View on GitHub
Install in Dash
Classes Reference
Classes
The following classes are available globally.
-
Contains information about an alias.
See moreDeclaration
Objective-C
@interface AWSKMSAliasListEntrySwift
class AWSKMSAliasListEntry -
Declaration
Objective-C
@interface AWSKMSCancelKeyDeletionRequestSwift
class AWSKMSCancelKeyDeletionRequest -
Declaration
Objective-C
@interface AWSKMSCancelKeyDeletionResponseSwift
class AWSKMSCancelKeyDeletionResponse -
Declaration
Objective-C
@interface AWSKMSConnectCustomKeyStoreRequestSwift
class AWSKMSConnectCustomKeyStoreRequest -
Declaration
Objective-C
@interface AWSKMSConnectCustomKeyStoreResponseSwift
class AWSKMSConnectCustomKeyStoreResponse -
Declaration
Objective-C
@interface AWSKMSCreateAliasRequestSwift
class AWSKMSCreateAliasRequest -
Declaration
Objective-C
@interface AWSKMSCreateCustomKeyStoreRequestSwift
class AWSKMSCreateCustomKeyStoreRequest -
Declaration
Objective-C
@interface AWSKMSCreateCustomKeyStoreResponseSwift
class AWSKMSCreateCustomKeyStoreResponse -
Declaration
Objective-C
@interface AWSKMSCreateGrantRequestSwift
class AWSKMSCreateGrantRequest -
Declaration
Objective-C
@interface AWSKMSCreateGrantResponseSwift
class AWSKMSCreateGrantResponse -
Declaration
Objective-C
@interface AWSKMSCreateKeyRequestSwift
class AWSKMSCreateKeyRequest -
Declaration
Objective-C
@interface AWSKMSCreateKeyResponseSwift
class AWSKMSCreateKeyResponse -
Contains information about each custom key store in the custom key store list.
See moreDeclaration
Objective-C
@interface AWSKMSCustomKeyStoresListEntrySwift
class AWSKMSCustomKeyStoresListEntry -
Declaration
Objective-C
@interface AWSKMSDecryptRequestSwift
class AWSKMSDecryptRequest -
Declaration
Objective-C
@interface AWSKMSDecryptResponseSwift
class AWSKMSDecryptResponse -
Declaration
Objective-C
@interface AWSKMSDeleteAliasRequestSwift
class AWSKMSDeleteAliasRequest -
Declaration
Objective-C
@interface AWSKMSDeleteCustomKeyStoreRequestSwift
class AWSKMSDeleteCustomKeyStoreRequest -
Declaration
Objective-C
@interface AWSKMSDeleteCustomKeyStoreResponseSwift
class AWSKMSDeleteCustomKeyStoreResponse -
Declaration
Objective-C
@interface AWSKMSDeleteImportedKeyMaterialRequestSwift
class AWSKMSDeleteImportedKeyMaterialRequest -
Declaration
Objective-C
@interface AWSKMSDescribeCustomKeyStoresRequestSwift
class AWSKMSDescribeCustomKeyStoresRequest -
Declaration
Objective-C
@interface AWSKMSDescribeCustomKeyStoresResponseSwift
class AWSKMSDescribeCustomKeyStoresResponse -
Declaration
Objective-C
@interface AWSKMSDescribeKeyRequestSwift
class AWSKMSDescribeKeyRequest -
Declaration
Objective-C
@interface AWSKMSDescribeKeyResponseSwift
class AWSKMSDescribeKeyResponse -
Declaration
Objective-C
@interface AWSKMSDisableKeyRequestSwift
class AWSKMSDisableKeyRequest -
Declaration
Objective-C
@interface AWSKMSDisableKeyRotationRequestSwift
class AWSKMSDisableKeyRotationRequest -
Declaration
Objective-C
@interface AWSKMSDisconnectCustomKeyStoreRequestSwift
class AWSKMSDisconnectCustomKeyStoreRequest -
Declaration
Objective-C
@interface AWSKMSDisconnectCustomKeyStoreResponseSwift
class AWSKMSDisconnectCustomKeyStoreResponse -
Declaration
Objective-C
@interface AWSKMSEnableKeyRequestSwift
class AWSKMSEnableKeyRequest -
Declaration
Objective-C
@interface AWSKMSEnableKeyRotationRequestSwift
class AWSKMSEnableKeyRotationRequest -
Declaration
Objective-C
@interface AWSKMSEncryptRequestSwift
class AWSKMSEncryptRequest -
Declaration
Objective-C
@interface AWSKMSEncryptResponseSwift
class AWSKMSEncryptResponse -
Declaration
Objective-C
@interface AWSKMSGenerateDataKeyPairRequestSwift
class AWSKMSGenerateDataKeyPairRequest -
Declaration
Objective-C
@interface AWSKMSGenerateDataKeyPairResponseSwift
class AWSKMSGenerateDataKeyPairResponse -
Declaration
Objective-C
@interface AWSKMSGenerateDataKeyPairWithoutPlaintextRequestSwift
class AWSKMSGenerateDataKeyPairWithoutPlaintextRequest -
Declaration
Objective-C
@interface AWSKMSGenerateDataKeyPairWithoutPlaintextResponseSwift
class AWSKMSGenerateDataKeyPairWithoutPlaintextResponse -
Declaration
Objective-C
@interface AWSKMSGenerateDataKeyRequestSwift
class AWSKMSGenerateDataKeyRequest -
Declaration
Objective-C
@interface AWSKMSGenerateDataKeyResponseSwift
class AWSKMSGenerateDataKeyResponse -
Declaration
Objective-C
@interface AWSKMSGenerateDataKeyWithoutPlaintextRequestSwift
class AWSKMSGenerateDataKeyWithoutPlaintextRequest -
Declaration
Objective-C
@interface AWSKMSGenerateDataKeyWithoutPlaintextResponseSwift
class AWSKMSGenerateDataKeyWithoutPlaintextResponse -
Declaration
Objective-C
@interface AWSKMSGenerateRandomRequestSwift
class AWSKMSGenerateRandomRequest -
Declaration
Objective-C
@interface AWSKMSGenerateRandomResponseSwift
class AWSKMSGenerateRandomResponse -
Declaration
Objective-C
@interface AWSKMSGetKeyPolicyRequestSwift
class AWSKMSGetKeyPolicyRequest -
Declaration
Objective-C
@interface AWSKMSGetKeyPolicyResponseSwift
class AWSKMSGetKeyPolicyResponse -
Declaration
Objective-C
@interface AWSKMSGetKeyRotationStatusRequestSwift
class AWSKMSGetKeyRotationStatusRequest -
Declaration
Objective-C
@interface AWSKMSGetKeyRotationStatusResponseSwift
class AWSKMSGetKeyRotationStatusResponse -
Declaration
Objective-C
@interface AWSKMSGetParametersForImportRequestSwift
class AWSKMSGetParametersForImportRequest -
Declaration
Objective-C
@interface AWSKMSGetParametersForImportResponseSwift
class AWSKMSGetParametersForImportResponse -
Declaration
Objective-C
@interface AWSKMSGetPublicKeyRequestSwift
class AWSKMSGetPublicKeyRequest -
Declaration
Objective-C
@interface AWSKMSGetPublicKeyResponseSwift
class AWSKMSGetPublicKeyResponse -
Use this structure to allow cryptographic operations in the grant only when the operation request includes the specified encryption context.
AWS KMS applies the grant constraints only to cryptographic operations that support an encryption context, that is, all cryptographic operations with a symmetric CMK. Grant constraints are not applied to operations that do not support an encryption context, such as cryptographic operations with asymmetric CMKs and management operations, such as DescribeKey or ScheduleKeyDeletion.
In a cryptographic operation, the encryption context in the decryption operation must be an exact, case-sensitive match for the keys and values in the encryption context of the encryption operation. Only the order of the pairs can vary.
However, in a grant constraint, the key in each key-value pair is not case sensitive, but the value is case sensitive.
To avoid confusion, do not use multiple encryption context pairs that differ only by case. To require a fully case-sensitive encryption context, use the
kms:EncryptionContext:andkms:EncryptionContextKeysconditions in an IAM or key policy. For details, see kms:EncryptionContext: in the AWS Key Management Service Developer Guide.Declaration
Objective-C
@interface AWSKMSGrantConstraintsSwift
class AWSKMSGrantConstraints -
Contains information about a grant.
See moreDeclaration
Objective-C
@interface AWSKMSGrantListEntrySwift
class AWSKMSGrantListEntry -
Declaration
Objective-C
@interface AWSKMSImportKeyMaterialRequestSwift
class AWSKMSImportKeyMaterialRequest -
Declaration
Objective-C
@interface AWSKMSImportKeyMaterialResponseSwift
class AWSKMSImportKeyMaterialResponse -
Contains information about each entry in the key list.
See moreDeclaration
Objective-C
@interface AWSKMSKeyListEntrySwift
class AWSKMSKeyListEntry -
Contains metadata about a customer master key (CMK).
This data type is used as a response element for the CreateKey and DescribeKey operations.
Required parameters: [KeyId]
See moreDeclaration
Objective-C
@interface AWSKMSKeyMetadataSwift
class AWSKMSKeyMetadata -
Declaration
Objective-C
@interface AWSKMSListAliasesRequestSwift
class AWSKMSListAliasesRequest -
Declaration
Objective-C
@interface AWSKMSListAliasesResponseSwift
class AWSKMSListAliasesResponse -
Declaration
Objective-C
@interface AWSKMSListGrantsRequestSwift
class AWSKMSListGrantsRequest -
Declaration
Objective-C
@interface AWSKMSListGrantsResponseSwift
class AWSKMSListGrantsResponse -
Declaration
Objective-C
@interface AWSKMSListKeyPoliciesRequestSwift
class AWSKMSListKeyPoliciesRequest -
Declaration
Objective-C
@interface AWSKMSListKeyPoliciesResponseSwift
class AWSKMSListKeyPoliciesResponse -
Declaration
Objective-C
@interface AWSKMSListKeysRequestSwift
class AWSKMSListKeysRequest -
Declaration
Objective-C
@interface AWSKMSListKeysResponseSwift
class AWSKMSListKeysResponse -
Declaration
Objective-C
@interface AWSKMSListResourceTagsRequestSwift
class AWSKMSListResourceTagsRequest -
Declaration
Objective-C
@interface AWSKMSListResourceTagsResponseSwift
class AWSKMSListResourceTagsResponse -
Declaration
Objective-C
@interface AWSKMSListRetirableGrantsRequestSwift
class AWSKMSListRetirableGrantsRequest -
Declaration
Objective-C
@interface AWSKMSPutKeyPolicyRequestSwift
class AWSKMSPutKeyPolicyRequest -
Declaration
Objective-C
@interface AWSKMSReEncryptRequestSwift
class AWSKMSReEncryptRequest -
Declaration
Objective-C
@interface AWSKMSReEncryptResponseSwift
class AWSKMSReEncryptResponse -
Declaration
Objective-C
@interface AWSKMSRetireGrantRequestSwift
class AWSKMSRetireGrantRequest -
Declaration
Objective-C
@interface AWSKMSRevokeGrantRequestSwift
class AWSKMSRevokeGrantRequest -
Declaration
Objective-C
@interface AWSKMSScheduleKeyDeletionRequestSwift
class AWSKMSScheduleKeyDeletionRequest -
Declaration
Objective-C
@interface AWSKMSScheduleKeyDeletionResponseSwift
class AWSKMSScheduleKeyDeletionResponse -
Declaration
Objective-C
@interface AWSKMSSignRequestSwift
class AWSKMSSignRequest -
Declaration
Objective-C
@interface AWSKMSSignResponseSwift
class AWSKMSSignResponse -
A key-value pair. A tag consists of a tag key and a tag value. Tag keys and tag values are both required, but tag values can be empty (null) strings.
For information about the rules that apply to tag keys and tag values, see User-Defined Tag Restrictions in the AWS Billing and Cost Management User Guide.
Required parameters: [TagKey, TagValue]
See moreDeclaration
Objective-C
@interface AWSKMSTagSwift
class AWSKMSTag -
Declaration
Objective-C
@interface AWSKMSTagResourceRequestSwift
class AWSKMSTagResourceRequest -
Declaration
Objective-C
@interface AWSKMSUntagResourceRequestSwift
class AWSKMSUntagResourceRequest -
Declaration
Objective-C
@interface AWSKMSUpdateAliasRequestSwift
class AWSKMSUpdateAliasRequest -
Declaration
Objective-C
@interface AWSKMSUpdateCustomKeyStoreRequestSwift
class AWSKMSUpdateCustomKeyStoreRequest -
Declaration
Objective-C
@interface AWSKMSUpdateCustomKeyStoreResponseSwift
class AWSKMSUpdateCustomKeyStoreResponse -
Declaration
Objective-C
@interface AWSKMSUpdateKeyDescriptionRequestSwift
class AWSKMSUpdateKeyDescriptionRequest -
Declaration
Objective-C
@interface AWSKMSVerifyRequestSwift
class AWSKMSVerifyRequest -
Declaration
Objective-C
@interface AWSKMSVerifyResponseSwift
class AWSKMSVerifyResponse -
Undocumented
See moreDeclaration
Objective-C
@interface AWSKMSResources : NSObject + (instancetype)sharedInstance; - (NSDictionary *)JSONObject; @endSwift
class AWSKMSResources : NSObject -
AWS Key Management Service AWS Key Management Service (AWS KMS) is an encryption and key management web service. This guide describes the AWS KMS operations that you can call programmatically. For general information about AWS KMS, see the AWS Key Management Service Developer Guide.
AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to AWS KMS and other AWS services. For example, the SDKs take care of tasks such as signing requests (see below), managing errors, and retrying requests automatically. For more information about the AWS SDKs, including how to download and install them, see Tools for Amazon Web Services.
We recommend that you use the AWS SDKs to make programmatic API calls to AWS KMS.
Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS 1.2. Clients must also support cipher suites with Perfect Forward Secrecy (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support these modes.
Signing Requests
Requests must be signed by using an access key ID and a secret access key. We strongly recommend that you do not use your AWS account (root) access key ID and secret key for everyday work with AWS KMS. Instead, use the access key ID and secret access key for an IAM user. You can also use the AWS Security Token Service to generate temporary security credentials that you can use to sign requests.
All AWS KMS operations require Signature Version 4.
Logging API Requests
AWS KMS supports AWS CloudTrail, a service that logs AWS API calls and related events for your AWS account and delivers them to an Amazon S3 bucket that you specify. By using the information collected by CloudTrail, you can determine what requests were made to AWS KMS, who made the request, when it was made, and so on. To learn more about CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User Guide.
Additional Resources
For more information about credentials and request signing, see the following:
AWS Security Credentials - This topic provides general information about the types of credentials used for accessing AWS.
Temporary Security Credentials - This section of the IAM User Guide describes how to create and use temporary security credentials.
Signature Version 4 Signing Process - This set of topics walks you through the process of signing a request using an access key ID and a secret access key.
Commonly Used API Operations
Of the API operations discussed in this guide, the following will prove the most useful for most applications. You will likely perform operations other than these, such as creating keys and assigning policies, by using the console.
See moreDeclaration
Objective-C
@interface AWSKMSSwift
class AWSKMS