{-# LANGUAGE DeriveGeneric #-} {-# LANGUAGE DuplicateRecordFields #-} {-# LANGUAGE NamedFieldPuns #-} {-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE RecordWildCards #-} {-# LANGUAGE StrictData #-} {-# LANGUAGE NoImplicitPrelude #-} {-# OPTIONS_GHC -fno-warn-unused-imports #-} {-# OPTIONS_GHC -fno-warn-unused-matches #-} -- Derived from AWS service descriptions, licensed under Apache 2.0. -- | -- Module : Amazonka.ECR.Types.EncryptionConfiguration -- Copyright : (c) 2013-2023 Brendan Hay -- License : Mozilla Public License, v. 2.0. -- Maintainer : Brendan Hay -- Stability : auto-generated -- Portability : non-portable (GHC extensions) module Amazonka.ECR.Types.EncryptionConfiguration where import qualified Amazonka.Core as Core import qualified Amazonka.Core.Lens.Internal as Lens import qualified Amazonka.Data as Data import Amazonka.ECR.Types.EncryptionType import qualified Amazonka.Prelude as Prelude -- | The encryption configuration for the repository. This determines how the -- contents of your repository are encrypted at rest. -- -- By default, when no encryption configuration is set or the @AES256@ -- encryption type is used, Amazon ECR uses server-side encryption with -- Amazon S3-managed encryption keys which encrypts your data at rest using -- an AES-256 encryption algorithm. This does not require any action on -- your part. -- -- For more control over the encryption of the contents of your repository, -- you can use server-side encryption with Key Management Service key -- stored in Key Management Service (KMS) to encrypt your images. For more -- information, see -- -- in the /Amazon Elastic Container Registry User Guide/. -- -- /See:/ 'newEncryptionConfiguration' smart constructor. data EncryptionConfiguration = EncryptionConfiguration' { -- | If you use the @KMS@ encryption type, specify the KMS key to use for -- encryption. The alias, key ID, or full ARN of the KMS key can be -- specified. The key must exist in the same Region as the repository. If -- no key is specified, the default Amazon Web Services managed KMS key for -- Amazon ECR will be used. kmsKey :: Prelude.Maybe Prelude.Text, -- | The encryption type to use. -- -- If you use the @KMS@ encryption type, the contents of the repository -- will be encrypted using server-side encryption with Key Management -- Service key stored in KMS. When you use KMS to encrypt your data, you -- can either use the default Amazon Web Services managed KMS key for -- Amazon ECR, or specify your own KMS key, which you already created. For -- more information, see -- -- in the /Amazon Simple Storage Service Console Developer Guide/. -- -- If you use the @AES256@ encryption type, Amazon ECR uses server-side -- encryption with Amazon S3-managed encryption keys which encrypts the -- images in the repository using an AES-256 encryption algorithm. For more -- information, see -- -- in the /Amazon Simple Storage Service Console Developer Guide/. encryptionType :: EncryptionType } deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic) -- | -- Create a value of 'EncryptionConfiguration' with all optional fields omitted. -- -- Use or to modify other optional fields. -- -- The following record fields are available, with the corresponding lenses provided -- for backwards compatibility: -- -- 'kmsKey', 'encryptionConfiguration_kmsKey' - If you use the @KMS@ encryption type, specify the KMS key to use for -- encryption. The alias, key ID, or full ARN of the KMS key can be -- specified. The key must exist in the same Region as the repository. If -- no key is specified, the default Amazon Web Services managed KMS key for -- Amazon ECR will be used. -- -- 'encryptionType', 'encryptionConfiguration_encryptionType' - The encryption type to use. -- -- If you use the @KMS@ encryption type, the contents of the repository -- will be encrypted using server-side encryption with Key Management -- Service key stored in KMS. When you use KMS to encrypt your data, you -- can either use the default Amazon Web Services managed KMS key for -- Amazon ECR, or specify your own KMS key, which you already created. For -- more information, see -- -- in the /Amazon Simple Storage Service Console Developer Guide/. -- -- If you use the @AES256@ encryption type, Amazon ECR uses server-side -- encryption with Amazon S3-managed encryption keys which encrypts the -- images in the repository using an AES-256 encryption algorithm. For more -- information, see -- -- in the /Amazon Simple Storage Service Console Developer Guide/. newEncryptionConfiguration :: -- | 'encryptionType' EncryptionType -> EncryptionConfiguration newEncryptionConfiguration pEncryptionType_ = EncryptionConfiguration' { kmsKey = Prelude.Nothing, encryptionType = pEncryptionType_ } -- | If you use the @KMS@ encryption type, specify the KMS key to use for -- encryption. The alias, key ID, or full ARN of the KMS key can be -- specified. The key must exist in the same Region as the repository. If -- no key is specified, the default Amazon Web Services managed KMS key for -- Amazon ECR will be used. encryptionConfiguration_kmsKey :: Lens.Lens' EncryptionConfiguration (Prelude.Maybe Prelude.Text) encryptionConfiguration_kmsKey = Lens.lens (\EncryptionConfiguration' {kmsKey} -> kmsKey) (\s@EncryptionConfiguration' {} a -> s {kmsKey = a} :: EncryptionConfiguration) -- | The encryption type to use. -- -- If you use the @KMS@ encryption type, the contents of the repository -- will be encrypted using server-side encryption with Key Management -- Service key stored in KMS. When you use KMS to encrypt your data, you -- can either use the default Amazon Web Services managed KMS key for -- Amazon ECR, or specify your own KMS key, which you already created. For -- more information, see -- -- in the /Amazon Simple Storage Service Console Developer Guide/. -- -- If you use the @AES256@ encryption type, Amazon ECR uses server-side -- encryption with Amazon S3-managed encryption keys which encrypts the -- images in the repository using an AES-256 encryption algorithm. For more -- information, see -- -- in the /Amazon Simple Storage Service Console Developer Guide/. encryptionConfiguration_encryptionType :: Lens.Lens' EncryptionConfiguration EncryptionType encryptionConfiguration_encryptionType = Lens.lens (\EncryptionConfiguration' {encryptionType} -> encryptionType) (\s@EncryptionConfiguration' {} a -> s {encryptionType = a} :: EncryptionConfiguration) instance Data.FromJSON EncryptionConfiguration where parseJSON = Data.withObject "EncryptionConfiguration" ( \x -> EncryptionConfiguration' Prelude.<$> (x Data..:? "kmsKey") Prelude.<*> (x Data..: "encryptionType") ) instance Prelude.Hashable EncryptionConfiguration where hashWithSalt _salt EncryptionConfiguration' {..} = _salt `Prelude.hashWithSalt` kmsKey `Prelude.hashWithSalt` encryptionType instance Prelude.NFData EncryptionConfiguration where rnf EncryptionConfiguration' {..} = Prelude.rnf kmsKey `Prelude.seq` Prelude.rnf encryptionType instance Data.ToJSON EncryptionConfiguration where toJSON EncryptionConfiguration' {..} = Data.object ( Prelude.catMaybes [ ("kmsKey" Data..=) Prelude.<$> kmsKey, Prelude.Just ("encryptionType" Data..= encryptionType) ] )