Skip to content

KMSClient#

Index > KMS > KMSClient

Auto-generated documentation for KMS type annotations stubs module mypy-boto3-kms.

KMSClient#

Type annotations and code completion for boto3.client("kms"). boto3 documentation

# KMSClient usage example

from boto3.session import Session
from mypy_boto3_kms.client import KMSClient

def get_kms_client() -> KMSClient:
    return Session().client("kms")

Exceptions#

boto3 client exceptions are generated in runtime. This class provides code completion for boto3.client("kms").exceptions structure.

# Exceptions.exceptions usage example

client = boto3.client("kms")

try:
    do_something(client)
except (
    client.exceptions.AlreadyExistsException,
    client.exceptions.ClientError,
    client.exceptions.CloudHsmClusterInUseException,
    client.exceptions.CloudHsmClusterInvalidConfigurationException,
    client.exceptions.CloudHsmClusterNotActiveException,
    client.exceptions.CloudHsmClusterNotFoundException,
    client.exceptions.CloudHsmClusterNotRelatedException,
    client.exceptions.CustomKeyStoreHasCMKsException,
    client.exceptions.CustomKeyStoreInvalidStateException,
    client.exceptions.CustomKeyStoreNameInUseException,
    client.exceptions.CustomKeyStoreNotFoundException,
    client.exceptions.DependencyTimeoutException,
    client.exceptions.DisabledException,
    client.exceptions.DryRunOperationException,
    client.exceptions.ExpiredImportTokenException,
    client.exceptions.IncorrectKeyException,
    client.exceptions.IncorrectKeyMaterialException,
    client.exceptions.IncorrectTrustAnchorException,
    client.exceptions.InvalidAliasNameException,
    client.exceptions.InvalidArnException,
    client.exceptions.InvalidCiphertextException,
    client.exceptions.InvalidGrantIdException,
    client.exceptions.InvalidGrantTokenException,
    client.exceptions.InvalidImportTokenException,
    client.exceptions.InvalidKeyUsageException,
    client.exceptions.InvalidMarkerException,
    client.exceptions.KMSInternalException,
    client.exceptions.KMSInvalidMacException,
    client.exceptions.KMSInvalidSignatureException,
    client.exceptions.KMSInvalidStateException,
    client.exceptions.KeyUnavailableException,
    client.exceptions.LimitExceededException,
    client.exceptions.MalformedPolicyDocumentException,
    client.exceptions.NotFoundException,
    client.exceptions.TagException,
    client.exceptions.UnsupportedOperationException,
    client.exceptions.XksKeyAlreadyInUseException,
    client.exceptions.XksKeyInvalidConfigurationException,
    client.exceptions.XksKeyNotFoundException,
    client.exceptions.XksProxyIncorrectAuthenticationCredentialException,
    client.exceptions.XksProxyInvalidConfigurationException,
    client.exceptions.XksProxyInvalidResponseException,
    client.exceptions.XksProxyUriEndpointInUseException,
    client.exceptions.XksProxyUriInUseException,
    client.exceptions.XksProxyUriUnreachableException,
    client.exceptions.XksProxyVpcEndpointServiceInUseException,
    client.exceptions.XksProxyVpcEndpointServiceInvalidConfigurationException,
    client.exceptions.XksProxyVpcEndpointServiceNotFoundException,
) as e:
    print(e)
# Exceptions.exceptions type checking example

from mypy_boto3_kms.client import Exceptions

def handle_error(exc: Exceptions.AlreadyExistsException) -> None:
    ...

Methods#

can_paginate#

Check if an operation can be paginated.

Type annotations and code completion for boto3.client("kms").can_paginate method. boto3 documentation

# can_paginate method definition

def can_paginate(
    self,
    operation_name: str,
) -> bool:
    ...

cancel_key_deletion#

Cancels the deletion of a KMS key.

Type annotations and code completion for boto3.client("kms").cancel_key_deletion method. boto3 documentation

# cancel_key_deletion method definition

def cancel_key_deletion(
    self,
    *,
    KeyId: str,
) -> CancelKeyDeletionResponseTypeDef:  # (1)
    ...
  1. See CancelKeyDeletionResponseTypeDef
# cancel_key_deletion method usage example with argument unpacking

kwargs: CancelKeyDeletionRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.cancel_key_deletion(**kwargs)
  1. See CancelKeyDeletionRequestRequestTypeDef

close#

Closes underlying endpoint connections.

Type annotations and code completion for boto3.client("kms").close method. boto3 documentation

# close method definition

def close(
    self,
) -> None:
    ...

connect_custom_key_store#

Connects or reconnects a custom key store to its backing key store.

Type annotations and code completion for boto3.client("kms").connect_custom_key_store method. boto3 documentation

# connect_custom_key_store method definition

def connect_custom_key_store(
    self,
    *,
    CustomKeyStoreId: str,
) -> Dict[str, Any]:
    ...
# connect_custom_key_store method usage example with argument unpacking

kwargs: ConnectCustomKeyStoreRequestRequestTypeDef = {  # (1)
    "CustomKeyStoreId": ...,
}

parent.connect_custom_key_store(**kwargs)
  1. See ConnectCustomKeyStoreRequestRequestTypeDef

create_alias#

Creates a friendly name for a KMS key.

Type annotations and code completion for boto3.client("kms").create_alias method. boto3 documentation

# create_alias method definition

def create_alias(
    self,
    *,
    AliasName: str,
    TargetKeyId: str,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
# create_alias method usage example with argument unpacking

kwargs: CreateAliasRequestRequestTypeDef = {  # (1)
    "AliasName": ...,
    "TargetKeyId": ...,
}

parent.create_alias(**kwargs)
  1. See CreateAliasRequestRequestTypeDef

create_custom_key_store#

Creates a custom key store backed by a key store that you own and manage.

Type annotations and code completion for boto3.client("kms").create_custom_key_store method. boto3 documentation

# create_custom_key_store method definition

def create_custom_key_store(
    self,
    *,
    CustomKeyStoreName: str,
    CloudHsmClusterId: str = ...,
    TrustAnchorCertificate: str = ...,
    KeyStorePassword: str = ...,
    CustomKeyStoreType: CustomKeyStoreTypeType = ...,  # (1)
    XksProxyUriEndpoint: str = ...,
    XksProxyUriPath: str = ...,
    XksProxyVpcEndpointServiceName: str = ...,
    XksProxyAuthenticationCredential: XksProxyAuthenticationCredentialTypeTypeDef = ...,  # (2)
    XksProxyConnectivity: XksProxyConnectivityTypeType = ...,  # (3)
) -> CreateCustomKeyStoreResponseTypeDef:  # (4)
    ...
  1. See CustomKeyStoreTypeType
  2. See XksProxyAuthenticationCredentialTypeTypeDef
  3. See XksProxyConnectivityTypeType
  4. See CreateCustomKeyStoreResponseTypeDef
# create_custom_key_store method usage example with argument unpacking

kwargs: CreateCustomKeyStoreRequestRequestTypeDef = {  # (1)
    "CustomKeyStoreName": ...,
}

parent.create_custom_key_store(**kwargs)
  1. See CreateCustomKeyStoreRequestRequestTypeDef

create_grant#

Adds a grant to a KMS key.

Type annotations and code completion for boto3.client("kms").create_grant method. boto3 documentation

# create_grant method definition

def create_grant(
    self,
    *,
    KeyId: str,
    GranteePrincipal: str,
    Operations: Sequence[GrantOperationType],  # (1)
    RetiringPrincipal: str = ...,
    Constraints: GrantConstraintsTypeDef = ...,  # (2)
    GrantTokens: Sequence[str] = ...,
    Name: str = ...,
    DryRun: bool = ...,
) -> CreateGrantResponseTypeDef:  # (3)
    ...
  1. See GrantOperationType
  2. See GrantConstraintsTypeDef
  3. See CreateGrantResponseTypeDef
# create_grant method usage example with argument unpacking

kwargs: CreateGrantRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "GranteePrincipal": ...,
    "Operations": ...,
}

parent.create_grant(**kwargs)
  1. See CreateGrantRequestRequestTypeDef

create_key#

Creates a unique customer managed KMS key in your Amazon Web Services account and Region.

Type annotations and code completion for boto3.client("kms").create_key method. boto3 documentation

# create_key method definition

def create_key(
    self,
    *,
    Policy: str = ...,
    Description: str = ...,
    KeyUsage: KeyUsageTypeType = ...,  # (1)
    CustomerMasterKeySpec: CustomerMasterKeySpecType = ...,  # (2)
    KeySpec: KeySpecType = ...,  # (3)
    Origin: OriginTypeType = ...,  # (4)
    CustomKeyStoreId: str = ...,
    BypassPolicyLockoutSafetyCheck: bool = ...,
    Tags: Sequence[TagTypeDef] = ...,  # (5)
    MultiRegion: bool = ...,
    XksKeyId: str = ...,
) -> CreateKeyResponseTypeDef:  # (6)
    ...
  1. See KeyUsageTypeType
  2. See CustomerMasterKeySpecType
  3. See KeySpecType
  4. See OriginTypeType
  5. See TagTypeDef
  6. See CreateKeyResponseTypeDef
# create_key method usage example with argument unpacking

kwargs: CreateKeyRequestRequestTypeDef = {  # (1)
    "Policy": ...,
}

parent.create_key(**kwargs)
  1. See CreateKeyRequestRequestTypeDef

decrypt#

Decrypts ciphertext that was encrypted by a KMS key using any of the following operations: * Encrypt * GenerateDataKey * GenerateDataKeyPair * GenerateDataKeyWithoutPlaintext * GenerateDataKeyPairWithoutPlaintext You can use this operation to decrypt ciphertext that was enc...

Type annotations and code completion for boto3.client("kms").decrypt method. boto3 documentation

# decrypt method definition

def decrypt(
    self,
    *,
    CiphertextBlob: Union[str, bytes, IO[Any], StreamingBody],
    EncryptionContext: Mapping[str, str] = ...,
    GrantTokens: Sequence[str] = ...,
    KeyId: str = ...,
    EncryptionAlgorithm: EncryptionAlgorithmSpecType = ...,  # (1)
    Recipient: RecipientInfoTypeDef = ...,  # (2)
    DryRun: bool = ...,
) -> DecryptResponseTypeDef:  # (3)
    ...
  1. See EncryptionAlgorithmSpecType
  2. See RecipientInfoTypeDef
  3. See DecryptResponseTypeDef
# decrypt method usage example with argument unpacking

kwargs: DecryptRequestRequestTypeDef = {  # (1)
    "CiphertextBlob": ...,
}

parent.decrypt(**kwargs)
  1. See DecryptRequestRequestTypeDef

delete_alias#

Deletes the specified alias.

Type annotations and code completion for boto3.client("kms").delete_alias method. boto3 documentation

# delete_alias method definition

def delete_alias(
    self,
    *,
    AliasName: str,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
# delete_alias method usage example with argument unpacking

kwargs: DeleteAliasRequestRequestTypeDef = {  # (1)
    "AliasName": ...,
}

parent.delete_alias(**kwargs)
  1. See DeleteAliasRequestRequestTypeDef

delete_custom_key_store#

Deletes a custom key store.

Type annotations and code completion for boto3.client("kms").delete_custom_key_store method. boto3 documentation

# delete_custom_key_store method definition

def delete_custom_key_store(
    self,
    *,
    CustomKeyStoreId: str,
) -> Dict[str, Any]:
    ...
# delete_custom_key_store method usage example with argument unpacking

kwargs: DeleteCustomKeyStoreRequestRequestTypeDef = {  # (1)
    "CustomKeyStoreId": ...,
}

parent.delete_custom_key_store(**kwargs)
  1. See DeleteCustomKeyStoreRequestRequestTypeDef

delete_imported_key_material#

Deletes key material that was previously imported.

Type annotations and code completion for boto3.client("kms").delete_imported_key_material method. boto3 documentation

# delete_imported_key_material method definition

def delete_imported_key_material(
    self,
    *,
    KeyId: str,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
# delete_imported_key_material method usage example with argument unpacking

kwargs: DeleteImportedKeyMaterialRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.delete_imported_key_material(**kwargs)
  1. See DeleteImportedKeyMaterialRequestRequestTypeDef

describe_custom_key_stores#

Gets information about custom key stores in the account and Region.

Type annotations and code completion for boto3.client("kms").describe_custom_key_stores method. boto3 documentation

# describe_custom_key_stores method definition

def describe_custom_key_stores(
    self,
    *,
    CustomKeyStoreId: str = ...,
    CustomKeyStoreName: str = ...,
    Limit: int = ...,
    Marker: str = ...,
) -> DescribeCustomKeyStoresResponseTypeDef:  # (1)
    ...
  1. See DescribeCustomKeyStoresResponseTypeDef
# describe_custom_key_stores method usage example with argument unpacking

kwargs: DescribeCustomKeyStoresRequestRequestTypeDef = {  # (1)
    "CustomKeyStoreId": ...,
}

parent.describe_custom_key_stores(**kwargs)
  1. See DescribeCustomKeyStoresRequestRequestTypeDef

describe_key#

Provides detailed information about a KMS key.

Type annotations and code completion for boto3.client("kms").describe_key method. boto3 documentation

# describe_key method definition

def describe_key(
    self,
    *,
    KeyId: str,
    GrantTokens: Sequence[str] = ...,
) -> DescribeKeyResponseTypeDef:  # (1)
    ...
  1. See DescribeKeyResponseTypeDef
# describe_key method usage example with argument unpacking

kwargs: DescribeKeyRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.describe_key(**kwargs)
  1. See DescribeKeyRequestRequestTypeDef

disable_key#

Sets the state of a KMS key to disabled.

Type annotations and code completion for boto3.client("kms").disable_key method. boto3 documentation

# disable_key method definition

def disable_key(
    self,
    *,
    KeyId: str,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
# disable_key method usage example with argument unpacking

kwargs: DisableKeyRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.disable_key(**kwargs)
  1. See DisableKeyRequestRequestTypeDef

disable_key_rotation#

Disables automatic rotation of the key material of the specified symmetric encryption KMS key.

Type annotations and code completion for boto3.client("kms").disable_key_rotation method. boto3 documentation

# disable_key_rotation method definition

def disable_key_rotation(
    self,
    *,
    KeyId: str,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
# disable_key_rotation method usage example with argument unpacking

kwargs: DisableKeyRotationRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.disable_key_rotation(**kwargs)
  1. See DisableKeyRotationRequestRequestTypeDef

disconnect_custom_key_store#

Disconnects the custom key store from its backing key store.

Type annotations and code completion for boto3.client("kms").disconnect_custom_key_store method. boto3 documentation

# disconnect_custom_key_store method definition

def disconnect_custom_key_store(
    self,
    *,
    CustomKeyStoreId: str,
) -> Dict[str, Any]:
    ...
# disconnect_custom_key_store method usage example with argument unpacking

kwargs: DisconnectCustomKeyStoreRequestRequestTypeDef = {  # (1)
    "CustomKeyStoreId": ...,
}

parent.disconnect_custom_key_store(**kwargs)
  1. See DisconnectCustomKeyStoreRequestRequestTypeDef

enable_key#

Sets the key state of a KMS key to enabled.

Type annotations and code completion for boto3.client("kms").enable_key method. boto3 documentation

# enable_key method definition

def enable_key(
    self,
    *,
    KeyId: str,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
# enable_key method usage example with argument unpacking

kwargs: EnableKeyRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.enable_key(**kwargs)
  1. See EnableKeyRequestRequestTypeDef

enable_key_rotation#

Enables automatic rotation of the key material of the specified symmetric encryption KMS key.

Type annotations and code completion for boto3.client("kms").enable_key_rotation method. boto3 documentation

# enable_key_rotation method definition

def enable_key_rotation(
    self,
    *,
    KeyId: str,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
# enable_key_rotation method usage example with argument unpacking

kwargs: EnableKeyRotationRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.enable_key_rotation(**kwargs)
  1. See EnableKeyRotationRequestRequestTypeDef

encrypt#

Encrypts plaintext of up to 4,096 bytes using a KMS key.

Type annotations and code completion for boto3.client("kms").encrypt method. boto3 documentation

# encrypt method definition

def encrypt(
    self,
    *,
    KeyId: str,
    Plaintext: Union[str, bytes, IO[Any], StreamingBody],
    EncryptionContext: Mapping[str, str] = ...,
    GrantTokens: Sequence[str] = ...,
    EncryptionAlgorithm: EncryptionAlgorithmSpecType = ...,  # (1)
    DryRun: bool = ...,
) -> EncryptResponseTypeDef:  # (2)
    ...
  1. See EncryptionAlgorithmSpecType
  2. See EncryptResponseTypeDef
# encrypt method usage example with argument unpacking

kwargs: EncryptRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "Plaintext": ...,
}

parent.encrypt(**kwargs)
  1. See EncryptRequestRequestTypeDef

generate_data_key#

Returns a unique symmetric data key for use outside of KMS.

Type annotations and code completion for boto3.client("kms").generate_data_key method. boto3 documentation

# generate_data_key method definition

def generate_data_key(
    self,
    *,
    KeyId: str,
    EncryptionContext: Mapping[str, str] = ...,
    NumberOfBytes: int = ...,
    KeySpec: DataKeySpecType = ...,  # (1)
    GrantTokens: Sequence[str] = ...,
    Recipient: RecipientInfoTypeDef = ...,  # (2)
    DryRun: bool = ...,
) -> GenerateDataKeyResponseTypeDef:  # (3)
    ...
  1. See DataKeySpecType
  2. See RecipientInfoTypeDef
  3. See GenerateDataKeyResponseTypeDef
# generate_data_key method usage example with argument unpacking

kwargs: GenerateDataKeyRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.generate_data_key(**kwargs)
  1. See GenerateDataKeyRequestRequestTypeDef

generate_data_key_pair#

Returns a unique asymmetric data key pair for use outside of KMS.

Type annotations and code completion for boto3.client("kms").generate_data_key_pair method. boto3 documentation

# generate_data_key_pair method definition

def generate_data_key_pair(
    self,
    *,
    KeyId: str,
    KeyPairSpec: DataKeyPairSpecType,  # (1)
    EncryptionContext: Mapping[str, str] = ...,
    GrantTokens: Sequence[str] = ...,
    Recipient: RecipientInfoTypeDef = ...,  # (2)
    DryRun: bool = ...,
) -> GenerateDataKeyPairResponseTypeDef:  # (3)
    ...
  1. See DataKeyPairSpecType
  2. See RecipientInfoTypeDef
  3. See GenerateDataKeyPairResponseTypeDef
# generate_data_key_pair method usage example with argument unpacking

kwargs: GenerateDataKeyPairRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "KeyPairSpec": ...,
}

parent.generate_data_key_pair(**kwargs)
  1. See GenerateDataKeyPairRequestRequestTypeDef

generate_data_key_pair_without_plaintext#

Returns a unique asymmetric data key pair for use outside of KMS.

Type annotations and code completion for boto3.client("kms").generate_data_key_pair_without_plaintext method. boto3 documentation

# generate_data_key_pair_without_plaintext method definition

def generate_data_key_pair_without_plaintext(
    self,
    *,
    KeyId: str,
    KeyPairSpec: DataKeyPairSpecType,  # (1)
    EncryptionContext: Mapping[str, str] = ...,
    GrantTokens: Sequence[str] = ...,
    DryRun: bool = ...,
) -> GenerateDataKeyPairWithoutPlaintextResponseTypeDef:  # (2)
    ...
  1. See DataKeyPairSpecType
  2. See GenerateDataKeyPairWithoutPlaintextResponseTypeDef
# generate_data_key_pair_without_plaintext method usage example with argument unpacking

kwargs: GenerateDataKeyPairWithoutPlaintextRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "KeyPairSpec": ...,
}

parent.generate_data_key_pair_without_plaintext(**kwargs)
  1. See GenerateDataKeyPairWithoutPlaintextRequestRequestTypeDef

generate_data_key_without_plaintext#

Returns a unique symmetric data key for use outside of KMS.

Type annotations and code completion for boto3.client("kms").generate_data_key_without_plaintext method. boto3 documentation

# generate_data_key_without_plaintext method definition

def generate_data_key_without_plaintext(
    self,
    *,
    KeyId: str,
    EncryptionContext: Mapping[str, str] = ...,
    KeySpec: DataKeySpecType = ...,  # (1)
    NumberOfBytes: int = ...,
    GrantTokens: Sequence[str] = ...,
    DryRun: bool = ...,
) -> GenerateDataKeyWithoutPlaintextResponseTypeDef:  # (2)
    ...
  1. See DataKeySpecType
  2. See GenerateDataKeyWithoutPlaintextResponseTypeDef
# generate_data_key_without_plaintext method usage example with argument unpacking

kwargs: GenerateDataKeyWithoutPlaintextRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.generate_data_key_without_plaintext(**kwargs)
  1. See GenerateDataKeyWithoutPlaintextRequestRequestTypeDef

generate_mac#

Generates a hash-based message authentication code (HMAC) for a message using an HMAC KMS key and a MAC algorithm that the key supports.

Type annotations and code completion for boto3.client("kms").generate_mac method. boto3 documentation

# generate_mac method definition

def generate_mac(
    self,
    *,
    Message: Union[str, bytes, IO[Any], StreamingBody],
    KeyId: str,
    MacAlgorithm: MacAlgorithmSpecType,  # (1)
    GrantTokens: Sequence[str] = ...,
    DryRun: bool = ...,
) -> GenerateMacResponseTypeDef:  # (2)
    ...
  1. See MacAlgorithmSpecType
  2. See GenerateMacResponseTypeDef
# generate_mac method usage example with argument unpacking

kwargs: GenerateMacRequestRequestTypeDef = {  # (1)
    "Message": ...,
    "KeyId": ...,
    "MacAlgorithm": ...,
}

parent.generate_mac(**kwargs)
  1. See GenerateMacRequestRequestTypeDef

generate_presigned_url#

Generate a presigned url given a client, its method, and arguments.

Type annotations and code completion for boto3.client("kms").generate_presigned_url method. boto3 documentation

# generate_presigned_url method definition

def generate_presigned_url(
    self,
    ClientMethod: str,
    Params: Mapping[str, Any] = ...,
    ExpiresIn: int = 3600,
    HttpMethod: str = ...,
) -> str:
    ...

generate_random#

Returns a random byte string that is cryptographically secure.

Type annotations and code completion for boto3.client("kms").generate_random method. boto3 documentation

# generate_random method definition

def generate_random(
    self,
    *,
    NumberOfBytes: int = ...,
    CustomKeyStoreId: str = ...,
    Recipient: RecipientInfoTypeDef = ...,  # (1)
) -> GenerateRandomResponseTypeDef:  # (2)
    ...
  1. See RecipientInfoTypeDef
  2. See GenerateRandomResponseTypeDef
# generate_random method usage example with argument unpacking

kwargs: GenerateRandomRequestRequestTypeDef = {  # (1)
    "NumberOfBytes": ...,
}

parent.generate_random(**kwargs)
  1. See GenerateRandomRequestRequestTypeDef

get_key_policy#

Gets a key policy attached to the specified KMS key.

Type annotations and code completion for boto3.client("kms").get_key_policy method. boto3 documentation

# get_key_policy method definition

def get_key_policy(
    self,
    *,
    KeyId: str,
    PolicyName: str = ...,
) -> GetKeyPolicyResponseTypeDef:  # (1)
    ...
  1. See GetKeyPolicyResponseTypeDef
# get_key_policy method usage example with argument unpacking

kwargs: GetKeyPolicyRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.get_key_policy(**kwargs)
  1. See GetKeyPolicyRequestRequestTypeDef

get_key_rotation_status#

Gets a Boolean value that indicates whether automatic rotation of the key material is enabled for the specified KMS key.

Type annotations and code completion for boto3.client("kms").get_key_rotation_status method. boto3 documentation

# get_key_rotation_status method definition

def get_key_rotation_status(
    self,
    *,
    KeyId: str,
) -> GetKeyRotationStatusResponseTypeDef:  # (1)
    ...
  1. See GetKeyRotationStatusResponseTypeDef
# get_key_rotation_status method usage example with argument unpacking

kwargs: GetKeyRotationStatusRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.get_key_rotation_status(**kwargs)
  1. See GetKeyRotationStatusRequestRequestTypeDef

get_parameters_for_import#

Returns the public key and an import token you need to import or reimport key material for a KMS key.

Type annotations and code completion for boto3.client("kms").get_parameters_for_import method. boto3 documentation

# get_parameters_for_import method definition

def get_parameters_for_import(
    self,
    *,
    KeyId: str,
    WrappingAlgorithm: AlgorithmSpecType,  # (1)
    WrappingKeySpec: WrappingKeySpecType,  # (2)
) -> GetParametersForImportResponseTypeDef:  # (3)
    ...
  1. See AlgorithmSpecType
  2. See WrappingKeySpecType
  3. See GetParametersForImportResponseTypeDef
# get_parameters_for_import method usage example with argument unpacking

kwargs: GetParametersForImportRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "WrappingAlgorithm": ...,
    "WrappingKeySpec": ...,
}

parent.get_parameters_for_import(**kwargs)
  1. See GetParametersForImportRequestRequestTypeDef

get_public_key#

Returns the public key of an asymmetric KMS key.

Type annotations and code completion for boto3.client("kms").get_public_key method. boto3 documentation

# get_public_key method definition

def get_public_key(
    self,
    *,
    KeyId: str,
    GrantTokens: Sequence[str] = ...,
) -> GetPublicKeyResponseTypeDef:  # (1)
    ...
  1. See GetPublicKeyResponseTypeDef
# get_public_key method usage example with argument unpacking

kwargs: GetPublicKeyRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.get_public_key(**kwargs)
  1. See GetPublicKeyRequestRequestTypeDef

import_key_material#

Imports or reimports key material into an existing KMS key that was created without key material.

Type annotations and code completion for boto3.client("kms").import_key_material method. boto3 documentation

# import_key_material method definition

def import_key_material(
    self,
    *,
    KeyId: str,
    ImportToken: Union[str, bytes, IO[Any], StreamingBody],
    EncryptedKeyMaterial: Union[str, bytes, IO[Any], StreamingBody],
    ValidTo: Union[datetime, str] = ...,
    ExpirationModel: ExpirationModelTypeType = ...,  # (1)
) -> Dict[str, Any]:
    ...
  1. See ExpirationModelTypeType
# import_key_material method usage example with argument unpacking

kwargs: ImportKeyMaterialRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "ImportToken": ...,
    "EncryptedKeyMaterial": ...,
}

parent.import_key_material(**kwargs)
  1. See ImportKeyMaterialRequestRequestTypeDef

list_aliases#

Gets a list of aliases in the caller's Amazon Web Services account and region.

Type annotations and code completion for boto3.client("kms").list_aliases method. boto3 documentation

# list_aliases method definition

def list_aliases(
    self,
    *,
    KeyId: str = ...,
    Limit: int = ...,
    Marker: str = ...,
) -> ListAliasesResponseTypeDef:  # (1)
    ...
  1. See ListAliasesResponseTypeDef
# list_aliases method usage example with argument unpacking

kwargs: ListAliasesRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.list_aliases(**kwargs)
  1. See ListAliasesRequestRequestTypeDef

list_grants#

Gets a list of all grants for the specified KMS key.

Type annotations and code completion for boto3.client("kms").list_grants method. boto3 documentation

# list_grants method definition

def list_grants(
    self,
    *,
    KeyId: str,
    Limit: int = ...,
    Marker: str = ...,
    GrantId: str = ...,
    GranteePrincipal: str = ...,
) -> ListGrantsResponseTypeDef:  # (1)
    ...
  1. See ListGrantsResponseTypeDef
# list_grants method usage example with argument unpacking

kwargs: ListGrantsRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.list_grants(**kwargs)
  1. See ListGrantsRequestRequestTypeDef

list_key_policies#

Gets the names of the key policies that are attached to a KMS key.

Type annotations and code completion for boto3.client("kms").list_key_policies method. boto3 documentation

# list_key_policies method definition

def list_key_policies(
    self,
    *,
    KeyId: str,
    Limit: int = ...,
    Marker: str = ...,
) -> ListKeyPoliciesResponseTypeDef:  # (1)
    ...
  1. See ListKeyPoliciesResponseTypeDef
# list_key_policies method usage example with argument unpacking

kwargs: ListKeyPoliciesRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.list_key_policies(**kwargs)
  1. See ListKeyPoliciesRequestRequestTypeDef

list_keys#

Gets a list of all KMS keys in the caller's Amazon Web Services account and Region.

Type annotations and code completion for boto3.client("kms").list_keys method. boto3 documentation

# list_keys method definition

def list_keys(
    self,
    *,
    Limit: int = ...,
    Marker: str = ...,
) -> ListKeysResponseTypeDef:  # (1)
    ...
  1. See ListKeysResponseTypeDef
# list_keys method usage example with argument unpacking

kwargs: ListKeysRequestRequestTypeDef = {  # (1)
    "Limit": ...,
}

parent.list_keys(**kwargs)
  1. See ListKeysRequestRequestTypeDef

list_resource_tags#

Returns all tags on the specified KMS key.

Type annotations and code completion for boto3.client("kms").list_resource_tags method. boto3 documentation

# list_resource_tags method definition

def list_resource_tags(
    self,
    *,
    KeyId: str,
    Limit: int = ...,
    Marker: str = ...,
) -> ListResourceTagsResponseTypeDef:  # (1)
    ...
  1. See ListResourceTagsResponseTypeDef
# list_resource_tags method usage example with argument unpacking

kwargs: ListResourceTagsRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.list_resource_tags(**kwargs)
  1. See ListResourceTagsRequestRequestTypeDef

list_retirable_grants#

Returns information about all grants in the Amazon Web Services account and Region that have the specified retiring principal.

Type annotations and code completion for boto3.client("kms").list_retirable_grants method. boto3 documentation

# list_retirable_grants method definition

def list_retirable_grants(
    self,
    *,
    RetiringPrincipal: str,
    Limit: int = ...,
    Marker: str = ...,
) -> ListGrantsResponseTypeDef:  # (1)
    ...
  1. See ListGrantsResponseTypeDef
# list_retirable_grants method usage example with argument unpacking

kwargs: ListRetirableGrantsRequestRequestTypeDef = {  # (1)
    "RetiringPrincipal": ...,
}

parent.list_retirable_grants(**kwargs)
  1. See ListRetirableGrantsRequestRequestTypeDef

put_key_policy#

Attaches a key policy to the specified KMS key.

Type annotations and code completion for boto3.client("kms").put_key_policy method. boto3 documentation

# put_key_policy method definition

def put_key_policy(
    self,
    *,
    KeyId: str,
    Policy: str,
    PolicyName: str = ...,
    BypassPolicyLockoutSafetyCheck: bool = ...,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
# put_key_policy method usage example with argument unpacking

kwargs: PutKeyPolicyRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "Policy": ...,
}

parent.put_key_policy(**kwargs)
  1. See PutKeyPolicyRequestRequestTypeDef

re_encrypt#

Decrypts ciphertext and then reencrypts it entirely within KMS.

Type annotations and code completion for boto3.client("kms").re_encrypt method. boto3 documentation

# re_encrypt method definition

def re_encrypt(
    self,
    *,
    CiphertextBlob: Union[str, bytes, IO[Any], StreamingBody],
    DestinationKeyId: str,
    SourceEncryptionContext: Mapping[str, str] = ...,
    SourceKeyId: str = ...,
    DestinationEncryptionContext: Mapping[str, str] = ...,
    SourceEncryptionAlgorithm: EncryptionAlgorithmSpecType = ...,  # (1)
    DestinationEncryptionAlgorithm: EncryptionAlgorithmSpecType = ...,  # (1)
    GrantTokens: Sequence[str] = ...,
    DryRun: bool = ...,
) -> ReEncryptResponseTypeDef:  # (3)
    ...
  1. See EncryptionAlgorithmSpecType
  2. See EncryptionAlgorithmSpecType
  3. See ReEncryptResponseTypeDef
# re_encrypt method usage example with argument unpacking

kwargs: ReEncryptRequestRequestTypeDef = {  # (1)
    "CiphertextBlob": ...,
    "DestinationKeyId": ...,
}

parent.re_encrypt(**kwargs)
  1. See ReEncryptRequestRequestTypeDef

replicate_key#

Replicates a multi-Region key into the specified Region.

Type annotations and code completion for boto3.client("kms").replicate_key method. boto3 documentation

# replicate_key method definition

def replicate_key(
    self,
    *,
    KeyId: str,
    ReplicaRegion: str,
    Policy: str = ...,
    BypassPolicyLockoutSafetyCheck: bool = ...,
    Description: str = ...,
    Tags: Sequence[TagTypeDef] = ...,  # (1)
) -> ReplicateKeyResponseTypeDef:  # (2)
    ...
  1. See TagTypeDef
  2. See ReplicateKeyResponseTypeDef
# replicate_key method usage example with argument unpacking

kwargs: ReplicateKeyRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "ReplicaRegion": ...,
}

parent.replicate_key(**kwargs)
  1. See ReplicateKeyRequestRequestTypeDef

retire_grant#

Deletes a grant.

Type annotations and code completion for boto3.client("kms").retire_grant method. boto3 documentation

# retire_grant method definition

def retire_grant(
    self,
    *,
    GrantToken: str = ...,
    KeyId: str = ...,
    GrantId: str = ...,
    DryRun: bool = ...,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
# retire_grant method usage example with argument unpacking

kwargs: RetireGrantRequestRequestTypeDef = {  # (1)
    "GrantToken": ...,
}

parent.retire_grant(**kwargs)
  1. See RetireGrantRequestRequestTypeDef

revoke_grant#

Deletes the specified grant.

Type annotations and code completion for boto3.client("kms").revoke_grant method. boto3 documentation

# revoke_grant method definition

def revoke_grant(
    self,
    *,
    KeyId: str,
    GrantId: str,
    DryRun: bool = ...,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
# revoke_grant method usage example with argument unpacking

kwargs: RevokeGrantRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "GrantId": ...,
}

parent.revoke_grant(**kwargs)
  1. See RevokeGrantRequestRequestTypeDef

schedule_key_deletion#

Schedules the deletion of a KMS key.

Type annotations and code completion for boto3.client("kms").schedule_key_deletion method. boto3 documentation

# schedule_key_deletion method definition

def schedule_key_deletion(
    self,
    *,
    KeyId: str,
    PendingWindowInDays: int = ...,
) -> ScheduleKeyDeletionResponseTypeDef:  # (1)
    ...
  1. See ScheduleKeyDeletionResponseTypeDef
# schedule_key_deletion method usage example with argument unpacking

kwargs: ScheduleKeyDeletionRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.schedule_key_deletion(**kwargs)
  1. See ScheduleKeyDeletionRequestRequestTypeDef

sign#

Creates a digital signature for a message or message digest by using the private key in an asymmetric signing KMS key.

Type annotations and code completion for boto3.client("kms").sign method. boto3 documentation

# sign method definition

def sign(
    self,
    *,
    KeyId: str,
    Message: Union[str, bytes, IO[Any], StreamingBody],
    SigningAlgorithm: SigningAlgorithmSpecType,  # (1)
    MessageType: MessageTypeType = ...,  # (2)
    GrantTokens: Sequence[str] = ...,
    DryRun: bool = ...,
) -> SignResponseTypeDef:  # (3)
    ...
  1. See SigningAlgorithmSpecType
  2. See MessageTypeType
  3. See SignResponseTypeDef
# sign method usage example with argument unpacking

kwargs: SignRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "Message": ...,
    "SigningAlgorithm": ...,
}

parent.sign(**kwargs)
  1. See SignRequestRequestTypeDef

tag_resource#

Adds or edits tags on a customer managed key.

Type annotations and code completion for boto3.client("kms").tag_resource method. boto3 documentation

# tag_resource method definition

def tag_resource(
    self,
    *,
    KeyId: str,
    Tags: Sequence[TagTypeDef],  # (1)
) -> EmptyResponseMetadataTypeDef:  # (2)
    ...
  1. See TagTypeDef
  2. See EmptyResponseMetadataTypeDef
# tag_resource method usage example with argument unpacking

kwargs: TagResourceRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "Tags": ...,
}

parent.tag_resource(**kwargs)
  1. See TagResourceRequestRequestTypeDef

untag_resource#

Deletes tags from a customer managed key.

Type annotations and code completion for boto3.client("kms").untag_resource method. boto3 documentation

# untag_resource method definition

def untag_resource(
    self,
    *,
    KeyId: str,
    TagKeys: Sequence[str],
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
# untag_resource method usage example with argument unpacking

kwargs: UntagResourceRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "TagKeys": ...,
}

parent.untag_resource(**kwargs)
  1. See UntagResourceRequestRequestTypeDef

update_alias#

Associates an existing KMS alias with a different KMS key.

Type annotations and code completion for boto3.client("kms").update_alias method. boto3 documentation

# update_alias method definition

def update_alias(
    self,
    *,
    AliasName: str,
    TargetKeyId: str,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
# update_alias method usage example with argument unpacking

kwargs: UpdateAliasRequestRequestTypeDef = {  # (1)
    "AliasName": ...,
    "TargetKeyId": ...,
}

parent.update_alias(**kwargs)
  1. See UpdateAliasRequestRequestTypeDef

update_custom_key_store#

Changes the properties of a custom key store.

Type annotations and code completion for boto3.client("kms").update_custom_key_store method. boto3 documentation

# update_custom_key_store method definition

def update_custom_key_store(
    self,
    *,
    CustomKeyStoreId: str,
    NewCustomKeyStoreName: str = ...,
    KeyStorePassword: str = ...,
    CloudHsmClusterId: str = ...,
    XksProxyUriEndpoint: str = ...,
    XksProxyUriPath: str = ...,
    XksProxyVpcEndpointServiceName: str = ...,
    XksProxyAuthenticationCredential: XksProxyAuthenticationCredentialTypeTypeDef = ...,  # (1)
    XksProxyConnectivity: XksProxyConnectivityTypeType = ...,  # (2)
) -> Dict[str, Any]:
    ...
  1. See XksProxyAuthenticationCredentialTypeTypeDef
  2. See XksProxyConnectivityTypeType
# update_custom_key_store method usage example with argument unpacking

kwargs: UpdateCustomKeyStoreRequestRequestTypeDef = {  # (1)
    "CustomKeyStoreId": ...,
}

parent.update_custom_key_store(**kwargs)
  1. See UpdateCustomKeyStoreRequestRequestTypeDef

update_key_description#

Updates the description of a KMS key.

Type annotations and code completion for boto3.client("kms").update_key_description method. boto3 documentation

# update_key_description method definition

def update_key_description(
    self,
    *,
    KeyId: str,
    Description: str,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
# update_key_description method usage example with argument unpacking

kwargs: UpdateKeyDescriptionRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "Description": ...,
}

parent.update_key_description(**kwargs)
  1. See UpdateKeyDescriptionRequestRequestTypeDef

update_primary_region#

Changes the primary key of a multi-Region key.

Type annotations and code completion for boto3.client("kms").update_primary_region method. boto3 documentation

# update_primary_region method definition

def update_primary_region(
    self,
    *,
    KeyId: str,
    PrimaryRegion: str,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
# update_primary_region method usage example with argument unpacking

kwargs: UpdatePrimaryRegionRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "PrimaryRegion": ...,
}

parent.update_primary_region(**kwargs)
  1. See UpdatePrimaryRegionRequestRequestTypeDef

verify#

Verifies a digital signature that was generated by the Sign operation.

Type annotations and code completion for boto3.client("kms").verify method. boto3 documentation

# verify method definition

def verify(
    self,
    *,
    KeyId: str,
    Message: Union[str, bytes, IO[Any], StreamingBody],
    Signature: Union[str, bytes, IO[Any], StreamingBody],
    SigningAlgorithm: SigningAlgorithmSpecType,  # (1)
    MessageType: MessageTypeType = ...,  # (2)
    GrantTokens: Sequence[str] = ...,
    DryRun: bool = ...,
) -> VerifyResponseTypeDef:  # (3)
    ...
  1. See SigningAlgorithmSpecType
  2. See MessageTypeType
  3. See VerifyResponseTypeDef
# verify method usage example with argument unpacking

kwargs: VerifyRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "Message": ...,
    "Signature": ...,
    "SigningAlgorithm": ...,
}

parent.verify(**kwargs)
  1. See VerifyRequestRequestTypeDef

verify_mac#

Verifies the hash-based message authentication code (HMAC) for a specified message, HMAC KMS key, and MAC algorithm.

Type annotations and code completion for boto3.client("kms").verify_mac method. boto3 documentation

# verify_mac method definition

def verify_mac(
    self,
    *,
    Message: Union[str, bytes, IO[Any], StreamingBody],
    KeyId: str,
    MacAlgorithm: MacAlgorithmSpecType,  # (1)
    Mac: Union[str, bytes, IO[Any], StreamingBody],
    GrantTokens: Sequence[str] = ...,
    DryRun: bool = ...,
) -> VerifyMacResponseTypeDef:  # (2)
    ...
  1. See MacAlgorithmSpecType
  2. See VerifyMacResponseTypeDef
# verify_mac method usage example with argument unpacking

kwargs: VerifyMacRequestRequestTypeDef = {  # (1)
    "Message": ...,
    "KeyId": ...,
    "MacAlgorithm": ...,
    "Mac": ...,
}

parent.verify_mac(**kwargs)
  1. See VerifyMacRequestRequestTypeDef

get_paginator#

Type annotations and code completion for boto3.client("kms").get_paginator method with overloads.