Struct: kms.GenerateDataKeyPairInput

import "../ibm-cos-sdk-go/service/kms"

Implemented Interfaces

s3crypto.Cipher, s3manager.ReadSeekerWriteTo, request.Validator, s3manager.WriterReadFrom

Structure Field Summary collapse

Service Operations collapse

Structure Field Details

EncryptionContext map[string]*string `type:"map"`

Specifies the encryption context that will be used when encrypting the private key in the data key pair.

Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.

For more information, see Encryption context (docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) in the Key Management Service Developer Guide.

GrantTokens []*string `type:"list"`

A list of grant tokens.

For more information, see Grant Tokens (docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) in the AWS Key Management Service Developer Guide.

KeyId *string `min:"1" type:"string" required:"true"`

Specifies the symmetric encryption KMS key that encrypts the private key in the data key pair. You cannot specify an asymmetric KMS key or a KMS key in a custom key store. To get the type and origin of your KMS key, use the DescribeKey operation.

To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with “alias/”. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

  • Alias name: alias/ExampleAlias

  • Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.

KeyId is a required field

KeyPairSpec *string `type:"string" required:"true" enum:"DataKeyPairSpec"`

Determines the type of data key pair that is generated.

The KMS rule that restricts the use of asymmetric RSA and SM2 KMS keys to encrypt and decrypt or to sign and verify (but not both), and the rule that permits you to use ECC KMS keys only to sign and verify, are not effective on data key pairs, which are used outside of KMS. The SM2 key spec is only available in China Regions.

KeyPairSpec is a required field

_ struct{} `type:"structure"`

Method Details

func (s GenerateDataKeyPairInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as “sensitive” in the API will not be included in the string output. The member name will be present, but the value will be replaced with “sensitive”.



11705
11706
11707
 
// File 'service/kms/api.go', line 11705


func (s GenerateDataKeyPairInput) GoString() string {
	return s.String()
}

func (s *GenerateDataKeyPairInput) SetEncryptionContext(v map[string]*string) *GenerateDataKeyPairInput

SetEncryptionContext sets the EncryptionContext field's value.



11729
11730
11731
11732
 
// File 'service/kms/api.go', line 11729


func (s *GenerateDataKeyPairInput) SetEncryptionContext(v map[string]*string) *GenerateDataKeyPairInput {
	s.EncryptionContext = v
	return s
}

func (s *GenerateDataKeyPairInput) SetGrantTokens(v []*string) *GenerateDataKeyPairInput

SetGrantTokens sets the GrantTokens field's value.



11735
11736
11737
11738
 
// File 'service/kms/api.go', line 11735


func (s *GenerateDataKeyPairInput) SetGrantTokens(v []*string) *GenerateDataKeyPairInput {
	s.GrantTokens = v
	return s
}

func (s *GenerateDataKeyPairInput) SetKeyId(v string) *GenerateDataKeyPairInput

SetKeyId sets the KeyId field's value.



11741
11742
11743
11744
 
// File 'service/kms/api.go', line 11741


func (s *GenerateDataKeyPairInput) SetKeyId(v string) *GenerateDataKeyPairInput {
	s.KeyId = &v
	return s
}

func (s *GenerateDataKeyPairInput) SetKeyPairSpec(v string) *GenerateDataKeyPairInput

SetKeyPairSpec sets the KeyPairSpec field's value.



11747
11748
11749
11750
 
// File 'service/kms/api.go', line 11747


func (s *GenerateDataKeyPairInput) SetKeyPairSpec(v string) *GenerateDataKeyPairInput {
	s.KeyPairSpec = &v
	return s
}

func (s GenerateDataKeyPairInput) String() string

String returns the string representation.

API parameter values that are decorated as “sensitive” in the API will not be included in the string output. The member name will be present, but the value will be replaced with “sensitive”.



11696
11697
11698
 
// File 'service/kms/api.go', line 11696


func (s GenerateDataKeyPairInput) String() string {
	return awsutil.Prettify(s)
}

func (s *GenerateDataKeyPairInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.



11710
11711
11712
11713
11714
11715
11716
11717
11718
11719
11720
11721
11722
11723
11724
11725
11726
 
// File 'service/kms/api.go', line 11710


func (s *GenerateDataKeyPairInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GenerateDataKeyPairInput"}
	if s.KeyId == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyId"))
	}
	if s.KeyId != nil && len(*s.KeyId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("KeyId", 1))
	}
	if s.KeyPairSpec == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyPairSpec"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}