aws_sdk_kms/operation/re_encrypt/_re_encrypt_input.rs
1// Code generated by software.amazon.smithy.rust.codegen.smithy-rs. DO NOT EDIT.
2#[allow(missing_docs)] // documentation missing in model
3#[non_exhaustive]
4#[derive(::std::clone::Clone, ::std::cmp::PartialEq, ::std::fmt::Debug)]
5pub struct ReEncryptInput {
6 /// <p>Ciphertext of the data to reencrypt.</p>
7 pub ciphertext_blob: ::std::option::Option<::aws_smithy_types::Blob>,
8 /// <p>Specifies the encryption context to use to decrypt the ciphertext. Enter the same encryption context that was used to encrypt the ciphertext.</p>
9 /// <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.</p>
10 /// <p>For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
11 pub source_encryption_context: ::std::option::Option<::std::collections::HashMap<::std::string::String, ::std::string::String>>,
12 /// <p>Specifies the KMS key that KMS will use to decrypt the ciphertext before it is re-encrypted.</p>
13 /// <p>Enter a key ID of the KMS key that was used to encrypt the ciphertext. If you identify a different KMS key, the <code>ReEncrypt</code> operation throws an <code>IncorrectKeyException</code>.</p>
14 /// <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. If you used a symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds to the symmetric ciphertext blob. However, it is always recommended as a best practice. This practice ensures that you use the KMS key that you intend.</p>
15 /// <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
16 /// <p>For example:</p>
17 /// <ul>
18 /// <li>
19 /// <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
20 /// <li>
21 /// <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
22 /// <li>
23 /// <p>Alias name: <code>alias/ExampleAlias</code></p></li>
24 /// <li>
25 /// <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code></p></li>
26 /// </ul>
27 /// <p>To get the key ID and key ARN for a KMS key, use <code>ListKeys</code> or <code>DescribeKey</code>. To get the alias name and alias ARN, use <code>ListAliases</code>.</p>
28 pub source_key_id: ::std::option::Option<::std::string::String>,
29 /// <p>A unique identifier for the KMS key that is used to reencrypt the data. Specify a symmetric encryption KMS key or an asymmetric KMS key with a <code>KeyUsage</code> value of <code>ENCRYPT_DECRYPT</code>. To find the <code>KeyUsage</code> value of a KMS key, use the <code>DescribeKey</code> operation.</p>
30 /// <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
31 /// <p>For example:</p>
32 /// <ul>
33 /// <li>
34 /// <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
35 /// <li>
36 /// <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
37 /// <li>
38 /// <p>Alias name: <code>alias/ExampleAlias</code></p></li>
39 /// <li>
40 /// <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code></p></li>
41 /// </ul>
42 /// <p>To get the key ID and key ARN for a KMS key, use <code>ListKeys</code> or <code>DescribeKey</code>. To get the alias name and alias ARN, use <code>ListAliases</code>.</p>
43 pub destination_key_id: ::std::option::Option<::std::string::String>,
44 /// <p>Specifies that encryption context to use when the reencrypting the data.</p><important>
45 /// <p>Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p>
46 /// </important>
47 /// <p>A destination encryption context is valid only when the destination KMS key is a symmetric encryption KMS key. The standard ciphertext format for asymmetric KMS keys does not include fields for metadata.</p>
48 /// <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.</p>
49 /// <p>For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
50 pub destination_encryption_context: ::std::option::Option<::std::collections::HashMap<::std::string::String, ::std::string::String>>,
51 /// <p>Specifies the encryption algorithm that KMS will use to decrypt the ciphertext before it is reencrypted. The default value, <code>SYMMETRIC_DEFAULT</code>, represents the algorithm used for symmetric encryption KMS keys.</p>
52 /// <p>Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm, the decrypt attempt fails.</p>
53 /// <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key.</p>
54 pub source_encryption_algorithm: ::std::option::Option<crate::types::EncryptionAlgorithmSpec>,
55 /// <p>Specifies the encryption algorithm that KMS will use to reecrypt the data after it has decrypted it. The default value, <code>SYMMETRIC_DEFAULT</code>, represents the encryption algorithm used for symmetric encryption KMS keys.</p>
56 /// <p>This parameter is required only when the destination KMS key is an asymmetric KMS key.</p>
57 pub destination_encryption_algorithm: ::std::option::Option<crate::types::EncryptionAlgorithmSpec>,
58 /// <p>A list of grant tokens.</p>
59 /// <p>Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved <i>eventual consistency</i>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">Grant token</a> and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token">Using a grant token</a> in the <i>Key Management Service Developer Guide</i>.</p>
60 pub grant_tokens: ::std::option::Option<::std::vec::Vec<::std::string::String>>,
61 /// <p>Checks if your request will succeed. <code>DryRun</code> is an optional parameter.</p>
62 /// <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html">Testing your KMS API calls</a> in the <i>Key Management Service Developer Guide</i>.</p>
63 pub dry_run: ::std::option::Option<bool>,
64}
65impl ReEncryptInput {
66 /// <p>Ciphertext of the data to reencrypt.</p>
67 pub fn ciphertext_blob(&self) -> ::std::option::Option<&::aws_smithy_types::Blob> {
68 self.ciphertext_blob.as_ref()
69 }
70 /// <p>Specifies the encryption context to use to decrypt the ciphertext. Enter the same encryption context that was used to encrypt the ciphertext.</p>
71 /// <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.</p>
72 /// <p>For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
73 pub fn source_encryption_context(&self) -> ::std::option::Option<&::std::collections::HashMap<::std::string::String, ::std::string::String>> {
74 self.source_encryption_context.as_ref()
75 }
76 /// <p>Specifies the KMS key that KMS will use to decrypt the ciphertext before it is re-encrypted.</p>
77 /// <p>Enter a key ID of the KMS key that was used to encrypt the ciphertext. If you identify a different KMS key, the <code>ReEncrypt</code> operation throws an <code>IncorrectKeyException</code>.</p>
78 /// <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. If you used a symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds to the symmetric ciphertext blob. However, it is always recommended as a best practice. This practice ensures that you use the KMS key that you intend.</p>
79 /// <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
80 /// <p>For example:</p>
81 /// <ul>
82 /// <li>
83 /// <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
84 /// <li>
85 /// <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
86 /// <li>
87 /// <p>Alias name: <code>alias/ExampleAlias</code></p></li>
88 /// <li>
89 /// <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code></p></li>
90 /// </ul>
91 /// <p>To get the key ID and key ARN for a KMS key, use <code>ListKeys</code> or <code>DescribeKey</code>. To get the alias name and alias ARN, use <code>ListAliases</code>.</p>
92 pub fn source_key_id(&self) -> ::std::option::Option<&str> {
93 self.source_key_id.as_deref()
94 }
95 /// <p>A unique identifier for the KMS key that is used to reencrypt the data. Specify a symmetric encryption KMS key or an asymmetric KMS key with a <code>KeyUsage</code> value of <code>ENCRYPT_DECRYPT</code>. To find the <code>KeyUsage</code> value of a KMS key, use the <code>DescribeKey</code> operation.</p>
96 /// <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
97 /// <p>For example:</p>
98 /// <ul>
99 /// <li>
100 /// <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
101 /// <li>
102 /// <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
103 /// <li>
104 /// <p>Alias name: <code>alias/ExampleAlias</code></p></li>
105 /// <li>
106 /// <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code></p></li>
107 /// </ul>
108 /// <p>To get the key ID and key ARN for a KMS key, use <code>ListKeys</code> or <code>DescribeKey</code>. To get the alias name and alias ARN, use <code>ListAliases</code>.</p>
109 pub fn destination_key_id(&self) -> ::std::option::Option<&str> {
110 self.destination_key_id.as_deref()
111 }
112 /// <p>Specifies that encryption context to use when the reencrypting the data.</p><important>
113 /// <p>Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p>
114 /// </important>
115 /// <p>A destination encryption context is valid only when the destination KMS key is a symmetric encryption KMS key. The standard ciphertext format for asymmetric KMS keys does not include fields for metadata.</p>
116 /// <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.</p>
117 /// <p>For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
118 pub fn destination_encryption_context(
119 &self,
120 ) -> ::std::option::Option<&::std::collections::HashMap<::std::string::String, ::std::string::String>> {
121 self.destination_encryption_context.as_ref()
122 }
123 /// <p>Specifies the encryption algorithm that KMS will use to decrypt the ciphertext before it is reencrypted. The default value, <code>SYMMETRIC_DEFAULT</code>, represents the algorithm used for symmetric encryption KMS keys.</p>
124 /// <p>Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm, the decrypt attempt fails.</p>
125 /// <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key.</p>
126 pub fn source_encryption_algorithm(&self) -> ::std::option::Option<&crate::types::EncryptionAlgorithmSpec> {
127 self.source_encryption_algorithm.as_ref()
128 }
129 /// <p>Specifies the encryption algorithm that KMS will use to reecrypt the data after it has decrypted it. The default value, <code>SYMMETRIC_DEFAULT</code>, represents the encryption algorithm used for symmetric encryption KMS keys.</p>
130 /// <p>This parameter is required only when the destination KMS key is an asymmetric KMS key.</p>
131 pub fn destination_encryption_algorithm(&self) -> ::std::option::Option<&crate::types::EncryptionAlgorithmSpec> {
132 self.destination_encryption_algorithm.as_ref()
133 }
134 /// <p>A list of grant tokens.</p>
135 /// <p>Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved <i>eventual consistency</i>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">Grant token</a> and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token">Using a grant token</a> in the <i>Key Management Service Developer Guide</i>.</p>
136 ///
137 /// If no value was sent for this field, a default will be set. If you want to determine if no value was sent, use `.grant_tokens.is_none()`.
138 pub fn grant_tokens(&self) -> &[::std::string::String] {
139 self.grant_tokens.as_deref().unwrap_or_default()
140 }
141 /// <p>Checks if your request will succeed. <code>DryRun</code> is an optional parameter.</p>
142 /// <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html">Testing your KMS API calls</a> in the <i>Key Management Service Developer Guide</i>.</p>
143 pub fn dry_run(&self) -> ::std::option::Option<bool> {
144 self.dry_run
145 }
146}
147impl ReEncryptInput {
148 /// Creates a new builder-style object to manufacture [`ReEncryptInput`](crate::operation::re_encrypt::ReEncryptInput).
149 pub fn builder() -> crate::operation::re_encrypt::builders::ReEncryptInputBuilder {
150 crate::operation::re_encrypt::builders::ReEncryptInputBuilder::default()
151 }
152}
153
154/// A builder for [`ReEncryptInput`](crate::operation::re_encrypt::ReEncryptInput).
155#[derive(::std::clone::Clone, ::std::cmp::PartialEq, ::std::default::Default, ::std::fmt::Debug)]
156#[non_exhaustive]
157pub struct ReEncryptInputBuilder {
158 pub(crate) ciphertext_blob: ::std::option::Option<::aws_smithy_types::Blob>,
159 pub(crate) source_encryption_context: ::std::option::Option<::std::collections::HashMap<::std::string::String, ::std::string::String>>,
160 pub(crate) source_key_id: ::std::option::Option<::std::string::String>,
161 pub(crate) destination_key_id: ::std::option::Option<::std::string::String>,
162 pub(crate) destination_encryption_context: ::std::option::Option<::std::collections::HashMap<::std::string::String, ::std::string::String>>,
163 pub(crate) source_encryption_algorithm: ::std::option::Option<crate::types::EncryptionAlgorithmSpec>,
164 pub(crate) destination_encryption_algorithm: ::std::option::Option<crate::types::EncryptionAlgorithmSpec>,
165 pub(crate) grant_tokens: ::std::option::Option<::std::vec::Vec<::std::string::String>>,
166 pub(crate) dry_run: ::std::option::Option<bool>,
167}
168impl ReEncryptInputBuilder {
169 /// <p>Ciphertext of the data to reencrypt.</p>
170 /// This field is required.
171 pub fn ciphertext_blob(mut self, input: ::aws_smithy_types::Blob) -> Self {
172 self.ciphertext_blob = ::std::option::Option::Some(input);
173 self
174 }
175 /// <p>Ciphertext of the data to reencrypt.</p>
176 pub fn set_ciphertext_blob(mut self, input: ::std::option::Option<::aws_smithy_types::Blob>) -> Self {
177 self.ciphertext_blob = input;
178 self
179 }
180 /// <p>Ciphertext of the data to reencrypt.</p>
181 pub fn get_ciphertext_blob(&self) -> &::std::option::Option<::aws_smithy_types::Blob> {
182 &self.ciphertext_blob
183 }
184 /// Adds a key-value pair to `source_encryption_context`.
185 ///
186 /// To override the contents of this collection use [`set_source_encryption_context`](Self::set_source_encryption_context).
187 ///
188 /// <p>Specifies the encryption context to use to decrypt the ciphertext. Enter the same encryption context that was used to encrypt the ciphertext.</p>
189 /// <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.</p>
190 /// <p>For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
191 pub fn source_encryption_context(
192 mut self,
193 k: impl ::std::convert::Into<::std::string::String>,
194 v: impl ::std::convert::Into<::std::string::String>,
195 ) -> Self {
196 let mut hash_map = self.source_encryption_context.unwrap_or_default();
197 hash_map.insert(k.into(), v.into());
198 self.source_encryption_context = ::std::option::Option::Some(hash_map);
199 self
200 }
201 /// <p>Specifies the encryption context to use to decrypt the ciphertext. Enter the same encryption context that was used to encrypt the ciphertext.</p>
202 /// <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.</p>
203 /// <p>For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
204 pub fn set_source_encryption_context(
205 mut self,
206 input: ::std::option::Option<::std::collections::HashMap<::std::string::String, ::std::string::String>>,
207 ) -> Self {
208 self.source_encryption_context = input;
209 self
210 }
211 /// <p>Specifies the encryption context to use to decrypt the ciphertext. Enter the same encryption context that was used to encrypt the ciphertext.</p>
212 /// <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.</p>
213 /// <p>For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
214 pub fn get_source_encryption_context(&self) -> &::std::option::Option<::std::collections::HashMap<::std::string::String, ::std::string::String>> {
215 &self.source_encryption_context
216 }
217 /// <p>Specifies the KMS key that KMS will use to decrypt the ciphertext before it is re-encrypted.</p>
218 /// <p>Enter a key ID of the KMS key that was used to encrypt the ciphertext. If you identify a different KMS key, the <code>ReEncrypt</code> operation throws an <code>IncorrectKeyException</code>.</p>
219 /// <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. If you used a symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds to the symmetric ciphertext blob. However, it is always recommended as a best practice. This practice ensures that you use the KMS key that you intend.</p>
220 /// <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
221 /// <p>For example:</p>
222 /// <ul>
223 /// <li>
224 /// <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
225 /// <li>
226 /// <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
227 /// <li>
228 /// <p>Alias name: <code>alias/ExampleAlias</code></p></li>
229 /// <li>
230 /// <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code></p></li>
231 /// </ul>
232 /// <p>To get the key ID and key ARN for a KMS key, use <code>ListKeys</code> or <code>DescribeKey</code>. To get the alias name and alias ARN, use <code>ListAliases</code>.</p>
233 pub fn source_key_id(mut self, input: impl ::std::convert::Into<::std::string::String>) -> Self {
234 self.source_key_id = ::std::option::Option::Some(input.into());
235 self
236 }
237 /// <p>Specifies the KMS key that KMS will use to decrypt the ciphertext before it is re-encrypted.</p>
238 /// <p>Enter a key ID of the KMS key that was used to encrypt the ciphertext. If you identify a different KMS key, the <code>ReEncrypt</code> operation throws an <code>IncorrectKeyException</code>.</p>
239 /// <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. If you used a symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds to the symmetric ciphertext blob. However, it is always recommended as a best practice. This practice ensures that you use the KMS key that you intend.</p>
240 /// <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
241 /// <p>For example:</p>
242 /// <ul>
243 /// <li>
244 /// <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
245 /// <li>
246 /// <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
247 /// <li>
248 /// <p>Alias name: <code>alias/ExampleAlias</code></p></li>
249 /// <li>
250 /// <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code></p></li>
251 /// </ul>
252 /// <p>To get the key ID and key ARN for a KMS key, use <code>ListKeys</code> or <code>DescribeKey</code>. To get the alias name and alias ARN, use <code>ListAliases</code>.</p>
253 pub fn set_source_key_id(mut self, input: ::std::option::Option<::std::string::String>) -> Self {
254 self.source_key_id = input;
255 self
256 }
257 /// <p>Specifies the KMS key that KMS will use to decrypt the ciphertext before it is re-encrypted.</p>
258 /// <p>Enter a key ID of the KMS key that was used to encrypt the ciphertext. If you identify a different KMS key, the <code>ReEncrypt</code> operation throws an <code>IncorrectKeyException</code>.</p>
259 /// <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. If you used a symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds to the symmetric ciphertext blob. However, it is always recommended as a best practice. This practice ensures that you use the KMS key that you intend.</p>
260 /// <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
261 /// <p>For example:</p>
262 /// <ul>
263 /// <li>
264 /// <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
265 /// <li>
266 /// <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
267 /// <li>
268 /// <p>Alias name: <code>alias/ExampleAlias</code></p></li>
269 /// <li>
270 /// <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code></p></li>
271 /// </ul>
272 /// <p>To get the key ID and key ARN for a KMS key, use <code>ListKeys</code> or <code>DescribeKey</code>. To get the alias name and alias ARN, use <code>ListAliases</code>.</p>
273 pub fn get_source_key_id(&self) -> &::std::option::Option<::std::string::String> {
274 &self.source_key_id
275 }
276 /// <p>A unique identifier for the KMS key that is used to reencrypt the data. Specify a symmetric encryption KMS key or an asymmetric KMS key with a <code>KeyUsage</code> value of <code>ENCRYPT_DECRYPT</code>. To find the <code>KeyUsage</code> value of a KMS key, use the <code>DescribeKey</code> operation.</p>
277 /// <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
278 /// <p>For example:</p>
279 /// <ul>
280 /// <li>
281 /// <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
282 /// <li>
283 /// <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
284 /// <li>
285 /// <p>Alias name: <code>alias/ExampleAlias</code></p></li>
286 /// <li>
287 /// <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code></p></li>
288 /// </ul>
289 /// <p>To get the key ID and key ARN for a KMS key, use <code>ListKeys</code> or <code>DescribeKey</code>. To get the alias name and alias ARN, use <code>ListAliases</code>.</p>
290 /// This field is required.
291 pub fn destination_key_id(mut self, input: impl ::std::convert::Into<::std::string::String>) -> Self {
292 self.destination_key_id = ::std::option::Option::Some(input.into());
293 self
294 }
295 /// <p>A unique identifier for the KMS key that is used to reencrypt the data. Specify a symmetric encryption KMS key or an asymmetric KMS key with a <code>KeyUsage</code> value of <code>ENCRYPT_DECRYPT</code>. To find the <code>KeyUsage</code> value of a KMS key, use the <code>DescribeKey</code> operation.</p>
296 /// <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
297 /// <p>For example:</p>
298 /// <ul>
299 /// <li>
300 /// <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
301 /// <li>
302 /// <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
303 /// <li>
304 /// <p>Alias name: <code>alias/ExampleAlias</code></p></li>
305 /// <li>
306 /// <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code></p></li>
307 /// </ul>
308 /// <p>To get the key ID and key ARN for a KMS key, use <code>ListKeys</code> or <code>DescribeKey</code>. To get the alias name and alias ARN, use <code>ListAliases</code>.</p>
309 pub fn set_destination_key_id(mut self, input: ::std::option::Option<::std::string::String>) -> Self {
310 self.destination_key_id = input;
311 self
312 }
313 /// <p>A unique identifier for the KMS key that is used to reencrypt the data. Specify a symmetric encryption KMS key or an asymmetric KMS key with a <code>KeyUsage</code> value of <code>ENCRYPT_DECRYPT</code>. To find the <code>KeyUsage</code> value of a KMS key, use the <code>DescribeKey</code> operation.</p>
314 /// <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
315 /// <p>For example:</p>
316 /// <ul>
317 /// <li>
318 /// <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
319 /// <li>
320 /// <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
321 /// <li>
322 /// <p>Alias name: <code>alias/ExampleAlias</code></p></li>
323 /// <li>
324 /// <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code></p></li>
325 /// </ul>
326 /// <p>To get the key ID and key ARN for a KMS key, use <code>ListKeys</code> or <code>DescribeKey</code>. To get the alias name and alias ARN, use <code>ListAliases</code>.</p>
327 pub fn get_destination_key_id(&self) -> &::std::option::Option<::std::string::String> {
328 &self.destination_key_id
329 }
330 /// Adds a key-value pair to `destination_encryption_context`.
331 ///
332 /// To override the contents of this collection use [`set_destination_encryption_context`](Self::set_destination_encryption_context).
333 ///
334 /// <p>Specifies that encryption context to use when the reencrypting the data.</p><important>
335 /// <p>Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p>
336 /// </important>
337 /// <p>A destination encryption context is valid only when the destination KMS key is a symmetric encryption KMS key. The standard ciphertext format for asymmetric KMS keys does not include fields for metadata.</p>
338 /// <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.</p>
339 /// <p>For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
340 pub fn destination_encryption_context(
341 mut self,
342 k: impl ::std::convert::Into<::std::string::String>,
343 v: impl ::std::convert::Into<::std::string::String>,
344 ) -> Self {
345 let mut hash_map = self.destination_encryption_context.unwrap_or_default();
346 hash_map.insert(k.into(), v.into());
347 self.destination_encryption_context = ::std::option::Option::Some(hash_map);
348 self
349 }
350 /// <p>Specifies that encryption context to use when the reencrypting the data.</p><important>
351 /// <p>Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p>
352 /// </important>
353 /// <p>A destination encryption context is valid only when the destination KMS key is a symmetric encryption KMS key. The standard ciphertext format for asymmetric KMS keys does not include fields for metadata.</p>
354 /// <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.</p>
355 /// <p>For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
356 pub fn set_destination_encryption_context(
357 mut self,
358 input: ::std::option::Option<::std::collections::HashMap<::std::string::String, ::std::string::String>>,
359 ) -> Self {
360 self.destination_encryption_context = input;
361 self
362 }
363 /// <p>Specifies that encryption context to use when the reencrypting the data.</p><important>
364 /// <p>Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p>
365 /// </important>
366 /// <p>A destination encryption context is valid only when the destination KMS key is a symmetric encryption KMS key. The standard ciphertext format for asymmetric KMS keys does not include fields for metadata.</p>
367 /// <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.</p>
368 /// <p>For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
369 pub fn get_destination_encryption_context(
370 &self,
371 ) -> &::std::option::Option<::std::collections::HashMap<::std::string::String, ::std::string::String>> {
372 &self.destination_encryption_context
373 }
374 /// <p>Specifies the encryption algorithm that KMS will use to decrypt the ciphertext before it is reencrypted. The default value, <code>SYMMETRIC_DEFAULT</code>, represents the algorithm used for symmetric encryption KMS keys.</p>
375 /// <p>Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm, the decrypt attempt fails.</p>
376 /// <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key.</p>
377 pub fn source_encryption_algorithm(mut self, input: crate::types::EncryptionAlgorithmSpec) -> Self {
378 self.source_encryption_algorithm = ::std::option::Option::Some(input);
379 self
380 }
381 /// <p>Specifies the encryption algorithm that KMS will use to decrypt the ciphertext before it is reencrypted. The default value, <code>SYMMETRIC_DEFAULT</code>, represents the algorithm used for symmetric encryption KMS keys.</p>
382 /// <p>Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm, the decrypt attempt fails.</p>
383 /// <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key.</p>
384 pub fn set_source_encryption_algorithm(mut self, input: ::std::option::Option<crate::types::EncryptionAlgorithmSpec>) -> Self {
385 self.source_encryption_algorithm = input;
386 self
387 }
388 /// <p>Specifies the encryption algorithm that KMS will use to decrypt the ciphertext before it is reencrypted. The default value, <code>SYMMETRIC_DEFAULT</code>, represents the algorithm used for symmetric encryption KMS keys.</p>
389 /// <p>Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm, the decrypt attempt fails.</p>
390 /// <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key.</p>
391 pub fn get_source_encryption_algorithm(&self) -> &::std::option::Option<crate::types::EncryptionAlgorithmSpec> {
392 &self.source_encryption_algorithm
393 }
394 /// <p>Specifies the encryption algorithm that KMS will use to reecrypt the data after it has decrypted it. The default value, <code>SYMMETRIC_DEFAULT</code>, represents the encryption algorithm used for symmetric encryption KMS keys.</p>
395 /// <p>This parameter is required only when the destination KMS key is an asymmetric KMS key.</p>
396 pub fn destination_encryption_algorithm(mut self, input: crate::types::EncryptionAlgorithmSpec) -> Self {
397 self.destination_encryption_algorithm = ::std::option::Option::Some(input);
398 self
399 }
400 /// <p>Specifies the encryption algorithm that KMS will use to reecrypt the data after it has decrypted it. The default value, <code>SYMMETRIC_DEFAULT</code>, represents the encryption algorithm used for symmetric encryption KMS keys.</p>
401 /// <p>This parameter is required only when the destination KMS key is an asymmetric KMS key.</p>
402 pub fn set_destination_encryption_algorithm(mut self, input: ::std::option::Option<crate::types::EncryptionAlgorithmSpec>) -> Self {
403 self.destination_encryption_algorithm = input;
404 self
405 }
406 /// <p>Specifies the encryption algorithm that KMS will use to reecrypt the data after it has decrypted it. The default value, <code>SYMMETRIC_DEFAULT</code>, represents the encryption algorithm used for symmetric encryption KMS keys.</p>
407 /// <p>This parameter is required only when the destination KMS key is an asymmetric KMS key.</p>
408 pub fn get_destination_encryption_algorithm(&self) -> &::std::option::Option<crate::types::EncryptionAlgorithmSpec> {
409 &self.destination_encryption_algorithm
410 }
411 /// Appends an item to `grant_tokens`.
412 ///
413 /// To override the contents of this collection use [`set_grant_tokens`](Self::set_grant_tokens).
414 ///
415 /// <p>A list of grant tokens.</p>
416 /// <p>Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved <i>eventual consistency</i>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">Grant token</a> and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token">Using a grant token</a> in the <i>Key Management Service Developer Guide</i>.</p>
417 pub fn grant_tokens(mut self, input: impl ::std::convert::Into<::std::string::String>) -> Self {
418 let mut v = self.grant_tokens.unwrap_or_default();
419 v.push(input.into());
420 self.grant_tokens = ::std::option::Option::Some(v);
421 self
422 }
423 /// <p>A list of grant tokens.</p>
424 /// <p>Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved <i>eventual consistency</i>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">Grant token</a> and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token">Using a grant token</a> in the <i>Key Management Service Developer Guide</i>.</p>
425 pub fn set_grant_tokens(mut self, input: ::std::option::Option<::std::vec::Vec<::std::string::String>>) -> Self {
426 self.grant_tokens = input;
427 self
428 }
429 /// <p>A list of grant tokens.</p>
430 /// <p>Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved <i>eventual consistency</i>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">Grant token</a> and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token">Using a grant token</a> in the <i>Key Management Service Developer Guide</i>.</p>
431 pub fn get_grant_tokens(&self) -> &::std::option::Option<::std::vec::Vec<::std::string::String>> {
432 &self.grant_tokens
433 }
434 /// <p>Checks if your request will succeed. <code>DryRun</code> is an optional parameter.</p>
435 /// <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html">Testing your KMS API calls</a> in the <i>Key Management Service Developer Guide</i>.</p>
436 pub fn dry_run(mut self, input: bool) -> Self {
437 self.dry_run = ::std::option::Option::Some(input);
438 self
439 }
440 /// <p>Checks if your request will succeed. <code>DryRun</code> is an optional parameter.</p>
441 /// <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html">Testing your KMS API calls</a> in the <i>Key Management Service Developer Guide</i>.</p>
442 pub fn set_dry_run(mut self, input: ::std::option::Option<bool>) -> Self {
443 self.dry_run = input;
444 self
445 }
446 /// <p>Checks if your request will succeed. <code>DryRun</code> is an optional parameter.</p>
447 /// <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html">Testing your KMS API calls</a> in the <i>Key Management Service Developer Guide</i>.</p>
448 pub fn get_dry_run(&self) -> &::std::option::Option<bool> {
449 &self.dry_run
450 }
451 /// Consumes the builder and constructs a [`ReEncryptInput`](crate::operation::re_encrypt::ReEncryptInput).
452 pub fn build(self) -> ::std::result::Result<crate::operation::re_encrypt::ReEncryptInput, ::aws_smithy_types::error::operation::BuildError> {
453 ::std::result::Result::Ok(crate::operation::re_encrypt::ReEncryptInput {
454 ciphertext_blob: self.ciphertext_blob,
455 source_encryption_context: self.source_encryption_context,
456 source_key_id: self.source_key_id,
457 destination_key_id: self.destination_key_id,
458 destination_encryption_context: self.destination_encryption_context,
459 source_encryption_algorithm: self.source_encryption_algorithm,
460 destination_encryption_algorithm: self.destination_encryption_algorithm,
461 grant_tokens: self.grant_tokens,
462 dry_run: self.dry_run,
463 })
464 }
465}