// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. // Package kms provides the client and types for making API // requests to AWS Key Management Service. // // Key Management Service (KMS) is an encryption and key management web service. // This guide describes the KMS operations that you can call programmatically. // For general information about KMS, see the Key Management Service Developer // Guide (https://docs.aws.amazon.com/kms/latest/developerguide/). // // KMS is replacing the term customer master key (CMK) with KMS key and KMS // key. The concept has not changed. To prevent breaking changes, KMS is keeping // some variations of this term. // // Amazon Web Services provides SDKs that consist of libraries and sample code // for various programming languages and platforms (Java, Ruby, .Net, macOS, // Android, etc.). The SDKs provide a convenient way to create programmatic // access to KMS and other Amazon Web Services services. For example, the SDKs // take care of tasks such as signing requests (see below), managing errors, // and retrying requests automatically. For more information about the Amazon // Web Services SDKs, including how to download and install them, see Tools // for Amazon Web Services (http://aws.amazon.com/tools/). // // We recommend that you use the Amazon Web Services SDKs to make programmatic // API calls to KMS. // // If you need to use FIPS 140-2 validated cryptographic modules when communicating // with Amazon Web Services, use the FIPS endpoint in your preferred Amazon // Web Services Region. For more information about the available FIPS endpoints, // see Service endpoints (https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region) // in the Key Management Service topic of the Amazon Web Services General Reference. // // All KMS API calls must be signed and be transmitted using Transport Layer // Security (TLS). KMS recommends you always use the latest supported TLS version. // Clients must also support cipher suites with Perfect Forward Secrecy (PFS) // such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman // (ECDHE). Most modern systems such as Java 7 and later support these modes. // // Signing Requests // // Requests must be signed by using an access key ID and a secret access key. // We strongly recommend that you do not use your Amazon Web Services account // (root) access key ID and secret key for everyday work with KMS. Instead, // use the access key ID and secret access key for an IAM user. You can also // use the Amazon Web Services Security Token Service to generate temporary // security credentials that you can use to sign requests. // // All KMS operations require Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). // // Logging API Requests // // KMS supports CloudTrail, a service that logs Amazon Web Services API calls // and related events for your Amazon Web Services account and delivers them // to an Amazon S3 bucket that you specify. By using the information collected // by CloudTrail, you can determine what requests were made to KMS, who made // the request, when it was made, and so on. To learn more about CloudTrail, // including how to turn it on and find your log files, see the CloudTrail User // Guide (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/). // // Additional Resources // // For more information about credentials and request signing, see the following: // // * Amazon Web Services Security Credentials (https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html) // - This topic provides general information about the types of credentials // used to access Amazon Web Services. // // * Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) // - This section of the IAM User Guide describes how to create and use temporary // security credentials. // // * Signature Version 4 Signing Process (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) // - This set of topics walks you through the process of signing a request // using an access key ID and a secret access key. // // Commonly Used API Operations // // Of the API operations discussed in this guide, the following will prove the // most useful for most applications. You will likely perform operations other // than these, such as creating keys and assigning policies, by using the console. // // * Encrypt // // * Decrypt // // * GenerateDataKey // // * GenerateDataKeyWithoutPlaintext // // See https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01 for more information on this service. // // See kms package documentation for more information. // https://docs.aws.amazon.com/sdk-for-go/api/service/kms/ // // Using the Client // // To contact AWS Key Management Service with the SDK use the New function to create // a new service client. With that client you can make API requests to the service. // These clients are safe to use concurrently. // // See the SDK's documentation for more information on how to use the SDK. // https://docs.aws.amazon.com/sdk-for-go/api/ // // See aws.Config documentation for more information on configuring SDK clients. // https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config // // See the AWS Key Management Service client KMS for more // information on creating client for this service. // https://docs.aws.amazon.com/sdk-for-go/api/service/kms/#New package kms