Classes

The following classes are available globally.

  • Contains information about an alias.

    See more

    Declaration

    Objective-C

    @interface AWSKMSAliasListEntry

    Swift

    class AWSKMSAliasListEntry
  • See more

    Declaration

    Objective-C

    @interface AWSKMSCancelKeyDeletionRequest

    Swift

    class AWSKMSCancelKeyDeletionRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSCancelKeyDeletionResponse

    Swift

    class AWSKMSCancelKeyDeletionResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSConnectCustomKeyStoreRequest

    Swift

    class AWSKMSConnectCustomKeyStoreRequest

  • Declaration

    Objective-C

    @interface AWSKMSConnectCustomKeyStoreResponse

    Swift

    class AWSKMSConnectCustomKeyStoreResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSCreateAliasRequest

    Swift

    class AWSKMSCreateAliasRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSCreateCustomKeyStoreRequest

    Swift

    class AWSKMSCreateCustomKeyStoreRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSCreateCustomKeyStoreResponse

    Swift

    class AWSKMSCreateCustomKeyStoreResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSCreateGrantRequest

    Swift

    class AWSKMSCreateGrantRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSCreateGrantResponse

    Swift

    class AWSKMSCreateGrantResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSCreateKeyRequest

    Swift

    class AWSKMSCreateKeyRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSCreateKeyResponse

    Swift

    class AWSKMSCreateKeyResponse

  • Contains information about each custom key store in the custom key store list.

    See more

    Declaration

    Objective-C

    @interface AWSKMSCustomKeyStoresListEntry

    Swift

    class AWSKMSCustomKeyStoresListEntry
  • See more

    Declaration

    Objective-C

    @interface AWSKMSDecryptRequest

    Swift

    class AWSKMSDecryptRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSDecryptResponse

    Swift

    class AWSKMSDecryptResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSDeleteAliasRequest

    Swift

    class AWSKMSDeleteAliasRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSDeleteCustomKeyStoreRequest

    Swift

    class AWSKMSDeleteCustomKeyStoreRequest

  • Declaration

    Objective-C

    @interface AWSKMSDeleteCustomKeyStoreResponse

    Swift

    class AWSKMSDeleteCustomKeyStoreResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSDeleteImportedKeyMaterialRequest

    Swift

    class AWSKMSDeleteImportedKeyMaterialRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSDescribeCustomKeyStoresRequest

    Swift

    class AWSKMSDescribeCustomKeyStoresRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSDescribeCustomKeyStoresResponse

    Swift

    class AWSKMSDescribeCustomKeyStoresResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSDescribeKeyRequest

    Swift

    class AWSKMSDescribeKeyRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSDescribeKeyResponse

    Swift

    class AWSKMSDescribeKeyResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSDisableKeyRequest

    Swift

    class AWSKMSDisableKeyRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSDisableKeyRotationRequest

    Swift

    class AWSKMSDisableKeyRotationRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSDisconnectCustomKeyStoreRequest

    Swift

    class AWSKMSDisconnectCustomKeyStoreRequest

  • Declaration

    Objective-C

    @interface AWSKMSDisconnectCustomKeyStoreResponse

    Swift

    class AWSKMSDisconnectCustomKeyStoreResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSEnableKeyRequest

    Swift

    class AWSKMSEnableKeyRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSEnableKeyRotationRequest

    Swift

    class AWSKMSEnableKeyRotationRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSEncryptRequest

    Swift

    class AWSKMSEncryptRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSEncryptResponse

    Swift

    class AWSKMSEncryptResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSGenerateDataKeyPairRequest

    Swift

    class AWSKMSGenerateDataKeyPairRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSGenerateDataKeyPairResponse

    Swift

    class AWSKMSGenerateDataKeyPairResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSGenerateDataKeyPairWithoutPlaintextRequest

    Swift

    class AWSKMSGenerateDataKeyPairWithoutPlaintextRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSGenerateDataKeyPairWithoutPlaintextResponse

    Swift

    class AWSKMSGenerateDataKeyPairWithoutPlaintextResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSGenerateDataKeyRequest

    Swift

    class AWSKMSGenerateDataKeyRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSGenerateDataKeyResponse

    Swift

    class AWSKMSGenerateDataKeyResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSGenerateDataKeyWithoutPlaintextRequest

    Swift

    class AWSKMSGenerateDataKeyWithoutPlaintextRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSGenerateDataKeyWithoutPlaintextResponse

    Swift

    class AWSKMSGenerateDataKeyWithoutPlaintextResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSGenerateMacRequest

    Swift

    class AWSKMSGenerateMacRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSGenerateMacResponse

    Swift

    class AWSKMSGenerateMacResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSGenerateRandomRequest

    Swift

    class AWSKMSGenerateRandomRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSGenerateRandomResponse

    Swift

    class AWSKMSGenerateRandomResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSGetKeyPolicyRequest

    Swift

    class AWSKMSGetKeyPolicyRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSGetKeyPolicyResponse

    Swift

    class AWSKMSGetKeyPolicyResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSGetKeyRotationStatusRequest

    Swift

    class AWSKMSGetKeyRotationStatusRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSGetKeyRotationStatusResponse

    Swift

    class AWSKMSGetKeyRotationStatusResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSGetParametersForImportRequest

    Swift

    class AWSKMSGetParametersForImportRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSGetParametersForImportResponse

    Swift

    class AWSKMSGetParametersForImportResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSGetPublicKeyRequest

    Swift

    class AWSKMSGetPublicKeyRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSGetPublicKeyResponse

    Swift

    class AWSKMSGetPublicKeyResponse

  • Use this structure to allow cryptographic operations in the grant only when the operation request includes the specified encryption context.

    KMS applies the grant constraints only to cryptographic operations that support an encryption context, that is, all cryptographic operations with a symmetric KMS key. Grant constraints are not applied to operations that do not support an encryption context, such as cryptographic operations with asymmetric KMS keys and management operations, such as DescribeKey or RetireGrant.

    In a cryptographic operation, the encryption context in the decryption operation must be an exact, case-sensitive match for the keys and values in the encryption context of the encryption operation. Only the order of the pairs can vary.

    However, in a grant constraint, the key in each key-value pair is not case sensitive, but the value is case sensitive.

    To avoid confusion, do not use multiple encryption context pairs that differ only by case. To require a fully case-sensitive encryption context, use the kms:EncryptionContext: and kms:EncryptionContextKeys conditions in an IAM or key policy. For details, see kms:EncryptionContext: in the Key Management Service Developer Guide.

    See more

    Declaration

    Objective-C

    @interface AWSKMSGrantConstraints

    Swift

    class AWSKMSGrantConstraints

  • Contains information about a grant.

    See more

    Declaration

    Objective-C

    @interface AWSKMSGrantListEntry

    Swift

    class AWSKMSGrantListEntry
  • See more

    Declaration

    Objective-C

    @interface AWSKMSImportKeyMaterialRequest

    Swift

    class AWSKMSImportKeyMaterialRequest

  • Declaration

    Objective-C

    @interface AWSKMSImportKeyMaterialResponse

    Swift

    class AWSKMSImportKeyMaterialResponse

  • Contains information about each entry in the key list.

    See more

    Declaration

    Objective-C

    @interface AWSKMSKeyListEntry

    Swift

    class AWSKMSKeyListEntry

  • Contains metadata about a KMS key.

    This data type is used as a response element for the CreateKey, DescribeKey, and ReplicateKey operations.

    Required parameters: [KeyId]

    See more

    Declaration

    Objective-C

    @interface AWSKMSKeyMetadata

    Swift

    class AWSKMSKeyMetadata
  • See more

    Declaration

    Objective-C

    @interface AWSKMSListAliasesRequest

    Swift

    class AWSKMSListAliasesRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSListAliasesResponse

    Swift

    class AWSKMSListAliasesResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSListGrantsRequest

    Swift

    class AWSKMSListGrantsRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSListGrantsResponse

    Swift

    class AWSKMSListGrantsResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSListKeyPoliciesRequest

    Swift

    class AWSKMSListKeyPoliciesRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSListKeyPoliciesResponse

    Swift

    class AWSKMSListKeyPoliciesResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSListKeysRequest

    Swift

    class AWSKMSListKeysRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSListKeysResponse

    Swift

    class AWSKMSListKeysResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSListResourceTagsRequest

    Swift

    class AWSKMSListResourceTagsRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSListResourceTagsResponse

    Swift

    class AWSKMSListResourceTagsResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSListRetirableGrantsRequest

    Swift

    class AWSKMSListRetirableGrantsRequest

  • Describes the configuration of this multi-Region key. This field appears only when the KMS key is a primary or replica of a multi-Region key.

    For more information about any listed KMS key, use the DescribeKey operation.

    See more

    Declaration

    Objective-C

    @interface AWSKMSMultiRegionConfiguration

    Swift

    class AWSKMSMultiRegionConfiguration

  • Describes the primary or replica key in a multi-Region key.

    See more

    Declaration

    Objective-C

    @interface AWSKMSMultiRegionKey

    Swift

    class AWSKMSMultiRegionKey
  • See more

    Declaration

    Objective-C

    @interface AWSKMSPutKeyPolicyRequest

    Swift

    class AWSKMSPutKeyPolicyRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSReEncryptRequest

    Swift

    class AWSKMSReEncryptRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSReEncryptResponse

    Swift

    class AWSKMSReEncryptResponse

  • Contains information about the party that receives the response from the API operation.

    This data type is designed to support Amazon Web Services Nitro Enclaves, which lets you create an isolated compute environment in Amazon EC2. For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.

    See more

    Declaration

    Objective-C

    @interface AWSKMSRecipientInfo

    Swift

    class AWSKMSRecipientInfo
  • See more

    Declaration

    Objective-C

    @interface AWSKMSReplicateKeyRequest

    Swift

    class AWSKMSReplicateKeyRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSReplicateKeyResponse

    Swift

    class AWSKMSReplicateKeyResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSRetireGrantRequest

    Swift

    class AWSKMSRetireGrantRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSRevokeGrantRequest

    Swift

    class AWSKMSRevokeGrantRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSScheduleKeyDeletionRequest

    Swift

    class AWSKMSScheduleKeyDeletionRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSScheduleKeyDeletionResponse

    Swift

    class AWSKMSScheduleKeyDeletionResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSSignRequest

    Swift

    class AWSKMSSignRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSSignResponse

    Swift

    class AWSKMSSignResponse

  • A key-value pair. A tag consists of a tag key and a tag value. Tag keys and tag values are both required, but tag values can be empty (null) strings.

    Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

    For information about the rules that apply to tag keys and tag values, see User-Defined Tag Restrictions in the Amazon Web Services Billing and Cost Management User Guide.

    Required parameters: [TagKey, TagValue]

    See more

    Declaration

    Objective-C

    @interface AWSKMSTag

    Swift

    class AWSKMSTag
  • See more

    Declaration

    Objective-C

    @interface AWSKMSTagResourceRequest

    Swift

    class AWSKMSTagResourceRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSUntagResourceRequest

    Swift

    class AWSKMSUntagResourceRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSUpdateAliasRequest

    Swift

    class AWSKMSUpdateAliasRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSUpdateCustomKeyStoreRequest

    Swift

    class AWSKMSUpdateCustomKeyStoreRequest

  • Declaration

    Objective-C

    @interface AWSKMSUpdateCustomKeyStoreResponse

    Swift

    class AWSKMSUpdateCustomKeyStoreResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSUpdateKeyDescriptionRequest

    Swift

    class AWSKMSUpdateKeyDescriptionRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSUpdatePrimaryRegionRequest

    Swift

    class AWSKMSUpdatePrimaryRegionRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSVerifyMacRequest

    Swift

    class AWSKMSVerifyMacRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSVerifyMacResponse

    Swift

    class AWSKMSVerifyMacResponse
  • See more

    Declaration

    Objective-C

    @interface AWSKMSVerifyRequest

    Swift

    class AWSKMSVerifyRequest
  • See more

    Declaration

    Objective-C

    @interface AWSKMSVerifyResponse

    Swift

    class AWSKMSVerifyResponse

  • Information about the external key that is associated with a KMS key in an external key store.

    This element appears in a CreateKey or DescribeKey response only for a KMS key in an external key store.

    The external key is a symmetric encryption key that is hosted by an external key manager outside of Amazon Web Services. When you use the KMS key in an external key store in a cryptographic operation, the cryptographic operation is performed in the external key manager using the specified external key. For more information, see External key in the Key Management Service Developer Guide.

    See more

    Declaration

    Objective-C

    @interface AWSKMSXksKeyConfigurationType

    Swift

    class AWSKMSXksKeyConfigurationType

  • KMS uses the authentication credential to sign requests that it sends to the external key store proxy (XKS proxy) on your behalf. You establish these credentials on your external key store proxy and report them to KMS.

    The XksProxyAuthenticationCredential includes two required elements.

    Required parameters: [AccessKeyId, RawSecretAccessKey]

    See more

    Declaration

    Objective-C

    @interface AWSKMSXksProxyAuthenticationCredentialType

    Swift

    class AWSKMSXksProxyAuthenticationCredentialType

  • Detailed information about the external key store proxy (XKS proxy). Your external key store proxy translates KMS requests into a format that your external key manager can understand. These fields appear in a DescribeCustomKeyStores response only when the CustomKeyStoreType is EXTERNAL_KEY_STORE.

    See more

    Declaration

    Objective-C

    @interface AWSKMSXksProxyConfigurationType

    Swift

    class AWSKMSXksProxyConfigurationType

  • Undocumented

    See more

    Declaration

    Objective-C

    @interface AWSKMSResources : NSObject

+ (instancetype)sharedInstance;

- (NSDictionary *)JSONObject;

@end

    Swift

    class AWSKMSResources : NSObject

  • Key Management Service

    Key Management Service (KMS) is an encryption and key management web service. This guide describes the KMS operations that you can call programmatically. For general information about KMS, see the Key Management Service Developer Guide.

    KMS has replaced the term customer master key (CMK) with KMS key and KMS key. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.

    Amazon Web Services provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to KMS and other Amazon Web Services services. For example, the SDKs take care of tasks such as signing requests (see below), managing errors, and retrying requests automatically. For more information about the Amazon Web Services SDKs, including how to download and install them, see Tools for Amazon Web Services.

    We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to KMS.

    If you need to use FIPS 140-2 validated cryptographic modules when communicating with Amazon Web Services, use the FIPS endpoint in your preferred Amazon Web Services Region. For more information about the available FIPS endpoints, see Service endpoints in the Key Management Service topic of the Amazon Web Services General Reference.

    All KMS API calls must be signed and be transmitted using Transport Layer Security (TLS). KMS recommends you always use the latest supported TLS version. Clients must also support cipher suites with Perfect Forward Secrecy (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support these modes.

    Signing Requests

    Requests must be signed using an access key ID and a secret access key. We strongly recommend that you do not use your Amazon Web Services account root access key ID and secret access key for everyday work. You can use the access key ID and secret access key for an IAM user or you can use the Security Token Service (STS) to generate temporary security credentials and use those to sign requests.

    All KMS requests must be signed with Signature Version 4.

    Logging API Requests

    KMS supports CloudTrail, a service that logs Amazon Web Services API calls and related events for your Amazon Web Services account and delivers them to an Amazon S3 bucket that you specify. By using the information collected by CloudTrail, you can determine what requests were made to KMS, who made the request, when it was made, and so on. To learn more about CloudTrail, including how to turn it on and find your log files, see the CloudTrail User Guide.

    Additional Resources

    For more information about credentials and request signing, see the following:

    Commonly Used API Operations

    Of the API operations discussed in this guide, the following will prove the most useful for most applications. You will likely perform operations other than these, such as creating keys and assigning policies, by using the console.

    See more

    Declaration

    Objective-C

    @interface AWSKMS

    Swift

    class AWSKMS