{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.KMS.GenerateDataKey
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Generates a unique symmetric data key for client-side encryption. This
-- operation returns a plaintext copy of the data key and a copy that is
-- encrypted under a KMS key that you specify. You can use the plaintext
-- key to encrypt your data outside of KMS and store the encrypted data key
-- with the encrypted data.
--
-- @GenerateDataKey@ returns a unique data key for each request. The bytes
-- in the plaintext key are not related to the caller or the KMS key.
--
-- To generate a data key, specify the symmetric KMS key that will be used
-- to encrypt the data key. You cannot use an asymmetric KMS key to
-- generate data keys. To get the type of your KMS key, use the DescribeKey
-- operation. You must also specify the length of the data key. Use either
-- the @KeySpec@ or @NumberOfBytes@ parameters (but not both). For 128-bit
-- and 256-bit data keys, use the @KeySpec@ parameter.
--
-- To get only an encrypted copy of the data key, use
-- GenerateDataKeyWithoutPlaintext. To generate an asymmetric data key
-- pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext
-- operation. To get a cryptographically secure random byte string, use
-- GenerateRandom.
--
-- You can use the optional encryption context to add additional security
-- to the encryption operation. If you specify an @EncryptionContext@, you
-- must specify the same encryption context (a case-sensitive exact match)
-- when decrypting the encrypted data key. Otherwise, the request to
-- decrypt fails with an @InvalidCiphertextException@. For more
-- information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption Context>
-- in the /Key Management Service Developer Guide/.
--
-- Applications in Amazon Web Services Nitro Enclaves can call this
-- operation by using the
-- <https://github.com/aws/aws-nitro-enclaves-sdk-c Amazon Web Services Nitro Enclaves Development Kit>.
-- For information about the supporting parameters, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html How Amazon Web Services Nitro Enclaves use KMS>
-- in the /Key Management Service Developer Guide/.
--
-- The KMS key that you use for this operation must be in a compatible key
-- state. For details, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key state: Effect on your KMS key>
-- in the /Key Management Service Developer Guide/.
--
-- __How to use your data key__
--
-- We recommend that you use the following pattern to encrypt data locally
-- in your application. You can write your own code or use a client-side
-- encryption library, such as the
-- <https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/ Amazon Web Services Encryption SDK>,
-- the
-- <https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/ Amazon DynamoDB Encryption Client>,
-- or
-- <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html Amazon S3 client-side encryption>
-- to do these tasks for you.
--
-- To encrypt data outside of KMS:
--
-- 1.  Use the @GenerateDataKey@ operation to get a data key.
--
-- 2.  Use the plaintext data key (in the @Plaintext@ field of the
--     response) to encrypt your data outside of KMS. Then erase the
--     plaintext data key from memory.
--
-- 3.  Store the encrypted data key (in the @CiphertextBlob@ field of the
--     response) with the encrypted data.
--
-- To decrypt data outside of KMS:
--
-- 1.  Use the Decrypt operation to decrypt the encrypted data key. The
--     operation returns a plaintext copy of the data key.
--
-- 2.  Use the plaintext data key to decrypt data outside of KMS, then
--     erase the plaintext data key from memory.
--
-- __Cross-account use__: Yes. To perform this operation with a KMS key in
-- a different Amazon Web Services account, specify the key ARN or alias
-- ARN in the value of the @KeyId@ parameter.
--
-- __Required permissions__:
-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:GenerateDataKey>
-- (key policy)
--
-- __Related operations:__
--
-- -   Decrypt
--
-- -   Encrypt
--
-- -   GenerateDataKeyPair
--
-- -   GenerateDataKeyPairWithoutPlaintext
--
-- -   GenerateDataKeyWithoutPlaintext
module Amazonka.KMS.GenerateDataKey
  ( -- * Creating a Request
    GenerateDataKey (..),
    newGenerateDataKey,

    -- * Request Lenses
    generateDataKey_keySpec,
    generateDataKey_encryptionContext,
    generateDataKey_numberOfBytes,
    generateDataKey_grantTokens,
    generateDataKey_keyId,

    -- * Destructuring the Response
    GenerateDataKeyResponse (..),
    newGenerateDataKeyResponse,

    -- * Response Lenses
    generateDataKeyResponse_httpStatus,
    generateDataKeyResponse_keyId,
    generateDataKeyResponse_plaintext,
    generateDataKeyResponse_ciphertextBlob,
  )
where

import qualified Amazonka.Core as Core
import Amazonka.KMS.Types
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newGenerateDataKey' smart constructor.
data GenerateDataKey = GenerateDataKey'
  { -- | Specifies the length of the data key. Use @AES_128@ to generate a
    -- 128-bit symmetric key, or @AES_256@ to generate a 256-bit symmetric key.
    --
    -- You must specify either the @KeySpec@ or the @NumberOfBytes@ parameter
    -- (but not both) in every @GenerateDataKey@ request.
    GenerateDataKey -> Maybe DataKeySpec
keySpec :: Prelude.Maybe DataKeySpec,
    -- | Specifies the encryption context that will be used when encrypting the
    -- data key.
    --
    -- An /encryption context/ is a collection of non-secret key-value pairs
    -- that represents additional authenticated data. When you use an
    -- encryption context to encrypt data, you must specify the same (an exact
    -- case-sensitive match) encryption context to decrypt the data. An
    -- encryption context is optional when encrypting with a symmetric KMS key,
    -- but it is highly recommended.
    --
    -- For more information, see
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption Context>
    -- in the /Key Management Service Developer Guide/.
    GenerateDataKey -> Maybe (HashMap Text Text)
encryptionContext :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
    -- | Specifies the length of the data key in bytes. For example, use the
    -- value 64 to generate a 512-bit data key (64 bytes is 512 bits). For
    -- 128-bit (16-byte) and 256-bit (32-byte) data keys, use the @KeySpec@
    -- parameter.
    --
    -- You must specify either the @KeySpec@ or the @NumberOfBytes@ parameter
    -- (but not both) in every @GenerateDataKey@ request.
    GenerateDataKey -> Maybe Natural
numberOfBytes :: Prelude.Maybe Prelude.Natural,
    -- | A list of grant tokens.
    --
    -- Use a grant token when your permission to call this operation comes from
    -- a new grant that has not yet achieved /eventual consistency/. For more
    -- information, see
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>
    -- and
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>
    -- in the /Key Management Service Developer Guide/.
    GenerateDataKey -> Maybe [Text]
grantTokens :: Prelude.Maybe [Prelude.Text],
    -- | Identifies the symmetric KMS key that encrypts the data key.
    --
    -- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.
    -- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS
    -- key in a different Amazon Web Services account, you must use the key ARN
    -- or alias ARN.
    --
    -- For example:
    --
    -- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
    --
    -- -   Key ARN:
    --     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
    --
    -- -   Alias name: @alias\/ExampleAlias@
    --
    -- -   Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@
    --
    -- To get the key ID and key ARN for a KMS key, use ListKeys or
    -- DescribeKey. To get the alias name and alias ARN, use ListAliases.
    GenerateDataKey -> Text
keyId :: Prelude.Text
  }
  deriving (GenerateDataKey -> GenerateDataKey -> Bool
(GenerateDataKey -> GenerateDataKey -> Bool)
-> (GenerateDataKey -> GenerateDataKey -> Bool)
-> Eq GenerateDataKey
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: GenerateDataKey -> GenerateDataKey -> Bool
$c/= :: GenerateDataKey -> GenerateDataKey -> Bool
== :: GenerateDataKey -> GenerateDataKey -> Bool
$c== :: GenerateDataKey -> GenerateDataKey -> Bool
Prelude.Eq, ReadPrec [GenerateDataKey]
ReadPrec GenerateDataKey
Int -> ReadS GenerateDataKey
ReadS [GenerateDataKey]
(Int -> ReadS GenerateDataKey)
-> ReadS [GenerateDataKey]
-> ReadPrec GenerateDataKey
-> ReadPrec [GenerateDataKey]
-> Read GenerateDataKey
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [GenerateDataKey]
$creadListPrec :: ReadPrec [GenerateDataKey]
readPrec :: ReadPrec GenerateDataKey
$creadPrec :: ReadPrec GenerateDataKey
readList :: ReadS [GenerateDataKey]
$creadList :: ReadS [GenerateDataKey]
readsPrec :: Int -> ReadS GenerateDataKey
$creadsPrec :: Int -> ReadS GenerateDataKey
Prelude.Read, Int -> GenerateDataKey -> ShowS
[GenerateDataKey] -> ShowS
GenerateDataKey -> String
(Int -> GenerateDataKey -> ShowS)
-> (GenerateDataKey -> String)
-> ([GenerateDataKey] -> ShowS)
-> Show GenerateDataKey
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [GenerateDataKey] -> ShowS
$cshowList :: [GenerateDataKey] -> ShowS
show :: GenerateDataKey -> String
$cshow :: GenerateDataKey -> String
showsPrec :: Int -> GenerateDataKey -> ShowS
$cshowsPrec :: Int -> GenerateDataKey -> ShowS
Prelude.Show, (forall x. GenerateDataKey -> Rep GenerateDataKey x)
-> (forall x. Rep GenerateDataKey x -> GenerateDataKey)
-> Generic GenerateDataKey
forall x. Rep GenerateDataKey x -> GenerateDataKey
forall x. GenerateDataKey -> Rep GenerateDataKey x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep GenerateDataKey x -> GenerateDataKey
$cfrom :: forall x. GenerateDataKey -> Rep GenerateDataKey x
Prelude.Generic)

-- |
-- Create a value of 'GenerateDataKey' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'keySpec', 'generateDataKey_keySpec' - Specifies the length of the data key. Use @AES_128@ to generate a
-- 128-bit symmetric key, or @AES_256@ to generate a 256-bit symmetric key.
--
-- You must specify either the @KeySpec@ or the @NumberOfBytes@ parameter
-- (but not both) in every @GenerateDataKey@ request.
--
-- 'encryptionContext', 'generateDataKey_encryptionContext' - Specifies the encryption context that will be used when encrypting the
-- data key.
--
-- An /encryption context/ is a collection of non-secret key-value pairs
-- that represents additional authenticated data. When you use an
-- encryption context to encrypt data, you must specify the same (an exact
-- case-sensitive match) encryption context to decrypt the data. An
-- encryption context is optional when encrypting with a symmetric KMS key,
-- but it is highly recommended.
--
-- For more information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption Context>
-- in the /Key Management Service Developer Guide/.
--
-- 'numberOfBytes', 'generateDataKey_numberOfBytes' - Specifies the length of the data key in bytes. For example, use the
-- value 64 to generate a 512-bit data key (64 bytes is 512 bits). For
-- 128-bit (16-byte) and 256-bit (32-byte) data keys, use the @KeySpec@
-- parameter.
--
-- You must specify either the @KeySpec@ or the @NumberOfBytes@ parameter
-- (but not both) in every @GenerateDataKey@ request.
--
-- 'grantTokens', 'generateDataKey_grantTokens' - A list of grant tokens.
--
-- Use a grant token when your permission to call this operation comes from
-- a new grant that has not yet achieved /eventual consistency/. For more
-- information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>
-- and
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>
-- in the /Key Management Service Developer Guide/.
--
-- 'keyId', 'generateDataKey_keyId' - Identifies the symmetric KMS key that encrypts the data key.
--
-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.
-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS
-- key in a different Amazon Web Services account, you must use the key ARN
-- or alias ARN.
--
-- For example:
--
-- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Alias name: @alias\/ExampleAlias@
--
-- -   Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@
--
-- To get the key ID and key ARN for a KMS key, use ListKeys or
-- DescribeKey. To get the alias name and alias ARN, use ListAliases.
newGenerateDataKey ::
  -- | 'keyId'
  Prelude.Text ->
  GenerateDataKey
newGenerateDataKey :: Text -> GenerateDataKey
newGenerateDataKey Text
pKeyId_ =
  GenerateDataKey' :: Maybe DataKeySpec
-> Maybe (HashMap Text Text)
-> Maybe Natural
-> Maybe [Text]
-> Text
-> GenerateDataKey
GenerateDataKey'
    { $sel:keySpec:GenerateDataKey' :: Maybe DataKeySpec
keySpec = Maybe DataKeySpec
forall a. Maybe a
Prelude.Nothing,
      $sel:encryptionContext:GenerateDataKey' :: Maybe (HashMap Text Text)
encryptionContext = Maybe (HashMap Text Text)
forall a. Maybe a
Prelude.Nothing,
      $sel:numberOfBytes:GenerateDataKey' :: Maybe Natural
numberOfBytes = Maybe Natural
forall a. Maybe a
Prelude.Nothing,
      $sel:grantTokens:GenerateDataKey' :: Maybe [Text]
grantTokens = Maybe [Text]
forall a. Maybe a
Prelude.Nothing,
      $sel:keyId:GenerateDataKey' :: Text
keyId = Text
pKeyId_
    }

-- | Specifies the length of the data key. Use @AES_128@ to generate a
-- 128-bit symmetric key, or @AES_256@ to generate a 256-bit symmetric key.
--
-- You must specify either the @KeySpec@ or the @NumberOfBytes@ parameter
-- (but not both) in every @GenerateDataKey@ request.
generateDataKey_keySpec :: Lens.Lens' GenerateDataKey (Prelude.Maybe DataKeySpec)
generateDataKey_keySpec :: (Maybe DataKeySpec -> f (Maybe DataKeySpec))
-> GenerateDataKey -> f GenerateDataKey
generateDataKey_keySpec = (GenerateDataKey -> Maybe DataKeySpec)
-> (GenerateDataKey -> Maybe DataKeySpec -> GenerateDataKey)
-> Lens
     GenerateDataKey
     GenerateDataKey
     (Maybe DataKeySpec)
     (Maybe DataKeySpec)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKey' {Maybe DataKeySpec
keySpec :: Maybe DataKeySpec
$sel:keySpec:GenerateDataKey' :: GenerateDataKey -> Maybe DataKeySpec
keySpec} -> Maybe DataKeySpec
keySpec) (\s :: GenerateDataKey
s@GenerateDataKey' {} Maybe DataKeySpec
a -> GenerateDataKey
s {$sel:keySpec:GenerateDataKey' :: Maybe DataKeySpec
keySpec = Maybe DataKeySpec
a} :: GenerateDataKey)

-- | Specifies the encryption context that will be used when encrypting the
-- data key.
--
-- An /encryption context/ is a collection of non-secret key-value pairs
-- that represents additional authenticated data. When you use an
-- encryption context to encrypt data, you must specify the same (an exact
-- case-sensitive match) encryption context to decrypt the data. An
-- encryption context is optional when encrypting with a symmetric KMS key,
-- but it is highly recommended.
--
-- For more information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption Context>
-- in the /Key Management Service Developer Guide/.
generateDataKey_encryptionContext :: Lens.Lens' GenerateDataKey (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
generateDataKey_encryptionContext :: (Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> GenerateDataKey -> f GenerateDataKey
generateDataKey_encryptionContext = (GenerateDataKey -> Maybe (HashMap Text Text))
-> (GenerateDataKey
    -> Maybe (HashMap Text Text) -> GenerateDataKey)
-> Lens
     GenerateDataKey
     GenerateDataKey
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKey' {Maybe (HashMap Text Text)
encryptionContext :: Maybe (HashMap Text Text)
$sel:encryptionContext:GenerateDataKey' :: GenerateDataKey -> Maybe (HashMap Text Text)
encryptionContext} -> Maybe (HashMap Text Text)
encryptionContext) (\s :: GenerateDataKey
s@GenerateDataKey' {} Maybe (HashMap Text Text)
a -> GenerateDataKey
s {$sel:encryptionContext:GenerateDataKey' :: Maybe (HashMap Text Text)
encryptionContext = Maybe (HashMap Text Text)
a} :: GenerateDataKey) ((Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
 -> GenerateDataKey -> f GenerateDataKey)
-> ((Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
    -> Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> (Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> GenerateDataKey
-> f GenerateDataKey
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
-> Iso
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | Specifies the length of the data key in bytes. For example, use the
-- value 64 to generate a 512-bit data key (64 bytes is 512 bits). For
-- 128-bit (16-byte) and 256-bit (32-byte) data keys, use the @KeySpec@
-- parameter.
--
-- You must specify either the @KeySpec@ or the @NumberOfBytes@ parameter
-- (but not both) in every @GenerateDataKey@ request.
generateDataKey_numberOfBytes :: Lens.Lens' GenerateDataKey (Prelude.Maybe Prelude.Natural)
generateDataKey_numberOfBytes :: (Maybe Natural -> f (Maybe Natural))
-> GenerateDataKey -> f GenerateDataKey
generateDataKey_numberOfBytes = (GenerateDataKey -> Maybe Natural)
-> (GenerateDataKey -> Maybe Natural -> GenerateDataKey)
-> Lens
     GenerateDataKey GenerateDataKey (Maybe Natural) (Maybe Natural)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKey' {Maybe Natural
numberOfBytes :: Maybe Natural
$sel:numberOfBytes:GenerateDataKey' :: GenerateDataKey -> Maybe Natural
numberOfBytes} -> Maybe Natural
numberOfBytes) (\s :: GenerateDataKey
s@GenerateDataKey' {} Maybe Natural
a -> GenerateDataKey
s {$sel:numberOfBytes:GenerateDataKey' :: Maybe Natural
numberOfBytes = Maybe Natural
a} :: GenerateDataKey)

-- | A list of grant tokens.
--
-- Use a grant token when your permission to call this operation comes from
-- a new grant that has not yet achieved /eventual consistency/. For more
-- information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>
-- and
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>
-- in the /Key Management Service Developer Guide/.
generateDataKey_grantTokens :: Lens.Lens' GenerateDataKey (Prelude.Maybe [Prelude.Text])
generateDataKey_grantTokens :: (Maybe [Text] -> f (Maybe [Text]))
-> GenerateDataKey -> f GenerateDataKey
generateDataKey_grantTokens = (GenerateDataKey -> Maybe [Text])
-> (GenerateDataKey -> Maybe [Text] -> GenerateDataKey)
-> Lens
     GenerateDataKey GenerateDataKey (Maybe [Text]) (Maybe [Text])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKey' {Maybe [Text]
grantTokens :: Maybe [Text]
$sel:grantTokens:GenerateDataKey' :: GenerateDataKey -> Maybe [Text]
grantTokens} -> Maybe [Text]
grantTokens) (\s :: GenerateDataKey
s@GenerateDataKey' {} Maybe [Text]
a -> GenerateDataKey
s {$sel:grantTokens:GenerateDataKey' :: Maybe [Text]
grantTokens = Maybe [Text]
a} :: GenerateDataKey) ((Maybe [Text] -> f (Maybe [Text]))
 -> GenerateDataKey -> f GenerateDataKey)
-> ((Maybe [Text] -> f (Maybe [Text]))
    -> Maybe [Text] -> f (Maybe [Text]))
-> (Maybe [Text] -> f (Maybe [Text]))
-> GenerateDataKey
-> f GenerateDataKey
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso [Text] [Text] [Text] [Text]
-> Iso (Maybe [Text]) (Maybe [Text]) (Maybe [Text]) (Maybe [Text])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso [Text] [Text] [Text] [Text]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | Identifies the symmetric KMS key that encrypts the data key.
--
-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.
-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS
-- key in a different Amazon Web Services account, you must use the key ARN
-- or alias ARN.
--
-- For example:
--
-- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Alias name: @alias\/ExampleAlias@
--
-- -   Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@
--
-- To get the key ID and key ARN for a KMS key, use ListKeys or
-- DescribeKey. To get the alias name and alias ARN, use ListAliases.
generateDataKey_keyId :: Lens.Lens' GenerateDataKey Prelude.Text
generateDataKey_keyId :: (Text -> f Text) -> GenerateDataKey -> f GenerateDataKey
generateDataKey_keyId = (GenerateDataKey -> Text)
-> (GenerateDataKey -> Text -> GenerateDataKey)
-> Lens GenerateDataKey GenerateDataKey Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKey' {Text
keyId :: Text
$sel:keyId:GenerateDataKey' :: GenerateDataKey -> Text
keyId} -> Text
keyId) (\s :: GenerateDataKey
s@GenerateDataKey' {} Text
a -> GenerateDataKey
s {$sel:keyId:GenerateDataKey' :: Text
keyId = Text
a} :: GenerateDataKey)

instance Core.AWSRequest GenerateDataKey where
  type
    AWSResponse GenerateDataKey =
      GenerateDataKeyResponse
  request :: GenerateDataKey -> Request GenerateDataKey
request = Service -> GenerateDataKey -> Request GenerateDataKey
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy GenerateDataKey
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse GenerateDataKey)))
response =
    (Int
 -> ResponseHeaders
 -> Object
 -> Either String (AWSResponse GenerateDataKey))
-> Logger
-> Service
-> Proxy GenerateDataKey
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse GenerateDataKey)))
forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      ( \Int
s ResponseHeaders
h Object
x ->
          Int
-> Text -> Sensitive Base64 -> Base64 -> GenerateDataKeyResponse
GenerateDataKeyResponse'
            (Int
 -> Text -> Sensitive Base64 -> Base64 -> GenerateDataKeyResponse)
-> Either String Int
-> Either
     String
     (Text -> Sensitive Base64 -> Base64 -> GenerateDataKeyResponse)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Int -> Either String Int
forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (Int -> Int
forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
            Either
  String
  (Text -> Sensitive Base64 -> Base64 -> GenerateDataKeyResponse)
-> Either String Text
-> Either
     String (Sensitive Base64 -> Base64 -> GenerateDataKeyResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String Text
forall a. FromJSON a => Object -> Text -> Either String a
Core..:> Text
"KeyId")
            Either
  String (Sensitive Base64 -> Base64 -> GenerateDataKeyResponse)
-> Either String (Sensitive Base64)
-> Either String (Base64 -> GenerateDataKeyResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Sensitive Base64)
forall a. FromJSON a => Object -> Text -> Either String a
Core..:> Text
"Plaintext")
            Either String (Base64 -> GenerateDataKeyResponse)
-> Either String Base64 -> Either String GenerateDataKeyResponse
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String Base64
forall a. FromJSON a => Object -> Text -> Either String a
Core..:> Text
"CiphertextBlob")
      )

instance Prelude.Hashable GenerateDataKey

instance Prelude.NFData GenerateDataKey

instance Core.ToHeaders GenerateDataKey where
  toHeaders :: GenerateDataKey -> ResponseHeaders
toHeaders =
    ResponseHeaders -> GenerateDataKey -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const
      ( [ResponseHeaders] -> ResponseHeaders
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"TrentService.GenerateDataKey" ::
                          Prelude.ByteString
                      ),
            HeaderName
"Content-Type"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Core.ToJSON GenerateDataKey where
  toJSON :: GenerateDataKey -> Value
toJSON GenerateDataKey' {Maybe Natural
Maybe [Text]
Maybe (HashMap Text Text)
Maybe DataKeySpec
Text
keyId :: Text
grantTokens :: Maybe [Text]
numberOfBytes :: Maybe Natural
encryptionContext :: Maybe (HashMap Text Text)
keySpec :: Maybe DataKeySpec
$sel:keyId:GenerateDataKey' :: GenerateDataKey -> Text
$sel:grantTokens:GenerateDataKey' :: GenerateDataKey -> Maybe [Text]
$sel:numberOfBytes:GenerateDataKey' :: GenerateDataKey -> Maybe Natural
$sel:encryptionContext:GenerateDataKey' :: GenerateDataKey -> Maybe (HashMap Text Text)
$sel:keySpec:GenerateDataKey' :: GenerateDataKey -> Maybe DataKeySpec
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Text
"KeySpec" Text -> DataKeySpec -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (DataKeySpec -> Pair) -> Maybe DataKeySpec -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe DataKeySpec
keySpec,
            (Text
"EncryptionContext" Text -> HashMap Text Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (HashMap Text Text -> Pair)
-> Maybe (HashMap Text Text) -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe (HashMap Text Text)
encryptionContext,
            (Text
"NumberOfBytes" Text -> Natural -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Natural -> Pair) -> Maybe Natural -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Natural
numberOfBytes,
            (Text
"GrantTokens" Text -> [Text] -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) ([Text] -> Pair) -> Maybe [Text] -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe [Text]
grantTokens,
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"KeyId" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
keyId)
          ]
      )

instance Core.ToPath GenerateDataKey where
  toPath :: GenerateDataKey -> ByteString
toPath = ByteString -> GenerateDataKey -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery GenerateDataKey where
  toQuery :: GenerateDataKey -> QueryString
toQuery = QueryString -> GenerateDataKey -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newGenerateDataKeyResponse' smart constructor.
data GenerateDataKeyResponse = GenerateDataKeyResponse'
  { -- | The response's http status code.
    GenerateDataKeyResponse -> Int
httpStatus :: Prelude.Int,
    -- | The Amazon Resource Name
    -- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)
    -- of the KMS key that encrypted the data key.
    GenerateDataKeyResponse -> Text
keyId :: Prelude.Text,
    -- | The plaintext data key. When you use the HTTP API or the Amazon Web
    -- Services CLI, the value is Base64-encoded. Otherwise, it is not
    -- Base64-encoded. Use this data key to encrypt your data outside of KMS.
    -- Then, remove it from memory as soon as possible.
    GenerateDataKeyResponse -> Sensitive Base64
plaintext :: Core.Sensitive Core.Base64,
    -- | The encrypted copy of the data key. When you use the HTTP API or the
    -- Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is
    -- not Base64-encoded.
    GenerateDataKeyResponse -> Base64
ciphertextBlob :: Core.Base64
  }
  deriving (GenerateDataKeyResponse -> GenerateDataKeyResponse -> Bool
(GenerateDataKeyResponse -> GenerateDataKeyResponse -> Bool)
-> (GenerateDataKeyResponse -> GenerateDataKeyResponse -> Bool)
-> Eq GenerateDataKeyResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: GenerateDataKeyResponse -> GenerateDataKeyResponse -> Bool
$c/= :: GenerateDataKeyResponse -> GenerateDataKeyResponse -> Bool
== :: GenerateDataKeyResponse -> GenerateDataKeyResponse -> Bool
$c== :: GenerateDataKeyResponse -> GenerateDataKeyResponse -> Bool
Prelude.Eq, Int -> GenerateDataKeyResponse -> ShowS
[GenerateDataKeyResponse] -> ShowS
GenerateDataKeyResponse -> String
(Int -> GenerateDataKeyResponse -> ShowS)
-> (GenerateDataKeyResponse -> String)
-> ([GenerateDataKeyResponse] -> ShowS)
-> Show GenerateDataKeyResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [GenerateDataKeyResponse] -> ShowS
$cshowList :: [GenerateDataKeyResponse] -> ShowS
show :: GenerateDataKeyResponse -> String
$cshow :: GenerateDataKeyResponse -> String
showsPrec :: Int -> GenerateDataKeyResponse -> ShowS
$cshowsPrec :: Int -> GenerateDataKeyResponse -> ShowS
Prelude.Show, (forall x.
 GenerateDataKeyResponse -> Rep GenerateDataKeyResponse x)
-> (forall x.
    Rep GenerateDataKeyResponse x -> GenerateDataKeyResponse)
-> Generic GenerateDataKeyResponse
forall x. Rep GenerateDataKeyResponse x -> GenerateDataKeyResponse
forall x. GenerateDataKeyResponse -> Rep GenerateDataKeyResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep GenerateDataKeyResponse x -> GenerateDataKeyResponse
$cfrom :: forall x. GenerateDataKeyResponse -> Rep GenerateDataKeyResponse x
Prelude.Generic)

-- |
-- Create a value of 'GenerateDataKeyResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'httpStatus', 'generateDataKeyResponse_httpStatus' - The response's http status code.
--
-- 'keyId', 'generateDataKeyResponse_keyId' - The Amazon Resource Name
-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)
-- of the KMS key that encrypted the data key.
--
-- 'plaintext', 'generateDataKeyResponse_plaintext' - The plaintext data key. When you use the HTTP API or the Amazon Web
-- Services CLI, the value is Base64-encoded. Otherwise, it is not
-- Base64-encoded. Use this data key to encrypt your data outside of KMS.
-- Then, remove it from memory as soon as possible.--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
--
-- 'ciphertextBlob', 'generateDataKeyResponse_ciphertextBlob' - The encrypted copy of the data key. When you use the HTTP API or the
-- Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is
-- not Base64-encoded.--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
newGenerateDataKeyResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  -- | 'keyId'
  Prelude.Text ->
  -- | 'plaintext'
  Prelude.ByteString ->
  -- | 'ciphertextBlob'
  Prelude.ByteString ->
  GenerateDataKeyResponse
newGenerateDataKeyResponse :: Int -> Text -> ByteString -> ByteString -> GenerateDataKeyResponse
newGenerateDataKeyResponse
  Int
pHttpStatus_
  Text
pKeyId_
  ByteString
pPlaintext_
  ByteString
pCiphertextBlob_ =
    GenerateDataKeyResponse' :: Int
-> Text -> Sensitive Base64 -> Base64 -> GenerateDataKeyResponse
GenerateDataKeyResponse'
      { $sel:httpStatus:GenerateDataKeyResponse' :: Int
httpStatus = Int
pHttpStatus_,
        $sel:keyId:GenerateDataKeyResponse' :: Text
keyId = Text
pKeyId_,
        $sel:plaintext:GenerateDataKeyResponse' :: Sensitive Base64
plaintext =
          Tagged Base64 (Identity Base64)
-> Tagged (Sensitive Base64) (Identity (Sensitive Base64))
forall a. Iso' (Sensitive a) a
Core._Sensitive (Tagged Base64 (Identity Base64)
 -> Tagged (Sensitive Base64) (Identity (Sensitive Base64)))
-> (Tagged ByteString (Identity ByteString)
    -> Tagged Base64 (Identity Base64))
-> Tagged ByteString (Identity ByteString)
-> Tagged (Sensitive Base64) (Identity (Sensitive Base64))
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. Tagged ByteString (Identity ByteString)
-> Tagged Base64 (Identity Base64)
Iso' Base64 ByteString
Core._Base64
            (Tagged ByteString (Identity ByteString)
 -> Tagged (Sensitive Base64) (Identity (Sensitive Base64)))
-> ByteString -> Sensitive Base64
forall t b. AReview t b -> b -> t
Lens.# ByteString
pPlaintext_,
        $sel:ciphertextBlob:GenerateDataKeyResponse' :: Base64
ciphertextBlob =
          Tagged ByteString (Identity ByteString)
-> Tagged Base64 (Identity Base64)
Iso' Base64 ByteString
Core._Base64 (Tagged ByteString (Identity ByteString)
 -> Tagged Base64 (Identity Base64))
-> ByteString -> Base64
forall t b. AReview t b -> b -> t
Lens.# ByteString
pCiphertextBlob_
      }

-- | The response's http status code.
generateDataKeyResponse_httpStatus :: Lens.Lens' GenerateDataKeyResponse Prelude.Int
generateDataKeyResponse_httpStatus :: (Int -> f Int)
-> GenerateDataKeyResponse -> f GenerateDataKeyResponse
generateDataKeyResponse_httpStatus = (GenerateDataKeyResponse -> Int)
-> (GenerateDataKeyResponse -> Int -> GenerateDataKeyResponse)
-> Lens GenerateDataKeyResponse GenerateDataKeyResponse Int Int
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKeyResponse' {Int
httpStatus :: Int
$sel:httpStatus:GenerateDataKeyResponse' :: GenerateDataKeyResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: GenerateDataKeyResponse
s@GenerateDataKeyResponse' {} Int
a -> GenerateDataKeyResponse
s {$sel:httpStatus:GenerateDataKeyResponse' :: Int
httpStatus = Int
a} :: GenerateDataKeyResponse)

-- | The Amazon Resource Name
-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)
-- of the KMS key that encrypted the data key.
generateDataKeyResponse_keyId :: Lens.Lens' GenerateDataKeyResponse Prelude.Text
generateDataKeyResponse_keyId :: (Text -> f Text)
-> GenerateDataKeyResponse -> f GenerateDataKeyResponse
generateDataKeyResponse_keyId = (GenerateDataKeyResponse -> Text)
-> (GenerateDataKeyResponse -> Text -> GenerateDataKeyResponse)
-> Lens GenerateDataKeyResponse GenerateDataKeyResponse Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKeyResponse' {Text
keyId :: Text
$sel:keyId:GenerateDataKeyResponse' :: GenerateDataKeyResponse -> Text
keyId} -> Text
keyId) (\s :: GenerateDataKeyResponse
s@GenerateDataKeyResponse' {} Text
a -> GenerateDataKeyResponse
s {$sel:keyId:GenerateDataKeyResponse' :: Text
keyId = Text
a} :: GenerateDataKeyResponse)

-- | The plaintext data key. When you use the HTTP API or the Amazon Web
-- Services CLI, the value is Base64-encoded. Otherwise, it is not
-- Base64-encoded. Use this data key to encrypt your data outside of KMS.
-- Then, remove it from memory as soon as possible.--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
generateDataKeyResponse_plaintext :: Lens.Lens' GenerateDataKeyResponse Prelude.ByteString
generateDataKeyResponse_plaintext :: (ByteString -> f ByteString)
-> GenerateDataKeyResponse -> f GenerateDataKeyResponse
generateDataKeyResponse_plaintext = (GenerateDataKeyResponse -> Sensitive Base64)
-> (GenerateDataKeyResponse
    -> Sensitive Base64 -> GenerateDataKeyResponse)
-> Lens
     GenerateDataKeyResponse
     GenerateDataKeyResponse
     (Sensitive Base64)
     (Sensitive Base64)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKeyResponse' {Sensitive Base64
plaintext :: Sensitive Base64
$sel:plaintext:GenerateDataKeyResponse' :: GenerateDataKeyResponse -> Sensitive Base64
plaintext} -> Sensitive Base64
plaintext) (\s :: GenerateDataKeyResponse
s@GenerateDataKeyResponse' {} Sensitive Base64
a -> GenerateDataKeyResponse
s {$sel:plaintext:GenerateDataKeyResponse' :: Sensitive Base64
plaintext = Sensitive Base64
a} :: GenerateDataKeyResponse) ((Sensitive Base64 -> f (Sensitive Base64))
 -> GenerateDataKeyResponse -> f GenerateDataKeyResponse)
-> ((ByteString -> f ByteString)
    -> Sensitive Base64 -> f (Sensitive Base64))
-> (ByteString -> f ByteString)
-> GenerateDataKeyResponse
-> f GenerateDataKeyResponse
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. (Base64 -> f Base64) -> Sensitive Base64 -> f (Sensitive Base64)
forall a. Iso' (Sensitive a) a
Core._Sensitive ((Base64 -> f Base64) -> Sensitive Base64 -> f (Sensitive Base64))
-> ((ByteString -> f ByteString) -> Base64 -> f Base64)
-> (ByteString -> f ByteString)
-> Sensitive Base64
-> f (Sensitive Base64)
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. (ByteString -> f ByteString) -> Base64 -> f Base64
Iso' Base64 ByteString
Core._Base64

-- | The encrypted copy of the data key. When you use the HTTP API or the
-- Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is
-- not Base64-encoded.--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
generateDataKeyResponse_ciphertextBlob :: Lens.Lens' GenerateDataKeyResponse Prelude.ByteString
generateDataKeyResponse_ciphertextBlob :: (ByteString -> f ByteString)
-> GenerateDataKeyResponse -> f GenerateDataKeyResponse
generateDataKeyResponse_ciphertextBlob = (GenerateDataKeyResponse -> Base64)
-> (GenerateDataKeyResponse -> Base64 -> GenerateDataKeyResponse)
-> Lens
     GenerateDataKeyResponse GenerateDataKeyResponse Base64 Base64
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKeyResponse' {Base64
ciphertextBlob :: Base64
$sel:ciphertextBlob:GenerateDataKeyResponse' :: GenerateDataKeyResponse -> Base64
ciphertextBlob} -> Base64
ciphertextBlob) (\s :: GenerateDataKeyResponse
s@GenerateDataKeyResponse' {} Base64
a -> GenerateDataKeyResponse
s {$sel:ciphertextBlob:GenerateDataKeyResponse' :: Base64
ciphertextBlob = Base64
a} :: GenerateDataKeyResponse) ((Base64 -> f Base64)
 -> GenerateDataKeyResponse -> f GenerateDataKeyResponse)
-> ((ByteString -> f ByteString) -> Base64 -> f Base64)
-> (ByteString -> f ByteString)
-> GenerateDataKeyResponse
-> f GenerateDataKeyResponse
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. (ByteString -> f ByteString) -> Base64 -> f Base64
Iso' Base64 ByteString
Core._Base64

instance Prelude.NFData GenerateDataKeyResponse