Classes

The following classes are available globally.

  • Contains information about an alias.

    See more

    Declaration

    Objective-C

    @interface AWSKMSAliasListEntry

    Swift

    class AWSKMSAliasListEntry
  • Declaration

    Objective-C

    @interface AWSKMSCancelKeyDeletionRequest

    Swift

    class AWSKMSCancelKeyDeletionRequest
  • Declaration

    Objective-C

    @interface AWSKMSCancelKeyDeletionResponse

    Swift

    class AWSKMSCancelKeyDeletionResponse
  • Declaration

    Objective-C

    @interface AWSKMSConnectCustomKeyStoreRequest

    Swift

    class AWSKMSConnectCustomKeyStoreRequest
  • Declaration

    Objective-C

    @interface AWSKMSConnectCustomKeyStoreResponse

    Swift

    class AWSKMSConnectCustomKeyStoreResponse
  • Declaration

    Objective-C

    @interface AWSKMSCreateAliasRequest

    Swift

    class AWSKMSCreateAliasRequest
  • Declaration

    Objective-C

    @interface AWSKMSCreateCustomKeyStoreRequest

    Swift

    class AWSKMSCreateCustomKeyStoreRequest
  • Declaration

    Objective-C

    @interface AWSKMSCreateCustomKeyStoreResponse

    Swift

    class AWSKMSCreateCustomKeyStoreResponse
  • Declaration

    Objective-C

    @interface AWSKMSCreateGrantRequest

    Swift

    class AWSKMSCreateGrantRequest
  • Declaration

    Objective-C

    @interface AWSKMSCreateGrantResponse

    Swift

    class AWSKMSCreateGrantResponse
  • Declaration

    Objective-C

    @interface AWSKMSCreateKeyRequest

    Swift

    class AWSKMSCreateKeyRequest
  • Declaration

    Objective-C

    @interface AWSKMSCreateKeyResponse

    Swift

    class AWSKMSCreateKeyResponse
  • Contains information about each custom key store in the custom key store list.

    See more

    Declaration

    Objective-C

    @interface AWSKMSCustomKeyStoresListEntry

    Swift

    class AWSKMSCustomKeyStoresListEntry
  • Declaration

    Objective-C

    @interface AWSKMSDecryptRequest

    Swift

    class AWSKMSDecryptRequest
  • Declaration

    Objective-C

    @interface AWSKMSDecryptResponse

    Swift

    class AWSKMSDecryptResponse
  • Declaration

    Objective-C

    @interface AWSKMSDeleteAliasRequest

    Swift

    class AWSKMSDeleteAliasRequest
  • Declaration

    Objective-C

    @interface AWSKMSDeleteCustomKeyStoreRequest

    Swift

    class AWSKMSDeleteCustomKeyStoreRequest
  • Declaration

    Objective-C

    @interface AWSKMSDeleteCustomKeyStoreResponse

    Swift

    class AWSKMSDeleteCustomKeyStoreResponse
  • Declaration

    Objective-C

    @interface AWSKMSDeleteImportedKeyMaterialRequest

    Swift

    class AWSKMSDeleteImportedKeyMaterialRequest
  • Declaration

    Objective-C

    @interface AWSKMSDescribeCustomKeyStoresRequest

    Swift

    class AWSKMSDescribeCustomKeyStoresRequest
  • Declaration

    Objective-C

    @interface AWSKMSDescribeCustomKeyStoresResponse

    Swift

    class AWSKMSDescribeCustomKeyStoresResponse
  • Declaration

    Objective-C

    @interface AWSKMSDescribeKeyRequest

    Swift

    class AWSKMSDescribeKeyRequest
  • Declaration

    Objective-C

    @interface AWSKMSDescribeKeyResponse

    Swift

    class AWSKMSDescribeKeyResponse
  • Declaration

    Objective-C

    @interface AWSKMSDisableKeyRequest

    Swift

    class AWSKMSDisableKeyRequest
  • Declaration

    Objective-C

    @interface AWSKMSDisableKeyRotationRequest

    Swift

    class AWSKMSDisableKeyRotationRequest
  • Declaration

    Objective-C

    @interface AWSKMSDisconnectCustomKeyStoreRequest

    Swift

    class AWSKMSDisconnectCustomKeyStoreRequest
  • Declaration

    Objective-C

    @interface AWSKMSDisconnectCustomKeyStoreResponse

    Swift

    class AWSKMSDisconnectCustomKeyStoreResponse
  • Declaration

    Objective-C

    @interface AWSKMSEnableKeyRequest

    Swift

    class AWSKMSEnableKeyRequest
  • Declaration

    Objective-C

    @interface AWSKMSEnableKeyRotationRequest

    Swift

    class AWSKMSEnableKeyRotationRequest
  • Declaration

    Objective-C

    @interface AWSKMSEncryptRequest

    Swift

    class AWSKMSEncryptRequest
  • Declaration

    Objective-C

    @interface AWSKMSEncryptResponse

    Swift

    class AWSKMSEncryptResponse
  • Declaration

    Objective-C

    @interface AWSKMSGenerateDataKeyPairRequest

    Swift

    class AWSKMSGenerateDataKeyPairRequest
  • Declaration

    Objective-C

    @interface AWSKMSGenerateDataKeyPairResponse

    Swift

    class AWSKMSGenerateDataKeyPairResponse
  • Declaration

    Objective-C

    @interface AWSKMSGenerateDataKeyPairWithoutPlaintextRequest

    Swift

    class AWSKMSGenerateDataKeyPairWithoutPlaintextRequest
  • Declaration

    Objective-C

    @interface AWSKMSGenerateDataKeyPairWithoutPlaintextResponse

    Swift

    class AWSKMSGenerateDataKeyPairWithoutPlaintextResponse
  • Declaration

    Objective-C

    @interface AWSKMSGenerateDataKeyRequest

    Swift

    class AWSKMSGenerateDataKeyRequest
  • Declaration

    Objective-C

    @interface AWSKMSGenerateDataKeyResponse

    Swift

    class AWSKMSGenerateDataKeyResponse
  • Declaration

    Objective-C

    @interface AWSKMSGenerateDataKeyWithoutPlaintextRequest

    Swift

    class AWSKMSGenerateDataKeyWithoutPlaintextRequest
  • Declaration

    Objective-C

    @interface AWSKMSGenerateDataKeyWithoutPlaintextResponse

    Swift

    class AWSKMSGenerateDataKeyWithoutPlaintextResponse
  • Declaration

    Objective-C

    @interface AWSKMSGenerateRandomRequest

    Swift

    class AWSKMSGenerateRandomRequest
  • Declaration

    Objective-C

    @interface AWSKMSGenerateRandomResponse

    Swift

    class AWSKMSGenerateRandomResponse
  • Declaration

    Objective-C

    @interface AWSKMSGetKeyPolicyRequest

    Swift

    class AWSKMSGetKeyPolicyRequest
  • Declaration

    Objective-C

    @interface AWSKMSGetKeyPolicyResponse

    Swift

    class AWSKMSGetKeyPolicyResponse
  • Declaration

    Objective-C

    @interface AWSKMSGetKeyRotationStatusRequest

    Swift

    class AWSKMSGetKeyRotationStatusRequest
  • Declaration

    Objective-C

    @interface AWSKMSGetKeyRotationStatusResponse

    Swift

    class AWSKMSGetKeyRotationStatusResponse
  • Declaration

    Objective-C

    @interface AWSKMSGetParametersForImportRequest

    Swift

    class AWSKMSGetParametersForImportRequest
  • Declaration

    Objective-C

    @interface AWSKMSGetParametersForImportResponse

    Swift

    class AWSKMSGetParametersForImportResponse
  • Declaration

    Objective-C

    @interface AWSKMSGetPublicKeyRequest

    Swift

    class AWSKMSGetPublicKeyRequest
  • Declaration

    Objective-C

    @interface AWSKMSGetPublicKeyResponse

    Swift

    class AWSKMSGetPublicKeyResponse
  • Use this structure to allow cryptographic operations in the grant only when the operation request includes the specified encryption context.

    KMS applies the grant constraints only to cryptographic operations that support an encryption context, that is, all cryptographic operations with a symmetric KMS key. Grant constraints are not applied to operations that do not support an encryption context, such as cryptographic operations with asymmetric KMS keys and management operations, such as DescribeKey or RetireGrant.

    In a cryptographic operation, the encryption context in the decryption operation must be an exact, case-sensitive match for the keys and values in the encryption context of the encryption operation. Only the order of the pairs can vary.

    However, in a grant constraint, the key in each key-value pair is not case sensitive, but the value is case sensitive.

    To avoid confusion, do not use multiple encryption context pairs that differ only by case. To require a fully case-sensitive encryption context, use the kms:EncryptionContext: and kms:EncryptionContextKeys conditions in an IAM or key policy. For details, see kms:EncryptionContext: in the Key Management Service Developer Guide.

    See more

    Declaration

    Objective-C

    @interface AWSKMSGrantConstraints

    Swift

    class AWSKMSGrantConstraints
  • Contains information about a grant.

    See more

    Declaration

    Objective-C

    @interface AWSKMSGrantListEntry

    Swift

    class AWSKMSGrantListEntry
  • Declaration

    Objective-C

    @interface AWSKMSImportKeyMaterialRequest

    Swift

    class AWSKMSImportKeyMaterialRequest
  • Declaration

    Objective-C

    @interface AWSKMSImportKeyMaterialResponse

    Swift

    class AWSKMSImportKeyMaterialResponse
  • Contains information about each entry in the key list.

    See more

    Declaration

    Objective-C

    @interface AWSKMSKeyListEntry

    Swift

    class AWSKMSKeyListEntry
  • Contains metadata about a KMS key.

    This data type is used as a response element for the CreateKey and DescribeKey operations.

    Required parameters: [KeyId]

    See more

    Declaration

    Objective-C

    @interface AWSKMSKeyMetadata

    Swift

    class AWSKMSKeyMetadata
  • Declaration

    Objective-C

    @interface AWSKMSListAliasesRequest

    Swift

    class AWSKMSListAliasesRequest
  • Declaration

    Objective-C

    @interface AWSKMSListAliasesResponse

    Swift

    class AWSKMSListAliasesResponse
  • Declaration

    Objective-C

    @interface AWSKMSListGrantsRequest

    Swift

    class AWSKMSListGrantsRequest
  • Declaration

    Objective-C

    @interface AWSKMSListGrantsResponse

    Swift

    class AWSKMSListGrantsResponse
  • Declaration

    Objective-C

    @interface AWSKMSListKeyPoliciesRequest

    Swift

    class AWSKMSListKeyPoliciesRequest
  • Declaration

    Objective-C

    @interface AWSKMSListKeyPoliciesResponse

    Swift

    class AWSKMSListKeyPoliciesResponse
  • Declaration

    Objective-C

    @interface AWSKMSListKeysRequest

    Swift

    class AWSKMSListKeysRequest
  • Declaration

    Objective-C

    @interface AWSKMSListKeysResponse

    Swift

    class AWSKMSListKeysResponse
  • Declaration

    Objective-C

    @interface AWSKMSListResourceTagsRequest

    Swift

    class AWSKMSListResourceTagsRequest
  • Declaration

    Objective-C

    @interface AWSKMSListResourceTagsResponse

    Swift

    class AWSKMSListResourceTagsResponse
  • Declaration

    Objective-C

    @interface AWSKMSListRetirableGrantsRequest

    Swift

    class AWSKMSListRetirableGrantsRequest
  • Describes the configuration of this multi-Region key. This field appears only when the KMS key is a primary or replica of a multi-Region key.

    For more information about any listed KMS key, use the DescribeKey operation.

    See more

    Declaration

    Objective-C

    @interface AWSKMSMultiRegionConfiguration

    Swift

    class AWSKMSMultiRegionConfiguration
  • Describes the primary or replica key in a multi-Region key.

    See more

    Declaration

    Objective-C

    @interface AWSKMSMultiRegionKey

    Swift

    class AWSKMSMultiRegionKey
  • Declaration

    Objective-C

    @interface AWSKMSPutKeyPolicyRequest

    Swift

    class AWSKMSPutKeyPolicyRequest
  • Declaration

    Objective-C

    @interface AWSKMSReEncryptRequest

    Swift

    class AWSKMSReEncryptRequest
  • Declaration

    Objective-C

    @interface AWSKMSReEncryptResponse

    Swift

    class AWSKMSReEncryptResponse
  • Declaration

    Objective-C

    @interface AWSKMSReplicateKeyRequest

    Swift

    class AWSKMSReplicateKeyRequest
  • Declaration

    Objective-C

    @interface AWSKMSReplicateKeyResponse

    Swift

    class AWSKMSReplicateKeyResponse
  • Declaration

    Objective-C

    @interface AWSKMSRetireGrantRequest

    Swift

    class AWSKMSRetireGrantRequest
  • Declaration

    Objective-C

    @interface AWSKMSRevokeGrantRequest

    Swift

    class AWSKMSRevokeGrantRequest
  • Declaration

    Objective-C

    @interface AWSKMSScheduleKeyDeletionRequest

    Swift

    class AWSKMSScheduleKeyDeletionRequest
  • Declaration

    Objective-C

    @interface AWSKMSScheduleKeyDeletionResponse

    Swift

    class AWSKMSScheduleKeyDeletionResponse
  • Declaration

    Objective-C

    @interface AWSKMSSignRequest

    Swift

    class AWSKMSSignRequest
  • Declaration

    Objective-C

    @interface AWSKMSSignResponse

    Swift

    class AWSKMSSignResponse
  • A key-value pair. A tag consists of a tag key and a tag value. Tag keys and tag values are both required, but tag values can be empty (null) strings.

    For information about the rules that apply to tag keys and tag values, see User-Defined Tag Restrictions in the Amazon Web Services Billing and Cost Management User Guide.

    Required parameters: [TagKey, TagValue]

    See more

    Declaration

    Objective-C

    @interface AWSKMSTag

    Swift

    class AWSKMSTag
  • Declaration

    Objective-C

    @interface AWSKMSTagResourceRequest

    Swift

    class AWSKMSTagResourceRequest
  • Declaration

    Objective-C

    @interface AWSKMSUntagResourceRequest

    Swift

    class AWSKMSUntagResourceRequest
  • Declaration

    Objective-C

    @interface AWSKMSUpdateAliasRequest

    Swift

    class AWSKMSUpdateAliasRequest
  • Declaration

    Objective-C

    @interface AWSKMSUpdateCustomKeyStoreRequest

    Swift

    class AWSKMSUpdateCustomKeyStoreRequest
  • Declaration

    Objective-C

    @interface AWSKMSUpdateCustomKeyStoreResponse

    Swift

    class AWSKMSUpdateCustomKeyStoreResponse
  • Declaration

    Objective-C

    @interface AWSKMSUpdateKeyDescriptionRequest

    Swift

    class AWSKMSUpdateKeyDescriptionRequest
  • Declaration

    Objective-C

    @interface AWSKMSUpdatePrimaryRegionRequest

    Swift

    class AWSKMSUpdatePrimaryRegionRequest
  • Declaration

    Objective-C

    @interface AWSKMSVerifyRequest

    Swift

    class AWSKMSVerifyRequest
  • Declaration

    Objective-C

    @interface AWSKMSVerifyResponse

    Swift

    class AWSKMSVerifyResponse
  • Undocumented

    See more

    Declaration

    Objective-C

    @interface AWSKMSResources : NSObject
    
    + (instancetype)sharedInstance;
    
    - (NSDictionary *)JSONObject;
    
    @end

    Swift

    class AWSKMSResources : NSObject
  • Key Management Service

    Key Management Service (KMS) is an encryption and key management web service. This guide describes the KMS operations that you can call programmatically. For general information about KMS, see the Key Management Service Developer Guide.

    KMS is replacing the term customer master key (CMK) with KMS key and KMS key. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.

    Amazon Web Services provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to KMS and other Amazon Web Services services. For example, the SDKs take care of tasks such as signing requests (see below), managing errors, and retrying requests automatically. For more information about the Amazon Web Services SDKs, including how to download and install them, see Tools for Amazon Web Services.

    We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to KMS.

    Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS 1.2. Clients must also support cipher suites with Perfect Forward Secrecy (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support these modes.

    Signing Requests

    Requests must be signed by using an access key ID and a secret access key. We strongly recommend that you do not use your Amazon Web Services account (root) access key ID and secret key for everyday work with KMS. Instead, use the access key ID and secret access key for an IAM user. You can also use the Amazon Web Services Security Token Service to generate temporary security credentials that you can use to sign requests.

    All KMS operations require Signature Version 4.

    Logging API Requests

    KMS supports CloudTrail, a service that logs Amazon Web Services API calls and related events for your Amazon Web Services account and delivers them to an Amazon S3 bucket that you specify. By using the information collected by CloudTrail, you can determine what requests were made to KMS, who made the request, when it was made, and so on. To learn more about CloudTrail, including how to turn it on and find your log files, see the CloudTrail User Guide.

    Additional Resources

    For more information about credentials and request signing, see the following:

    Commonly Used API Operations

    Of the API operations discussed in this guide, the following will prove the most useful for most applications. You will likely perform operations other than these, such as creating keys and assigning policies, by using the console.

    See more

    Declaration

    Objective-C

    @interface AWSKMS

    Swift

    class AWSKMS