/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include #include #include #include namespace Aws { namespace KMS { namespace Model { /** */ class GenerateDataKeyPairRequest : public KMSRequest { public: AWS_KMS_API GenerateDataKeyPairRequest(); // Service request name is the Operation name which will send this request out, // each operation should has unique request name, so that we can get operation's name from this request. // Note: this is not true for response, multiple operations may have the same response name, // so we can not get operation's name from response. inline virtual const char* GetServiceRequestName() const override { return "GenerateDataKeyPair"; } AWS_KMS_API Aws::String SerializePayload() const override; AWS_KMS_API Aws::Http::HeaderValueCollection GetRequestSpecificHeaders() const override; /** *

Specifies the encryption context that will be used when encrypting the * private key in the data key pair.

Do not include confidential * or sensitive information in this field. This field may be displayed in plaintext * in CloudTrail logs and other output.

An encryption * context is a collection of non-secret key-value pairs that represent * additional authenticated data. When you use an encryption context to encrypt * data, you must specify the same (an exact case-sensitive match) encryption * context to decrypt the data. An encryption context is supported only on * operations with symmetric encryption KMS keys. On operations with symmetric * encryption KMS keys, an encryption context is optional, but it is strongly * recommended.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline const Aws::Map& GetEncryptionContext() const{ return m_encryptionContext; } /** *

Specifies the encryption context that will be used when encrypting the * private key in the data key pair.

Do not include confidential * or sensitive information in this field. This field may be displayed in plaintext * in CloudTrail logs and other output.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline bool EncryptionContextHasBeenSet() const { return m_encryptionContextHasBeenSet; } /** *

Specifies the encryption context that will be used when encrypting the * private key in the data key pair.

Do not include confidential * or sensitive information in this field. This field may be displayed in plaintext * in CloudTrail logs and other output.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline void SetEncryptionContext(const Aws::Map& value) { m_encryptionContextHasBeenSet = true; m_encryptionContext = value; } /** *

Specifies the encryption context that will be used when encrypting the * private key in the data key pair.

Do not include confidential * or sensitive information in this field. This field may be displayed in plaintext * in CloudTrail logs and other output.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline void SetEncryptionContext(Aws::Map&& value) { m_encryptionContextHasBeenSet = true; m_encryptionContext = std::move(value); } /** *

Specifies the encryption context that will be used when encrypting the * private key in the data key pair.

Do not include confidential * or sensitive information in this field. This field may be displayed in plaintext * in CloudTrail logs and other output.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline GenerateDataKeyPairRequest& WithEncryptionContext(const Aws::Map& value) { SetEncryptionContext(value); return *this;} /** *

Specifies the encryption context that will be used when encrypting the * private key in the data key pair.

Do not include confidential * or sensitive information in this field. This field may be displayed in plaintext * in CloudTrail logs and other output.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline GenerateDataKeyPairRequest& WithEncryptionContext(Aws::Map&& value) { SetEncryptionContext(std::move(value)); return *this;} /** *

Specifies the encryption context that will be used when encrypting the * private key in the data key pair.

Do not include confidential * or sensitive information in this field. This field may be displayed in plaintext * in CloudTrail logs and other output.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline GenerateDataKeyPairRequest& AddEncryptionContext(const Aws::String& key, const Aws::String& value) { m_encryptionContextHasBeenSet = true; m_encryptionContext.emplace(key, value); return *this; } /** *

Specifies the encryption context that will be used when encrypting the * private key in the data key pair.

Do not include confidential * or sensitive information in this field. This field may be displayed in plaintext * in CloudTrail logs and other output.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline GenerateDataKeyPairRequest& AddEncryptionContext(Aws::String&& key, const Aws::String& value) { m_encryptionContextHasBeenSet = true; m_encryptionContext.emplace(std::move(key), value); return *this; } /** *

Specifies the encryption context that will be used when encrypting the * private key in the data key pair.

Do not include confidential * or sensitive information in this field. This field may be displayed in plaintext * in CloudTrail logs and other output.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline GenerateDataKeyPairRequest& AddEncryptionContext(const Aws::String& key, Aws::String&& value) { m_encryptionContextHasBeenSet = true; m_encryptionContext.emplace(key, std::move(value)); return *this; } /** *

Specifies the encryption context that will be used when encrypting the * private key in the data key pair.

Do not include confidential * or sensitive information in this field. This field may be displayed in plaintext * in CloudTrail logs and other output.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline GenerateDataKeyPairRequest& AddEncryptionContext(Aws::String&& key, Aws::String&& value) { m_encryptionContextHasBeenSet = true; m_encryptionContext.emplace(std::move(key), std::move(value)); return *this; } /** *

Specifies the encryption context that will be used when encrypting the * private key in the data key pair.

Do not include confidential * or sensitive information in this field. This field may be displayed in plaintext * in CloudTrail logs and other output.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline GenerateDataKeyPairRequest& AddEncryptionContext(const char* key, Aws::String&& value) { m_encryptionContextHasBeenSet = true; m_encryptionContext.emplace(key, std::move(value)); return *this; } /** *

Specifies the encryption context that will be used when encrypting the * private key in the data key pair.

Do not include confidential * or sensitive information in this field. This field may be displayed in plaintext * in CloudTrail logs and other output.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline GenerateDataKeyPairRequest& AddEncryptionContext(Aws::String&& key, const char* value) { m_encryptionContextHasBeenSet = true; m_encryptionContext.emplace(std::move(key), value); return *this; } /** *

Specifies the encryption context that will be used when encrypting the * private key in the data key pair.

Do not include confidential * or sensitive information in this field. This field may be displayed in plaintext * in CloudTrail logs and other output.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline GenerateDataKeyPairRequest& AddEncryptionContext(const char* key, const char* value) { m_encryptionContextHasBeenSet = true; m_encryptionContext.emplace(key, value); return *this; } /** *

Specifies the symmetric encryption KMS key that encrypts the private key in * the data key pair. You cannot specify an asymmetric KMS key or a KMS key in a * custom key store. To get the type and origin of your KMS key, use the * DescribeKey operation.

To specify a KMS key, use its key ID, key * ARN, alias name, or alias ARN. When using an alias name, prefix it with * "alias/". To specify a KMS key in a different Amazon Web Services * account, you must use the key ARN or alias ARN.

For example:

Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
Alias name: alias/ExampleAlias
*
Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. To get the alias name and alias ARN, use * ListAliases.

*/ inline const Aws::String& GetKeyId() const{ return m_keyId; } /** *

For example:

Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
Alias name: alias/ExampleAlias
*
Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. To get the alias name and alias ARN, use * ListAliases.

*/ inline bool KeyIdHasBeenSet() const { return m_keyIdHasBeenSet; } /** *

For example:

Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
Alias name: alias/ExampleAlias
*
Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. To get the alias name and alias ARN, use * ListAliases.

*/ inline void SetKeyId(const Aws::String& value) { m_keyIdHasBeenSet = true; m_keyId = value; } /** *

For example:

Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
Alias name: alias/ExampleAlias
*
Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. To get the alias name and alias ARN, use * ListAliases.

*/ inline void SetKeyId(Aws::String&& value) { m_keyIdHasBeenSet = true; m_keyId = std::move(value); } /** *

For example:

Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
Alias name: alias/ExampleAlias
*
Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. To get the alias name and alias ARN, use * ListAliases.

*/ inline void SetKeyId(const char* value) { m_keyIdHasBeenSet = true; m_keyId.assign(value); } /** *

For example:

Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
Alias name: alias/ExampleAlias
*
Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. To get the alias name and alias ARN, use * ListAliases.

*/ inline GenerateDataKeyPairRequest& WithKeyId(const Aws::String& value) { SetKeyId(value); return *this;} /** *

For example:

Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
Alias name: alias/ExampleAlias
*
Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. To get the alias name and alias ARN, use * ListAliases.

*/ inline GenerateDataKeyPairRequest& WithKeyId(Aws::String&& value) { SetKeyId(std::move(value)); return *this;} /** *

For example:

Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
Alias name: alias/ExampleAlias
*
Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. To get the alias name and alias ARN, use * ListAliases.

*/ inline GenerateDataKeyPairRequest& WithKeyId(const char* value) { SetKeyId(value); return *this;} /** *

Determines the type of data key pair that is generated.

The KMS rule * that restricts the use of asymmetric RSA and SM2 KMS keys to encrypt and decrypt * or to sign and verify (but not both), and the rule that permits you to use ECC * KMS keys only to sign and verify, are not effective on data key pairs, which are * used outside of KMS. The SM2 key spec is only available in China Regions.

*/ inline const DataKeyPairSpec& GetKeyPairSpec() const{ return m_keyPairSpec; } /** *

Determines the type of data key pair that is generated.

*/ inline bool KeyPairSpecHasBeenSet() const { return m_keyPairSpecHasBeenSet; } /** *

Determines the type of data key pair that is generated.

*/ inline void SetKeyPairSpec(const DataKeyPairSpec& value) { m_keyPairSpecHasBeenSet = true; m_keyPairSpec = value; } /** *

Determines the type of data key pair that is generated.

*/ inline void SetKeyPairSpec(DataKeyPairSpec&& value) { m_keyPairSpecHasBeenSet = true; m_keyPairSpec = std::move(value); } /** *

Determines the type of data key pair that is generated.

*/ inline GenerateDataKeyPairRequest& WithKeyPairSpec(const DataKeyPairSpec& value) { SetKeyPairSpec(value); return *this;} /** *

Determines the type of data key pair that is generated.

*/ inline GenerateDataKeyPairRequest& WithKeyPairSpec(DataKeyPairSpec&& value) { SetKeyPairSpec(std::move(value)); return *this;} /** *

A list of grant tokens.

Use a grant token when your permission to call * this operation comes from a new grant that has not yet achieved eventual * consistency. For more information, see Grant * token and Using * a grant token in the Key Management Service Developer Guide.

*/ inline const Aws::Vector& GetGrantTokens() const{ return m_grantTokens; } /** *

A list of grant tokens.

*/ inline bool GrantTokensHasBeenSet() const { return m_grantTokensHasBeenSet; } /** *

A list of grant tokens.

*/ inline void SetGrantTokens(const Aws::Vector& value) { m_grantTokensHasBeenSet = true; m_grantTokens = value; } /** *

A list of grant tokens.

*/ inline void SetGrantTokens(Aws::Vector&& value) { m_grantTokensHasBeenSet = true; m_grantTokens = std::move(value); } /** *

A list of grant tokens.

*/ inline GenerateDataKeyPairRequest& WithGrantTokens(const Aws::Vector& value) { SetGrantTokens(value); return *this;} /** *

A list of grant tokens.

*/ inline GenerateDataKeyPairRequest& WithGrantTokens(Aws::Vector&& value) { SetGrantTokens(std::move(value)); return *this;} /** *

A list of grant tokens.

*/ inline GenerateDataKeyPairRequest& AddGrantTokens(const Aws::String& value) { m_grantTokensHasBeenSet = true; m_grantTokens.push_back(value); return *this; } /** *

A list of grant tokens.

*/ inline GenerateDataKeyPairRequest& AddGrantTokens(Aws::String&& value) { m_grantTokensHasBeenSet = true; m_grantTokens.push_back(std::move(value)); return *this; } /** *

A list of grant tokens.

*/ inline GenerateDataKeyPairRequest& AddGrantTokens(const char* value) { m_grantTokensHasBeenSet = true; m_grantTokens.push_back(value); return *this; } /** *

A signed attestation * document from an Amazon Web Services Nitro enclave and the encryption * algorithm to use with the enclave's public key. The only valid encryption * algorithm is RSAES_OAEP_SHA_256.

This parameter only * supports attestation documents for Amazon Web Services Nitro Enclaves. To * include this parameter, use the Amazon * Web Services Nitro Enclaves SDK or any Amazon Web Services SDK.

When * you use this parameter, instead of returning a plaintext copy of the private * data key, KMS encrypts the plaintext private data key under the public key in * the attestation document, and returns the resulting ciphertext in the * CiphertextForRecipient field in the response. This ciphertext can * be decrypted only with the private key in the enclave. The * CiphertextBlob field in the response contains a copy of the private * data key encrypted under the KMS key specified by the KeyId * parameter. The PrivateKeyPlaintext field in the response is null or * empty.

For information about the interaction between KMS and Amazon Web * Services Nitro Enclaves, see How * Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service * Developer Guide.

*/ inline const RecipientInfo& GetRecipient() const{ return m_recipient; } /** *

For information about the interaction between KMS and Amazon Web * Services Nitro Enclaves, see How * Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service * Developer Guide.

*/ inline bool RecipientHasBeenSet() const { return m_recipientHasBeenSet; } /** *

For information about the interaction between KMS and Amazon Web * Services Nitro Enclaves, see How * Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service * Developer Guide.

*/ inline void SetRecipient(const RecipientInfo& value) { m_recipientHasBeenSet = true; m_recipient = value; } /** *

For information about the interaction between KMS and Amazon Web * Services Nitro Enclaves, see How * Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service * Developer Guide.

*/ inline void SetRecipient(RecipientInfo&& value) { m_recipientHasBeenSet = true; m_recipient = std::move(value); } /** *

For information about the interaction between KMS and Amazon Web * Services Nitro Enclaves, see How * Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service * Developer Guide.

*/ inline GenerateDataKeyPairRequest& WithRecipient(const RecipientInfo& value) { SetRecipient(value); return *this;} /** *

For information about the interaction between KMS and Amazon Web * Services Nitro Enclaves, see How * Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service * Developer Guide.

*/ inline GenerateDataKeyPairRequest& WithRecipient(RecipientInfo&& value) { SetRecipient(std::move(value)); return *this;} /** *

Checks if your request will succeed. DryRun is an optional * parameter.

To learn more about how to use this parameter, see Testing * your KMS API calls in the Key Management Service Developer Guide.

*/ inline bool GetDryRun() const{ return m_dryRun; } /** *

Checks if your request will succeed. DryRun is an optional * parameter.

To learn more about how to use this parameter, see Testing * your KMS API calls in the Key Management Service Developer Guide.

*/ inline bool DryRunHasBeenSet() const { return m_dryRunHasBeenSet; } /** *

Checks if your request will succeed. DryRun is an optional * parameter.

To learn more about how to use this parameter, see Testing * your KMS API calls in the Key Management Service Developer Guide.

*/ inline void SetDryRun(bool value) { m_dryRunHasBeenSet = true; m_dryRun = value; } /** *

Checks if your request will succeed. DryRun is an optional * parameter.

To learn more about how to use this parameter, see Testing * your KMS API calls in the Key Management Service Developer Guide.

*/ inline GenerateDataKeyPairRequest& WithDryRun(bool value) { SetDryRun(value); return *this;} private: Aws::Map m_encryptionContext; bool m_encryptionContextHasBeenSet = false; Aws::String m_keyId; bool m_keyIdHasBeenSet = false; DataKeyPairSpec m_keyPairSpec; bool m_keyPairSpecHasBeenSet = false; Aws::Vector m_grantTokens; bool m_grantTokensHasBeenSet = false; RecipientInfo m_recipient; bool m_recipientHasBeenSet = false; bool m_dryRun; bool m_dryRunHasBeenSet = false; }; } // namespace Model } // namespace KMS } // namespace Aws