1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
|
// Code generated by smithy-go-codegen DO NOT EDIT.
package kms
import (
"context"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
"github.com/aws/aws-sdk-go-v2/service/kms/types"
"github.com/aws/smithy-go/middleware"
smithyhttp "github.com/aws/smithy-go/transport/http"
"time"
)
// Returns the items you need to import key material into a symmetric encryption
// KMS key. For more information about importing key material into KMS, see
// Importing key material
// (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) in
// the Key Management Service Developer Guide. This operation returns a public key
// and an import token. Use the public key to encrypt the symmetric key material.
// Store the import token to send with a subsequent ImportKeyMaterial request. You
// must specify the key ID of the symmetric encryption KMS key into which you will
// import key material. This KMS key's Origin must be EXTERNAL. You must also
// specify the wrapping algorithm and type of wrapping key (public key) that you
// will use to encrypt the key material. You cannot perform this operation on an
// asymmetric KMS key, an HMAC KMS key, or on any KMS key in a different Amazon Web
// Services account. To import key material, you must use the public key and import
// token from the same response. These items are valid for 24 hours. The expiration
// date and time appear in the GetParametersForImport response. You cannot use an
// expired token in an ImportKeyMaterial request. If your key and token expire,
// send another GetParametersForImport request. The KMS key that you use for this
// operation must be in a compatible key state. For details, see Key states of KMS
// keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) in
// the Key Management Service Developer Guide. Cross-account use: No. You cannot
// perform this operation on a KMS key in a different Amazon Web Services account.
// Required permissions: kms:GetParametersForImport
// (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html)
// (key policy) Related operations:
//
// * ImportKeyMaterial
//
// *
// DeleteImportedKeyMaterial
func (c *Client) GetParametersForImport(ctx context.Context, params *GetParametersForImportInput, optFns ...func(*Options)) (*GetParametersForImportOutput, error) {
if params == nil {
params = &GetParametersForImportInput{}
}
result, metadata, err := c.invokeOperation(ctx, "GetParametersForImport", params, optFns, c.addOperationGetParametersForImportMiddlewares)
if err != nil {
return nil, err
}
out := result.(*GetParametersForImportOutput)
out.ResultMetadata = metadata
return out, nil
}
type GetParametersForImportInput struct {
// The identifier of the symmetric encryption KMS key into which you will import
// key material. The Origin of the KMS key must be EXTERNAL. Specify the key ID or
// key ARN of the KMS key. For example:
//
// * Key ID:
// 1234abcd-12ab-34cd-56ef-1234567890ab
//
// * Key ARN:
// arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
//
// To
// get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
//
// This member is required.
KeyId *string
// The algorithm you will use to encrypt the key material before importing it with
// ImportKeyMaterial. For more information, see Encrypt the Key Material
// (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-encrypt-key-material.html)
// in the Key Management Service Developer Guide.
//
// This member is required.
WrappingAlgorithm types.AlgorithmSpec
// The type of wrapping key (public key) to return in the response. Only 2048-bit
// RSA public keys are supported.
//
// This member is required.
WrappingKeySpec types.WrappingKeySpec
noSmithyDocumentSerde
}
type GetParametersForImportOutput struct {
// The import token to send in a subsequent ImportKeyMaterial request.
ImportToken []byte
// The Amazon Resource Name (key ARN
// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN))
// of the KMS key to use in a subsequent ImportKeyMaterial request. This is the
// same KMS key specified in the GetParametersForImport request.
KeyId *string
// The time at which the import token and public key are no longer valid. After
// this time, you cannot use them to make an ImportKeyMaterial request and you must
// send another GetParametersForImport request to get new ones.
ParametersValidTo *time.Time
// The public key to use to encrypt the key material before importing it with
// ImportKeyMaterial.
PublicKey []byte
// Metadata pertaining to the operation's result.
ResultMetadata middleware.Metadata
noSmithyDocumentSerde
}
func (c *Client) addOperationGetParametersForImportMiddlewares(stack *middleware.Stack, options Options) (err error) {
err = stack.Serialize.Add(&awsAwsjson11_serializeOpGetParametersForImport{}, middleware.After)
if err != nil {
return err
}
err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpGetParametersForImport{}, middleware.After)
if err != nil {
return err
}
if err = addSetLoggerMiddleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
return err
}
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
return err
}
if err = addResolveEndpointMiddleware(stack, options); err != nil {
return err
}
if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
return err
}
if err = addRetryMiddlewares(stack, options); err != nil {
return err
}
if err = addHTTPSignerV4Middleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
return err
}
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
return err
}
if err = addClientUserAgent(stack); err != nil {
return err
}
if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = addOpGetParametersForImportValidationMiddleware(stack); err != nil {
return err
}
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetParametersForImport(options.Region), middleware.Before); err != nil {
return err
}
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
return err
}
if err = addResponseErrorMiddleware(stack); err != nil {
return err
}
if err = addRequestResponseLogging(stack, options); err != nil {
return err
}
return nil
}
func newServiceMetadataMiddleware_opGetParametersForImport(region string) *awsmiddleware.RegisterServiceMetadata {
return &awsmiddleware.RegisterServiceMetadata{
Region: region,
ServiceID: ServiceID,
SigningName: "kms",
OperationName: "GetParametersForImport",
}
}
|
