Copyright	(c) 2013-2023 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay
Stability	auto-generated
Portability	non-portable (GHC extensions)
Safe Haskell	Safe-Inferred
Language	Haskell2010

Amazonka.KMS.GetParametersForImport

Contents

Creating a Request
Request Lenses
Destructuring the Response
Response Lenses

Description

Returns the items you need to import key material into a symmetric encryption KMS key. For more information about importing key material into KMS, see Importing key material in the Key Management Service Developer Guide.

This operation returns a public key and an import token. Use the public key to encrypt the symmetric key material. Store the import token to send with a subsequent ImportKeyMaterial request.

You must specify the key ID of the symmetric encryption KMS key into which you will import key material. The KMS key Origin must be EXTERNAL. You must also specify the wrapping algorithm and type of wrapping key (public key) that you will use to encrypt the key material. You cannot perform this operation on an asymmetric KMS key, an HMAC KMS key, or on any KMS key in a different Amazon Web Services account.

To import key material, you must use the public key and import token from the same response. These items are valid for 24 hours. The expiration date and time appear in the GetParametersForImport response. You cannot use an expired token in an ImportKeyMaterial request. If your key and token expire, send another GetParametersForImport request.

The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

Required permissions: kms:GetParametersForImport (key policy)

Related operations:

ImportKeyMaterial
DeleteImportedKeyMaterial

Synopsis

Creating a Request

data GetParametersForImport Source #

See: newGetParametersForImport smart constructor.

Constructors

GetParametersForImport'

Fields

keyId :: Text
The identifier of the symmetric encryption KMS key into which you will import key material. The Origin of the KMS key must be EXTERNAL.
Specify the key ID or key ARN of the KMS key.
For example:
- Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
- Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
wrappingAlgorithm :: AlgorithmSpec
The algorithm you will use to encrypt the key material before importing it with ImportKeyMaterial. For more information, see Encrypt the Key Material in the Key Management Service Developer Guide.
wrappingKeySpec :: WrappingKeySpec
The type of wrapping key (public key) to return in the response. Only 2048-bit RSA public keys are supported.

Instances

Instances details

ToJSON GetParametersForImport Source #
Instance details Defined in Amazonka.KMS.GetParametersForImport Methods toJSON :: GetParametersForImport -> Value # toEncoding :: GetParametersForImport -> Encoding # toJSONList :: [GetParametersForImport] -> Value # toEncodingList :: [GetParametersForImport] -> Encoding #
ToHeaders GetParametersForImport Source #
Instance details Defined in Amazonka.KMS.GetParametersForImport Methods toHeaders :: GetParametersForImport -> [Header] #
ToPath GetParametersForImport Source #
Instance details Defined in Amazonka.KMS.GetParametersForImport Methods toPath :: GetParametersForImport -> ByteString #
ToQuery GetParametersForImport Source #
Instance details Defined in Amazonka.KMS.GetParametersForImport Methods toQuery :: GetParametersForImport -> QueryString #
AWSRequest GetParametersForImport Source #
Instance details Defined in Amazonka.KMS.GetParametersForImport Associated Types type AWSResponse GetParametersForImport # Methods request :: (Service -> Service) -> GetParametersForImport -> Request GetParametersForImport # response :: MonadResource m => (ByteStringLazy -> IO ByteStringLazy) -> Service -> Proxy GetParametersForImport -> ClientResponse ClientBody -> m (Either Error (ClientResponse (AWSResponse GetParametersForImport))) #
Generic GetParametersForImport Source #
Instance details Defined in Amazonka.KMS.GetParametersForImport Associated Types type Rep GetParametersForImport :: Type -> Type # Methods from :: GetParametersForImport -> Rep GetParametersForImport x # to :: Rep GetParametersForImport x -> GetParametersForImport #
Read GetParametersForImport Source #
Instance details Defined in Amazonka.KMS.GetParametersForImport Methods readsPrec :: Int -> ReadS GetParametersForImport # readList :: ReadS [GetParametersForImport] # readPrec :: ReadPrec GetParametersForImport # readListPrec :: ReadPrec [GetParametersForImport] #
Show GetParametersForImport Source #
Instance details Defined in Amazonka.KMS.GetParametersForImport Methods showsPrec :: Int -> GetParametersForImport -> ShowS # show :: GetParametersForImport -> String # showList :: [GetParametersForImport] -> ShowS #
NFData GetParametersForImport Source #
Instance details Defined in Amazonka.KMS.GetParametersForImport Methods rnf :: GetParametersForImport -> () #
Eq GetParametersForImport Source #
Instance details Defined in Amazonka.KMS.GetParametersForImport Methods (==) :: GetParametersForImport -> GetParametersForImport -> Bool # (/=) :: GetParametersForImport -> GetParametersForImport -> Bool #
Hashable GetParametersForImport Source #
Instance details Defined in Amazonka.KMS.GetParametersForImport Methods hashWithSalt :: Int -> GetParametersForImport -> Int # hash :: GetParametersForImport -> Int #
type AWSResponse GetParametersForImport Source #
Instance details Defined in Amazonka.KMS.GetParametersForImport type AWSResponse GetParametersForImport = GetParametersForImportResponse
type Rep GetParametersForImport Source #
Instance details Defined in Amazonka.KMS.GetParametersForImport type Rep GetParametersForImport = D1 ('MetaData "GetParametersForImport" "Amazonka.KMS.GetParametersForImport" "amazonka-kms-2.0-6YhT3Ymbf9Z5PoaGoz7tbG" 'False) (C1 ('MetaCons "GetParametersForImport'" 'PrefixI 'True) (S1 ('MetaSel ('Just "keyId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :: (S1 ('MetaSel ('Just "wrappingAlgorithm") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 AlgorithmSpec) :: S1 ('MetaSel ('Just "wrappingKeySpec") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 WrappingKeySpec))))

newGetParametersForImport Source #

Arguments

:: Text	`GetParametersForImport`
-> AlgorithmSpec	`$sel:wrappingAlgorithm:GetParametersForImport'`
-> WrappingKeySpec	`$sel:wrappingKeySpec:GetParametersForImport'`
-> GetParametersForImport

Create a value of GetParametersForImport with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

GetParametersForImport, getParametersForImport_keyId - The identifier of the symmetric encryption KMS key into which you will import key material. The Origin of the KMS key must be EXTERNAL.

Specify the key ID or key ARN of the KMS key.

For example:

Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

$sel:wrappingAlgorithm:GetParametersForImport', getParametersForImport_wrappingAlgorithm - The algorithm you will use to encrypt the key material before importing it with ImportKeyMaterial. For more information, see Encrypt the Key Material in the Key Management Service Developer Guide.

$sel:wrappingKeySpec:GetParametersForImport', getParametersForImport_wrappingKeySpec - The type of wrapping key (public key) to return in the response. Only 2048-bit RSA public keys are supported.

Request Lenses

getParametersForImport_keyId :: Lens' GetParametersForImport Text Source #

The identifier of the symmetric encryption KMS key into which you will import key material. The Origin of the KMS key must be EXTERNAL.

Specify the key ID or key ARN of the KMS key.

For example:

Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

getParametersForImport_wrappingAlgorithm :: Lens' GetParametersForImport AlgorithmSpec Source #

The algorithm you will use to encrypt the key material before importing it with ImportKeyMaterial. For more information, see Encrypt the Key Material in the Key Management Service Developer Guide.

getParametersForImport_wrappingKeySpec :: Lens' GetParametersForImport WrappingKeySpec Source #

The type of wrapping key (public key) to return in the response. Only 2048-bit RSA public keys are supported.

Destructuring the Response

data GetParametersForImportResponse Source #

See: newGetParametersForImportResponse smart constructor.

Constructors

GetParametersForImportResponse'

Fields

importToken :: Maybe Base64
The import token to send in a subsequent ImportKeyMaterial request.
keyId :: Maybe Text
The Amazon Resource Name (key ARN) of the KMS key to use in a subsequent ImportKeyMaterial request. This is the same KMS key specified in the GetParametersForImport request.
parametersValidTo :: Maybe POSIX
The time at which the import token and public key are no longer valid. After this time, you cannot use them to make an ImportKeyMaterial request and you must send another GetParametersForImport request to get new ones.
publicKey :: Maybe (Sensitive Base64)
The public key to use to encrypt the key material before importing it with ImportKeyMaterial.
httpStatus :: Int
The response's http status code.

Instances

Instances details

Generic GetParametersForImportResponse Source #
Instance details Defined in Amazonka.KMS.GetParametersForImport Associated Types type Rep GetParametersForImportResponse :: Type -> Type # Methods from :: GetParametersForImportResponse -> Rep GetParametersForImportResponse x # to :: Rep GetParametersForImportResponse x -> GetParametersForImportResponse #
Show GetParametersForImportResponse Source #
Instance details Defined in Amazonka.KMS.GetParametersForImport Methods showsPrec :: Int -> GetParametersForImportResponse -> ShowS # show :: GetParametersForImportResponse -> String # showList :: [GetParametersForImportResponse] -> ShowS #
NFData GetParametersForImportResponse Source #
Instance details Defined in Amazonka.KMS.GetParametersForImport Methods rnf :: GetParametersForImportResponse -> () #
Eq GetParametersForImportResponse Source #
Instance details Defined in Amazonka.KMS.GetParametersForImport Methods (==) :: GetParametersForImportResponse -> GetParametersForImportResponse -> Bool # (/=) :: GetParametersForImportResponse -> GetParametersForImportResponse -> Bool #
type Rep GetParametersForImportResponse Source #
Instance details Defined in Amazonka.KMS.GetParametersForImport type Rep GetParametersForImportResponse = D1 ('MetaData "GetParametersForImportResponse" "Amazonka.KMS.GetParametersForImport" "amazonka-kms-2.0-6YhT3Ymbf9Z5PoaGoz7tbG" 'False) (C1 ('MetaCons "GetParametersForImportResponse'" 'PrefixI 'True) ((S1 ('MetaSel ('Just "importToken") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Base64)) :: S1 ('MetaSel ('Just "keyId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text))) :: (S1 ('MetaSel ('Just "parametersValidTo") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe POSIX)) :: (S1 ('MetaSel ('Just "publicKey") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe (Sensitive Base64))) :: S1 ('MetaSel ('Just "httpStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Int)))))

newGetParametersForImportResponse Source #

Arguments

:: Int	`$sel:httpStatus:GetParametersForImportResponse'`
-> GetParametersForImportResponse

Create a value of GetParametersForImportResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:importToken:GetParametersForImportResponse', getParametersForImportResponse_importToken - The import token to send in a subsequent ImportKeyMaterial request.-- -- Note: This Lens automatically encodes and decodes Base64 data. -- The underlying isomorphism will encode to Base64 representation during -- serialisation, and decode from Base64 representation during deserialisation. -- This Lens accepts and returns only raw unencoded data.

GetParametersForImport, getParametersForImportResponse_keyId - The Amazon Resource Name (key ARN) of the KMS key to use in a subsequent ImportKeyMaterial request. This is the same KMS key specified in the GetParametersForImport request.

$sel:parametersValidTo:GetParametersForImportResponse', getParametersForImportResponse_parametersValidTo - The time at which the import token and public key are no longer valid. After this time, you cannot use them to make an ImportKeyMaterial request and you must send another GetParametersForImport request to get new ones.

$sel:publicKey:GetParametersForImportResponse', getParametersForImportResponse_publicKey - The public key to use to encrypt the key material before importing it with ImportKeyMaterial.-- -- Note: This Lens automatically encodes and decodes Base64 data. -- The underlying isomorphism will encode to Base64 representation during -- serialisation, and decode from Base64 representation during deserialisation. -- This Lens accepts and returns only raw unencoded data.

$sel:httpStatus:GetParametersForImportResponse', getParametersForImportResponse_httpStatus - The response's http status code.

Response Lenses

getParametersForImportResponse_importToken :: Lens' GetParametersForImportResponse (Maybe ByteString) Source #

The import token to send in a subsequent ImportKeyMaterial request.-- -- Note: This Lens automatically encodes and decodes Base64 data. -- The underlying isomorphism will encode to Base64 representation during -- serialisation, and decode from Base64 representation during deserialisation. -- This Lens accepts and returns only raw unencoded data.

getParametersForImportResponse_keyId :: Lens' GetParametersForImportResponse (Maybe Text) Source #

The Amazon Resource Name (key ARN) of the KMS key to use in a subsequent ImportKeyMaterial request. This is the same KMS key specified in the GetParametersForImport request.

getParametersForImportResponse_parametersValidTo :: Lens' GetParametersForImportResponse (Maybe UTCTime) Source #

The time at which the import token and public key are no longer valid. After this time, you cannot use them to make an ImportKeyMaterial request and you must send another GetParametersForImport request to get new ones.

getParametersForImportResponse_publicKey :: Lens' GetParametersForImportResponse (Maybe ByteString) Source #

The public key to use to encrypt the key material before importing it with ImportKeyMaterial.-- -- Note: This Lens automatically encodes and decodes Base64 data. -- The underlying isomorphism will encode to Base64 representation during -- serialisation, and decode from Base64 representation during deserialisation. -- This Lens accepts and returns only raw unencoded data.

getParametersForImportResponse_httpStatus :: Lens' GetParametersForImportResponse Int Source #

The response's http status code.