Classes
The following classes are available globally.
-
Contains information about an alias.
See moreDeclaration
Objective-C
@interface AWSKMSAliasListEntry
Swift
class AWSKMSAliasListEntry
-
Declaration
Objective-C
@interface AWSKMSCancelKeyDeletionRequest
Swift
class AWSKMSCancelKeyDeletionRequest
-
Declaration
Objective-C
@interface AWSKMSCancelKeyDeletionResponse
Swift
class AWSKMSCancelKeyDeletionResponse
-
Declaration
Objective-C
@interface AWSKMSConnectCustomKeyStoreRequest
Swift
class AWSKMSConnectCustomKeyStoreRequest
-
Declaration
Objective-C
@interface AWSKMSConnectCustomKeyStoreResponse
Swift
class AWSKMSConnectCustomKeyStoreResponse
-
Declaration
Objective-C
@interface AWSKMSCreateAliasRequest
Swift
class AWSKMSCreateAliasRequest
-
Declaration
Objective-C
@interface AWSKMSCreateCustomKeyStoreRequest
Swift
class AWSKMSCreateCustomKeyStoreRequest
-
Declaration
Objective-C
@interface AWSKMSCreateCustomKeyStoreResponse
Swift
class AWSKMSCreateCustomKeyStoreResponse
-
Declaration
Objective-C
@interface AWSKMSCreateGrantRequest
Swift
class AWSKMSCreateGrantRequest
-
Declaration
Objective-C
@interface AWSKMSCreateGrantResponse
Swift
class AWSKMSCreateGrantResponse
-
Declaration
Objective-C
@interface AWSKMSCreateKeyRequest
Swift
class AWSKMSCreateKeyRequest
-
Declaration
Objective-C
@interface AWSKMSCreateKeyResponse
Swift
class AWSKMSCreateKeyResponse
-
Contains information about each custom key store in the custom key store list.
See moreDeclaration
Objective-C
@interface AWSKMSCustomKeyStoresListEntry
Swift
class AWSKMSCustomKeyStoresListEntry
-
Declaration
Objective-C
@interface AWSKMSDecryptRequest
Swift
class AWSKMSDecryptRequest
-
Declaration
Objective-C
@interface AWSKMSDecryptResponse
Swift
class AWSKMSDecryptResponse
-
Declaration
Objective-C
@interface AWSKMSDeleteAliasRequest
Swift
class AWSKMSDeleteAliasRequest
-
Declaration
Objective-C
@interface AWSKMSDeleteCustomKeyStoreRequest
Swift
class AWSKMSDeleteCustomKeyStoreRequest
-
Declaration
Objective-C
@interface AWSKMSDeleteCustomKeyStoreResponse
Swift
class AWSKMSDeleteCustomKeyStoreResponse
-
Declaration
Objective-C
@interface AWSKMSDeleteImportedKeyMaterialRequest
Swift
class AWSKMSDeleteImportedKeyMaterialRequest
-
Declaration
Objective-C
@interface AWSKMSDescribeCustomKeyStoresRequest
Swift
class AWSKMSDescribeCustomKeyStoresRequest
-
Declaration
Objective-C
@interface AWSKMSDescribeCustomKeyStoresResponse
Swift
class AWSKMSDescribeCustomKeyStoresResponse
-
Declaration
Objective-C
@interface AWSKMSDescribeKeyRequest
Swift
class AWSKMSDescribeKeyRequest
-
Declaration
Objective-C
@interface AWSKMSDescribeKeyResponse
Swift
class AWSKMSDescribeKeyResponse
-
Declaration
Objective-C
@interface AWSKMSDisableKeyRequest
Swift
class AWSKMSDisableKeyRequest
-
Declaration
Objective-C
@interface AWSKMSDisableKeyRotationRequest
Swift
class AWSKMSDisableKeyRotationRequest
-
Declaration
Objective-C
@interface AWSKMSDisconnectCustomKeyStoreRequest
Swift
class AWSKMSDisconnectCustomKeyStoreRequest
-
Declaration
Objective-C
@interface AWSKMSDisconnectCustomKeyStoreResponse
Swift
class AWSKMSDisconnectCustomKeyStoreResponse
-
Declaration
Objective-C
@interface AWSKMSEnableKeyRequest
Swift
class AWSKMSEnableKeyRequest
-
Declaration
Objective-C
@interface AWSKMSEnableKeyRotationRequest
Swift
class AWSKMSEnableKeyRotationRequest
-
Declaration
Objective-C
@interface AWSKMSEncryptRequest
Swift
class AWSKMSEncryptRequest
-
Declaration
Objective-C
@interface AWSKMSEncryptResponse
Swift
class AWSKMSEncryptResponse
-
Declaration
Objective-C
@interface AWSKMSGenerateDataKeyPairRequest
Swift
class AWSKMSGenerateDataKeyPairRequest
-
Declaration
Objective-C
@interface AWSKMSGenerateDataKeyPairResponse
Swift
class AWSKMSGenerateDataKeyPairResponse
-
Declaration
Objective-C
@interface AWSKMSGenerateDataKeyPairWithoutPlaintextRequest
Swift
class AWSKMSGenerateDataKeyPairWithoutPlaintextRequest
-
Declaration
Objective-C
@interface AWSKMSGenerateDataKeyPairWithoutPlaintextResponse
Swift
class AWSKMSGenerateDataKeyPairWithoutPlaintextResponse
-
Declaration
Objective-C
@interface AWSKMSGenerateDataKeyRequest
Swift
class AWSKMSGenerateDataKeyRequest
-
Declaration
Objective-C
@interface AWSKMSGenerateDataKeyResponse
Swift
class AWSKMSGenerateDataKeyResponse
-
Declaration
Objective-C
@interface AWSKMSGenerateDataKeyWithoutPlaintextRequest
Swift
class AWSKMSGenerateDataKeyWithoutPlaintextRequest
-
Declaration
Objective-C
@interface AWSKMSGenerateDataKeyWithoutPlaintextResponse
Swift
class AWSKMSGenerateDataKeyWithoutPlaintextResponse
-
Declaration
Objective-C
@interface AWSKMSGenerateMacRequest
Swift
class AWSKMSGenerateMacRequest
-
Declaration
Objective-C
@interface AWSKMSGenerateMacResponse
Swift
class AWSKMSGenerateMacResponse
-
Declaration
Objective-C
@interface AWSKMSGenerateRandomRequest
Swift
class AWSKMSGenerateRandomRequest
-
Declaration
Objective-C
@interface AWSKMSGenerateRandomResponse
Swift
class AWSKMSGenerateRandomResponse
-
Declaration
Objective-C
@interface AWSKMSGetKeyPolicyRequest
Swift
class AWSKMSGetKeyPolicyRequest
-
Declaration
Objective-C
@interface AWSKMSGetKeyPolicyResponse
Swift
class AWSKMSGetKeyPolicyResponse
-
Declaration
Objective-C
@interface AWSKMSGetKeyRotationStatusRequest
Swift
class AWSKMSGetKeyRotationStatusRequest
-
Declaration
Objective-C
@interface AWSKMSGetKeyRotationStatusResponse
Swift
class AWSKMSGetKeyRotationStatusResponse
-
Declaration
Objective-C
@interface AWSKMSGetParametersForImportRequest
Swift
class AWSKMSGetParametersForImportRequest
-
Declaration
Objective-C
@interface AWSKMSGetParametersForImportResponse
Swift
class AWSKMSGetParametersForImportResponse
-
Declaration
Objective-C
@interface AWSKMSGetPublicKeyRequest
Swift
class AWSKMSGetPublicKeyRequest
-
Declaration
Objective-C
@interface AWSKMSGetPublicKeyResponse
Swift
class AWSKMSGetPublicKeyResponse
-
Use this structure to allow cryptographic operations in the grant only when the operation request includes the specified encryption context.
KMS applies the grant constraints only to cryptographic operations that support an encryption context, that is, all cryptographic operations with a symmetric encryption KMS key. Grant constraints are not applied to operations that do not support an encryption context, such as cryptographic operations with HMAC KMS keys or asymmetric KMS keys, and management operations, such as DescribeKey or RetireGrant.
See moreIn a cryptographic operation, the encryption context in the decryption operation must be an exact, case-sensitive match for the keys and values in the encryption context of the encryption operation. Only the order of the pairs can vary.
However, in a grant constraint, the key in each key-value pair is not case sensitive, but the value is case sensitive.
To avoid confusion, do not use multiple encryption context pairs that differ only by case. To require a fully case-sensitive encryption context, use the
kms:EncryptionContext:
andkms:EncryptionContextKeys
conditions in an IAM or key policy. For details, see kms:EncryptionContext: in the Key Management Service Developer Guide.Declaration
Objective-C
@interface AWSKMSGrantConstraints
Swift
class AWSKMSGrantConstraints
-
Contains information about a grant.
See moreDeclaration
Objective-C
@interface AWSKMSGrantListEntry
Swift
class AWSKMSGrantListEntry
-
Declaration
Objective-C
@interface AWSKMSImportKeyMaterialRequest
Swift
class AWSKMSImportKeyMaterialRequest
-
Declaration
Objective-C
@interface AWSKMSImportKeyMaterialResponse
Swift
class AWSKMSImportKeyMaterialResponse
-
Contains information about each entry in the key list.
See moreDeclaration
Objective-C
@interface AWSKMSKeyListEntry
Swift
class AWSKMSKeyListEntry
-
Contains metadata about a KMS key.
This data type is used as a response element for the CreateKey and DescribeKey operations.
Required parameters: [KeyId]
See moreDeclaration
Objective-C
@interface AWSKMSKeyMetadata
Swift
class AWSKMSKeyMetadata
-
Declaration
Objective-C
@interface AWSKMSListAliasesRequest
Swift
class AWSKMSListAliasesRequest
-
Declaration
Objective-C
@interface AWSKMSListAliasesResponse
Swift
class AWSKMSListAliasesResponse
-
Declaration
Objective-C
@interface AWSKMSListGrantsRequest
Swift
class AWSKMSListGrantsRequest
-
Declaration
Objective-C
@interface AWSKMSListGrantsResponse
Swift
class AWSKMSListGrantsResponse
-
Declaration
Objective-C
@interface AWSKMSListKeyPoliciesRequest
Swift
class AWSKMSListKeyPoliciesRequest
-
Declaration
Objective-C
@interface AWSKMSListKeyPoliciesResponse
Swift
class AWSKMSListKeyPoliciesResponse
-
Declaration
Objective-C
@interface AWSKMSListKeysRequest
Swift
class AWSKMSListKeysRequest
-
Declaration
Objective-C
@interface AWSKMSListKeysResponse
Swift
class AWSKMSListKeysResponse
-
Declaration
Objective-C
@interface AWSKMSListResourceTagsRequest
Swift
class AWSKMSListResourceTagsRequest
-
Declaration
Objective-C
@interface AWSKMSListResourceTagsResponse
Swift
class AWSKMSListResourceTagsResponse
-
Declaration
Objective-C
@interface AWSKMSListRetirableGrantsRequest
Swift
class AWSKMSListRetirableGrantsRequest
-
Describes the configuration of this multi-Region key. This field appears only when the KMS key is a primary or replica of a multi-Region key.
For more information about any listed KMS key, use the DescribeKey operation.
See moreDeclaration
Objective-C
@interface AWSKMSMultiRegionConfiguration
Swift
class AWSKMSMultiRegionConfiguration
-
Describes the primary or replica key in a multi-Region key.
See moreDeclaration
Objective-C
@interface AWSKMSMultiRegionKey
Swift
class AWSKMSMultiRegionKey
-
Declaration
Objective-C
@interface AWSKMSPutKeyPolicyRequest
Swift
class AWSKMSPutKeyPolicyRequest
-
Declaration
Objective-C
@interface AWSKMSReEncryptRequest
Swift
class AWSKMSReEncryptRequest
-
Declaration
Objective-C
@interface AWSKMSReEncryptResponse
Swift
class AWSKMSReEncryptResponse
-
Declaration
Objective-C
@interface AWSKMSReplicateKeyRequest
Swift
class AWSKMSReplicateKeyRequest
-
Declaration
Objective-C
@interface AWSKMSReplicateKeyResponse
Swift
class AWSKMSReplicateKeyResponse
-
Declaration
Objective-C
@interface AWSKMSRetireGrantRequest
Swift
class AWSKMSRetireGrantRequest
-
Declaration
Objective-C
@interface AWSKMSRevokeGrantRequest
Swift
class AWSKMSRevokeGrantRequest
-
Declaration
Objective-C
@interface AWSKMSScheduleKeyDeletionRequest
Swift
class AWSKMSScheduleKeyDeletionRequest
-
Declaration
Objective-C
@interface AWSKMSScheduleKeyDeletionResponse
Swift
class AWSKMSScheduleKeyDeletionResponse
-
Declaration
Objective-C
@interface AWSKMSSignRequest
Swift
class AWSKMSSignRequest
-
Declaration
Objective-C
@interface AWSKMSSignResponse
Swift
class AWSKMSSignResponse
-
A key-value pair. A tag consists of a tag key and a tag value. Tag keys and tag values are both required, but tag values can be empty (null) strings.
For information about the rules that apply to tag keys and tag values, see User-Defined Tag Restrictions in the Amazon Web Services Billing and Cost Management User Guide.
Required parameters: [TagKey, TagValue]
See moreDeclaration
Objective-C
@interface AWSKMSTag
Swift
class AWSKMSTag
-
Declaration
Objective-C
@interface AWSKMSTagResourceRequest
Swift
class AWSKMSTagResourceRequest
-
Declaration
Objective-C
@interface AWSKMSUntagResourceRequest
Swift
class AWSKMSUntagResourceRequest
-
Declaration
Objective-C
@interface AWSKMSUpdateAliasRequest
Swift
class AWSKMSUpdateAliasRequest
-
Declaration
Objective-C
@interface AWSKMSUpdateCustomKeyStoreRequest
Swift
class AWSKMSUpdateCustomKeyStoreRequest
-
Declaration
Objective-C
@interface AWSKMSUpdateCustomKeyStoreResponse
Swift
class AWSKMSUpdateCustomKeyStoreResponse
-
Declaration
Objective-C
@interface AWSKMSUpdateKeyDescriptionRequest
Swift
class AWSKMSUpdateKeyDescriptionRequest
-
Declaration
Objective-C
@interface AWSKMSUpdatePrimaryRegionRequest
Swift
class AWSKMSUpdatePrimaryRegionRequest
-
Declaration
Objective-C
@interface AWSKMSVerifyMacRequest
Swift
class AWSKMSVerifyMacRequest
-
Declaration
Objective-C
@interface AWSKMSVerifyMacResponse
Swift
class AWSKMSVerifyMacResponse
-
Declaration
Objective-C
@interface AWSKMSVerifyRequest
Swift
class AWSKMSVerifyRequest
-
Declaration
Objective-C
@interface AWSKMSVerifyResponse
Swift
class AWSKMSVerifyResponse
-
Undocumented
See moreDeclaration
Objective-C
@interface AWSKMSResources : NSObject + (instancetype)sharedInstance; - (NSDictionary *)JSONObject; @end
Swift
class AWSKMSResources : NSObject
-
Key Management Service Key Management Service (KMS) is an encryption and key management web service. This guide describes the KMS operations that you can call programmatically. For general information about KMS, see the Key Management Service Developer Guide.
KMS is replacing the term customer master key (CMK) with KMS key and KMS key. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.
Amazon Web Services provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to KMS and other Amazon Web Services services. For example, the SDKs take care of tasks such as signing requests (see below), managing errors, and retrying requests automatically. For more information about the Amazon Web Services SDKs, including how to download and install them, see Tools for Amazon Web Services.
We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to KMS.
If you need to use FIPS 140-2 validated cryptographic modules when communicating with Amazon Web Services, use the FIPS endpoint in your preferred Amazon Web Services Region. For more information about the available FIPS endpoints, see Service endpoints in the Key Management Service topic of the Amazon Web Services General Reference.
Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS 1.2. Clients must also support cipher suites with Perfect Forward Secrecy (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support these modes.
Signing Requests
Requests must be signed by using an access key ID and a secret access key. We strongly recommend that you do not use your Amazon Web Services account (root) access key ID and secret key for everyday work with KMS. Instead, use the access key ID and secret access key for an IAM user. You can also use the Amazon Web Services Security Token Service to generate temporary security credentials that you can use to sign requests.
All KMS operations require Signature Version 4.
Logging API Requests
KMS supports CloudTrail, a service that logs Amazon Web Services API calls and related events for your Amazon Web Services account and delivers them to an Amazon S3 bucket that you specify. By using the information collected by CloudTrail, you can determine what requests were made to KMS, who made the request, when it was made, and so on. To learn more about CloudTrail, including how to turn it on and find your log files, see the CloudTrail User Guide.
Additional Resources
For more information about credentials and request signing, see the following:
Amazon Web Services Security Credentials - This topic provides general information about the types of credentials used to access Amazon Web Services.
Temporary Security Credentials - This section of the IAM User Guide describes how to create and use temporary security credentials.
Signature Version 4 Signing Process - This set of topics walks you through the process of signing a request using an access key ID and a secret access key.
Commonly Used API Operations
Of the API operations discussed in this guide, the following will prove the most useful for most applications. You will likely perform operations other than these, such as creating keys and assigning policies, by using the console.
See moreDeclaration
Objective-C
@interface AWSKMS
Swift
class AWSKMS