Struct: kms.GenerateDataKeyPairInput
Implemented Interfaces
s3crypto.Cipher, s3manager.ReadSeekerWriteTo, request.Validator, s3manager.WriterReadFrom
Structure Field Summary collapse
-
EncryptionContext map[string]*string
Specifies the encryption context that will be used when encrypting the private key in the data key pair.
-
GrantTokens []*string
A list of grant tokens.
-
KeyId *string
Specifies the symmetric encryption KMS key that encrypts the private key in the data key pair.
-
KeyPairSpec *string
Determines the type of data key pair that is generated.
- _ struct{}
Service Operations collapse
-
GoString() string
operation
GoString returns the string representation.
-
SetEncryptionContext(map[string]*string) *GenerateDataKeyPairInput
operation
SetEncryptionContext sets the EncryptionContext field's value.
-
SetGrantTokens([]*string) *GenerateDataKeyPairInput
operation
SetGrantTokens sets the GrantTokens field's value.
-
SetKeyId(string) *GenerateDataKeyPairInput
operation
SetKeyId sets the KeyId field's value.
-
SetKeyPairSpec(string) *GenerateDataKeyPairInput
operation
SetKeyPairSpec sets the KeyPairSpec field's value.
-
String() string
operation
String returns the string representation.
-
Validate() error
operation
Validate inspects the fields of the type to determine if they are valid.
Structure Field Details
EncryptionContext map[string]*string
`type:"map"`
Specifies the encryption context that will be used when encrypting the private key in the data key pair.
Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.
For more information, see Encryption context (docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) in the Key Management Service Developer Guide.
GrantTokens []*string
`type:"list"`
A list of grant tokens.
For more information, see Grant Tokens (docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) in the AWS Key Management Service Developer Guide.
KeyId *string
`min:"1" type:"string" required:"true"`
Specifies the symmetric encryption KMS key that encrypts the private key in the data key pair. You cannot specify an asymmetric KMS key or a KMS key in a custom key store. To get the type and origin of your KMS key, use the DescribeKey operation.
To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with “alias/”. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.
For example:
-
Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
-
Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
-
Alias name: alias/ExampleAlias
-
Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.
KeyId is a required field
KeyPairSpec *string
`type:"string" required:"true" enum:"DataKeyPairSpec"`
Determines the type of data key pair that is generated.
The KMS rule that restricts the use of asymmetric RSA and SM2 KMS keys to encrypt and decrypt or to sign and verify (but not both), and the rule that permits you to use ECC KMS keys only to sign and verify, are not effective on data key pairs, which are used outside of KMS. The SM2 key spec is only available in China Regions.
KeyPairSpec is a required field
_ struct{}
`type:"structure"`
Method Details
func (s GenerateDataKeyPairInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as “sensitive” in the API will not be included in the string output. The member name will be present, but the value will be replaced with “sensitive”.
11705 11706 11707 |
// File 'service/kms/api.go', line 11705
|
func (s *GenerateDataKeyPairInput) SetEncryptionContext(v map[string]*string) *GenerateDataKeyPairInput
SetEncryptionContext sets the EncryptionContext field's value.
11729 11730 11731 11732 |
// File 'service/kms/api.go', line 11729
|
func (s *GenerateDataKeyPairInput) SetGrantTokens(v []*string) *GenerateDataKeyPairInput
SetGrantTokens sets the GrantTokens field's value.
11735 11736 11737 11738 |
// File 'service/kms/api.go', line 11735
|
func (s *GenerateDataKeyPairInput) SetKeyId(v string) *GenerateDataKeyPairInput
SetKeyId sets the KeyId field's value.
11741 11742 11743 11744 |
// File 'service/kms/api.go', line 11741
|
func (s *GenerateDataKeyPairInput) SetKeyPairSpec(v string) *GenerateDataKeyPairInput
SetKeyPairSpec sets the KeyPairSpec field's value.
11747 11748 11749 11750 |
// File 'service/kms/api.go', line 11747
|
func (s GenerateDataKeyPairInput) String() string
String returns the string representation.
API parameter values that are decorated as “sensitive” in the API will not be included in the string output. The member name will be present, but the value will be replaced with “sensitive”.
11696 11697 11698 |
// File 'service/kms/api.go', line 11696
|
func (s *GenerateDataKeyPairInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
11710 11711 11712 11713 11714 11715 11716 11717 11718 11719 11720 11721 11722 11723 11724 11725 11726 |
// File 'service/kms/api.go', line 11710
|