| Copyright | (c) 2013-2021 Brendan Hay |
|---|---|
| License | Mozilla Public License, v. 2.0. |
| Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
| Stability | auto-generated |
| Portability | non-portable (GHC extensions) |
| Safe Haskell | None |
Amazonka.KMS.GetParametersForImport
Description
Returns the items you need to import key material into a symmetric, customer managed KMS key. For more information about importing key material into KMS, see Importing Key Material in the Key Management Service Developer Guide.
This operation returns a public key and an import token. Use the public key to encrypt the symmetric key material. Store the import token to send with a subsequent ImportKeyMaterial request.
You must specify the key ID of the symmetric KMS key into which you will
import key material. This KMS key's Origin must be EXTERNAL. You
must also specify the wrapping algorithm and type of wrapping key
(public key) that you will use to encrypt the key material. You cannot
perform this operation on an asymmetric KMS key or on any KMS key in a
different Amazon Web Services account.
To import key material, you must use the public key and import token
from the same response. These items are valid for 24 hours. The
expiration date and time appear in the GetParametersForImport
response. You cannot use an expired token in an ImportKeyMaterial
request. If your key and token expire, send another
GetParametersForImport request.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:GetParametersForImport (key policy)
Related operations:
- ImportKeyMaterial
- DeleteImportedKeyMaterial
Synopsis
- data GetParametersForImport = GetParametersForImport' {}
- newGetParametersForImport :: Text -> AlgorithmSpec -> WrappingKeySpec -> GetParametersForImport
- getParametersForImport_keyId :: Lens' GetParametersForImport Text
- getParametersForImport_wrappingAlgorithm :: Lens' GetParametersForImport AlgorithmSpec
- getParametersForImport_wrappingKeySpec :: Lens' GetParametersForImport WrappingKeySpec
- data GetParametersForImportResponse = GetParametersForImportResponse' {
- keyId :: Maybe Text
- publicKey :: Maybe (Sensitive Base64)
- parametersValidTo :: Maybe POSIX
- importToken :: Maybe Base64
- httpStatus :: Int
- newGetParametersForImportResponse :: Int -> GetParametersForImportResponse
- getParametersForImportResponse_keyId :: Lens' GetParametersForImportResponse (Maybe Text)
- getParametersForImportResponse_publicKey :: Lens' GetParametersForImportResponse (Maybe ByteString)
- getParametersForImportResponse_parametersValidTo :: Lens' GetParametersForImportResponse (Maybe UTCTime)
- getParametersForImportResponse_importToken :: Lens' GetParametersForImportResponse (Maybe ByteString)
- getParametersForImportResponse_httpStatus :: Lens' GetParametersForImportResponse Int
Creating a Request
data GetParametersForImport Source #
See: newGetParametersForImport smart constructor.
Constructors
| GetParametersForImport' | |
Fields
| |
Instances
newGetParametersForImport Source #
Arguments
| :: Text | |
| -> AlgorithmSpec | |
| -> WrappingKeySpec | |
| -> GetParametersForImport |
Create a value of GetParametersForImport with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:keyId:GetParametersForImport', getParametersForImport_keyId - The identifier of the symmetric KMS key into which you will import key
material. The Origin of the KMS key must be EXTERNAL.
Specify the key ID or key ARN of the KMS key.
For example:
- Key ID:
1234abcd-12ab-34cd-56ef-1234567890ab - Key ARN:
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
$sel:wrappingAlgorithm:GetParametersForImport', getParametersForImport_wrappingAlgorithm - The algorithm you will use to encrypt the key material before importing
it with ImportKeyMaterial. For more information, see
Encrypt the Key Material
in the Key Management Service Developer Guide.
$sel:wrappingKeySpec:GetParametersForImport', getParametersForImport_wrappingKeySpec - The type of wrapping key (public key) to return in the response. Only
2048-bit RSA public keys are supported.
Request Lenses
getParametersForImport_keyId :: Lens' GetParametersForImport Text Source #
The identifier of the symmetric KMS key into which you will import key
material. The Origin of the KMS key must be EXTERNAL.
Specify the key ID or key ARN of the KMS key.
For example:
- Key ID:
1234abcd-12ab-34cd-56ef-1234567890ab - Key ARN:
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
getParametersForImport_wrappingAlgorithm :: Lens' GetParametersForImport AlgorithmSpec Source #
The algorithm you will use to encrypt the key material before importing it with ImportKeyMaterial. For more information, see Encrypt the Key Material in the Key Management Service Developer Guide.
getParametersForImport_wrappingKeySpec :: Lens' GetParametersForImport WrappingKeySpec Source #
The type of wrapping key (public key) to return in the response. Only 2048-bit RSA public keys are supported.
Destructuring the Response
data GetParametersForImportResponse Source #
See: newGetParametersForImportResponse smart constructor.
Constructors
| GetParametersForImportResponse' | |
Fields
| |
Instances
newGetParametersForImportResponse Source #
Create a value of GetParametersForImportResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:keyId:GetParametersForImport', getParametersForImportResponse_keyId - The Amazon Resource Name
(key ARN)
of the KMS key to use in a subsequent ImportKeyMaterial request. This is
the same KMS key specified in the GetParametersForImport request.
$sel:publicKey:GetParametersForImportResponse', getParametersForImportResponse_publicKey - The public key to use to encrypt the key material before importing it
with ImportKeyMaterial.--
-- Note: This Lens automatically encodes and decodes Base64 data.
-- The underlying isomorphism will encode to Base64 representation during
-- serialisation, and decode from Base64 representation during deserialisation.
-- This Lens accepts and returns only raw unencoded data.
$sel:parametersValidTo:GetParametersForImportResponse', getParametersForImportResponse_parametersValidTo - The time at which the import token and public key are no longer valid.
After this time, you cannot use them to make an ImportKeyMaterial
request and you must send another GetParametersForImport request to
get new ones.
$sel:importToken:GetParametersForImportResponse', getParametersForImportResponse_importToken - The import token to send in a subsequent ImportKeyMaterial request.--
-- Note: This Lens automatically encodes and decodes Base64 data.
-- The underlying isomorphism will encode to Base64 representation during
-- serialisation, and decode from Base64 representation during deserialisation.
-- This Lens accepts and returns only raw unencoded data.
$sel:httpStatus:GetParametersForImportResponse', getParametersForImportResponse_httpStatus - The response's http status code.
Response Lenses
getParametersForImportResponse_keyId :: Lens' GetParametersForImportResponse (Maybe Text) Source #
The Amazon Resource Name
(key ARN)
of the KMS key to use in a subsequent ImportKeyMaterial request. This is
the same KMS key specified in the GetParametersForImport request.
getParametersForImportResponse_publicKey :: Lens' GetParametersForImportResponse (Maybe ByteString) Source #
The public key to use to encrypt the key material before importing it
with ImportKeyMaterial.--
-- Note: This Lens automatically encodes and decodes Base64 data.
-- The underlying isomorphism will encode to Base64 representation during
-- serialisation, and decode from Base64 representation during deserialisation.
-- This Lens accepts and returns only raw unencoded data.
getParametersForImportResponse_parametersValidTo :: Lens' GetParametersForImportResponse (Maybe UTCTime) Source #
The time at which the import token and public key are no longer valid.
After this time, you cannot use them to make an ImportKeyMaterial
request and you must send another GetParametersForImport request to
get new ones.
getParametersForImportResponse_importToken :: Lens' GetParametersForImportResponse (Maybe ByteString) Source #
The import token to send in a subsequent ImportKeyMaterial request.--
-- Note: This Lens automatically encodes and decodes Base64 data.
-- The underlying isomorphism will encode to Base64 representation during
-- serialisation, and decode from Base64 representation during deserialisation.
-- This Lens accepts and returns only raw unencoded data.
getParametersForImportResponse_httpStatus :: Lens' GetParametersForImportResponse Int Source #
The response's http status code.