.
11244 11245 11246 |
// File 'service/kms/api.go', line 11244
|
func (s *EncryptInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
11258 11259 11260 11261 11262 11263 11264 11265 11266 11267 11268 11269 11270 11271 11272 11273 11274 11275 11276 11277 |
// File 'service/kms/api.go', line 11258
|