Struct: kms.GenerateDataKeyPairWithoutPlaintextInput
Implemented Interfaces
s3crypto.Cipher, s3manager.ReadSeekerWriteTo, request.Validator, s3manager.WriterReadFrom
Structure Field Summary collapse
-
EncryptionContext map[string]*string
Specifies the encryption context that will be used when encrypting the private key in the data key pair.
-
GrantTokens []*string
A list of grant tokens.
-
KeyId *string
Specifies the symmetric encryption KMS key that encrypts the private key in the data key pair.
-
KeyPairSpec *string
Determines the type of data key pair that is generated.
- _ struct{}
Service Operations collapse
-
GoString() string
operation
GoString returns the string representation.
-
SetEncryptionContext(map[string]*string) *GenerateDataKeyPairWithoutPlaintextInput
operation
SetEncryptionContext sets the EncryptionContext field's value.
-
SetGrantTokens([]*string) *GenerateDataKeyPairWithoutPlaintextInput
operation
SetGrantTokens sets the GrantTokens field's value.
-
SetKeyId(string) *GenerateDataKeyPairWithoutPlaintextInput
operation
SetKeyId sets the KeyId field's value.
-
SetKeyPairSpec(string) *GenerateDataKeyPairWithoutPlaintextInput
operation
SetKeyPairSpec sets the KeyPairSpec field's value.
-
String() string
operation
String returns the string representation.
-
Validate() error
operation
Validate inspects the fields of the type to determine if they are valid.
Structure Field Details
EncryptionContext map[string]*string
`type:"map"`
Specifies the encryption context that will be used when encrypting the private key in the data key pair.
Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.
For more information, see Encryption context (docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) in the Key Management Service Developer Guide.
GrantTokens []*string
`type:"list"`
A list of grant tokens.
For more information, see Grant Tokens (docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) in the AWS Key Management Service Developer Guide.
KeyId *string
`min:"1" type:"string" required:"true"`
Specifies the symmetric encryption KMS key that encrypts the private key in the data key pair. You cannot specify an asymmetric KMS key or a KMS key in a custom key store. To get the type and origin of your KMS key, use the DescribeKey operation.
To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with “alias/”. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.
For example:
-
Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
-
Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
-
Alias name: alias/ExampleAlias
-
Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.
KeyId is a required field
KeyPairSpec *string
`type:"string" required:"true" enum:"DataKeyPairSpec"`
Determines the type of data key pair that is generated.
The KMS rule that restricts the use of asymmetric RSA and SM2 KMS keys to encrypt and decrypt or to sign and verify (but not both), and the rule that permits you to use ECC KMS keys only to sign and verify, are not effective on data key pairs, which are used outside of KMS. The SM2 key spec is only available in China Regions.
KeyPairSpec is a required field
_ struct{}
`type:"structure"`
Method Details
func (s GenerateDataKeyPairWithoutPlaintextInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as “sensitive” in the API will not be included in the string output. The member name will be present, but the value will be replaced with “sensitive”.
11913 11914 11915 |
// File 'service/kms/api.go', line 11913
|
func (s *GenerateDataKeyPairWithoutPlaintextInput) SetEncryptionContext(v map[string]*string) *GenerateDataKeyPairWithoutPlaintextInput
SetEncryptionContext sets the EncryptionContext field's value.
11937 11938 11939 11940 |
// File 'service/kms/api.go', line 11937
|
func (s *GenerateDataKeyPairWithoutPlaintextInput) SetGrantTokens(v []*string) *GenerateDataKeyPairWithoutPlaintextInput
SetGrantTokens sets the GrantTokens field's value.
11943 11944 11945 11946 |
// File 'service/kms/api.go', line 11943
|
func (s *GenerateDataKeyPairWithoutPlaintextInput) SetKeyId(v string) *GenerateDataKeyPairWithoutPlaintextInput
SetKeyId sets the KeyId field's value.
11949 11950 11951 11952 |
// File 'service/kms/api.go', line 11949
|
func (s *GenerateDataKeyPairWithoutPlaintextInput) SetKeyPairSpec(v string) *GenerateDataKeyPairWithoutPlaintextInput
SetKeyPairSpec sets the KeyPairSpec field's value.
11955 11956 11957 11958 |
// File 'service/kms/api.go', line 11955
|
func (s GenerateDataKeyPairWithoutPlaintextInput) String() string
String returns the string representation.
API parameter values that are decorated as “sensitive” in the API will not be included in the string output. The member name will be present, but the value will be replaced with “sensitive”.
11904 11905 11906 |
// File 'service/kms/api.go', line 11904
|
func (s *GenerateDataKeyPairWithoutPlaintextInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
11918 11919 11920 11921 11922 11923 11924 11925 11926 11927 11928 11929 11930 11931 11932 11933 11934 |
// File 'service/kms/api.go', line 11918
|
