Skip to content

KMSClient#

Index > KMS > KMSClient

Auto-generated documentation for KMS type annotations stubs module mypy-boto3-kms.

KMSClient#

Type annotations and code completion for boto3.client("kms"). boto3 documentation

# KMSClient usage example

from boto3.session import Session
from mypy_boto3_kms.client import KMSClient

def get_kms_client() -> KMSClient:
    return Session().client("kms")

Exceptions#

boto3 client exceptions are generated in runtime. This class provides code completion for boto3.client("kms").exceptions structure.

# Exceptions.exceptions usage example

client = boto3.client("kms")

try:
    do_something(client)
except (
    client.exceptions.AlreadyExistsException,
    client.exceptions.ClientError,
    client.exceptions.CloudHsmClusterInUseException,
    client.exceptions.CloudHsmClusterInvalidConfigurationException,
    client.exceptions.CloudHsmClusterNotActiveException,
    client.exceptions.CloudHsmClusterNotFoundException,
    client.exceptions.CloudHsmClusterNotRelatedException,
    client.exceptions.CustomKeyStoreHasCMKsException,
    client.exceptions.CustomKeyStoreInvalidStateException,
    client.exceptions.CustomKeyStoreNameInUseException,
    client.exceptions.CustomKeyStoreNotFoundException,
    client.exceptions.DependencyTimeoutException,
    client.exceptions.DisabledException,
    client.exceptions.DryRunOperationException,
    client.exceptions.ExpiredImportTokenException,
    client.exceptions.IncorrectKeyException,
    client.exceptions.IncorrectKeyMaterialException,
    client.exceptions.IncorrectTrustAnchorException,
    client.exceptions.InvalidAliasNameException,
    client.exceptions.InvalidArnException,
    client.exceptions.InvalidCiphertextException,
    client.exceptions.InvalidGrantIdException,
    client.exceptions.InvalidGrantTokenException,
    client.exceptions.InvalidImportTokenException,
    client.exceptions.InvalidKeyUsageException,
    client.exceptions.InvalidMarkerException,
    client.exceptions.KMSInternalException,
    client.exceptions.KMSInvalidMacException,
    client.exceptions.KMSInvalidSignatureException,
    client.exceptions.KMSInvalidStateException,
    client.exceptions.KeyUnavailableException,
    client.exceptions.LimitExceededException,
    client.exceptions.MalformedPolicyDocumentException,
    client.exceptions.NotFoundException,
    client.exceptions.TagException,
    client.exceptions.UnsupportedOperationException,
    client.exceptions.XksKeyAlreadyInUseException,
    client.exceptions.XksKeyInvalidConfigurationException,
    client.exceptions.XksKeyNotFoundException,
    client.exceptions.XksProxyIncorrectAuthenticationCredentialException,
    client.exceptions.XksProxyInvalidConfigurationException,
    client.exceptions.XksProxyInvalidResponseException,
    client.exceptions.XksProxyUriEndpointInUseException,
    client.exceptions.XksProxyUriInUseException,
    client.exceptions.XksProxyUriUnreachableException,
    client.exceptions.XksProxyVpcEndpointServiceInUseException,
    client.exceptions.XksProxyVpcEndpointServiceInvalidConfigurationException,
    client.exceptions.XksProxyVpcEndpointServiceNotFoundException,
) as e:
    print(e)
# Exceptions.exceptions type checking example

from mypy_boto3_kms.client import Exceptions

def handle_error(exc: Exceptions.AlreadyExistsException) -> None:
    ...

Methods#

can_paginate#

Check if an operation can be paginated.

Type annotations and code completion for boto3.client("kms").can_paginate method. boto3 documentation

# can_paginate method definition

def can_paginate(
    self,
    operation_name: str,
) -> bool:
    ...

cancel_key_deletion#

Cancels the deletion of a KMS key.

Type annotations and code completion for boto3.client("kms").cancel_key_deletion method. boto3 documentation

# cancel_key_deletion method definition

def cancel_key_deletion(
    self,
    *,
    KeyId: str,
) -> CancelKeyDeletionResponseTypeDef:  # (1)
    ...
  1. See CancelKeyDeletionResponseTypeDef
# cancel_key_deletion method usage example with argument unpacking

kwargs: CancelKeyDeletionRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.cancel_key_deletion(**kwargs)
  1. See CancelKeyDeletionRequestRequestTypeDef

close#

Closes underlying endpoint connections.

Type annotations and code completion for boto3.client("kms").close method. boto3 documentation

# close method definition

def close(
    self,
) -> None:
    ...

connect_custom_key_store#

Connects or reconnects a custom key store to its backing key store.

Type annotations and code completion for boto3.client("kms").connect_custom_key_store method. boto3 documentation

# connect_custom_key_store method definition

def connect_custom_key_store(
    self,
    *,
    CustomKeyStoreId: str,
) -> Dict[str, Any]:
    ...
# connect_custom_key_store method usage example with argument unpacking

kwargs: ConnectCustomKeyStoreRequestRequestTypeDef = {  # (1)
    "CustomKeyStoreId": ...,
}

parent.connect_custom_key_store(**kwargs)
  1. See ConnectCustomKeyStoreRequestRequestTypeDef

create_alias#

Creates a friendly name for a KMS key.

Type annotations and code completion for boto3.client("kms").create_alias method. boto3 documentation

# create_alias method definition

def create_alias(
    self,
    *,
    AliasName: str,
    TargetKeyId: str,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
# create_alias method usage example with argument unpacking

kwargs: CreateAliasRequestRequestTypeDef = {  # (1)
    "AliasName": ...,
    "TargetKeyId": ...,
}

parent.create_alias(**kwargs)
  1. See CreateAliasRequestRequestTypeDef

create_custom_key_store#

Creates a custom key store backed by a key store that you own and manage.

Type annotations and code completion for boto3.client("kms").create_custom_key_store method. boto3 documentation

# create_custom_key_store method definition

def create_custom_key_store(
    self,
    *,
    CustomKeyStoreName: str,
    CloudHsmClusterId: str = ...,
    TrustAnchorCertificate: str = ...,
    KeyStorePassword: str = ...,
    CustomKeyStoreType: CustomKeyStoreTypeType = ...,  # (1)
    XksProxyUriEndpoint: str = ...,
    XksProxyUriPath: str = ...,
    XksProxyVpcEndpointServiceName: str = ...,
    XksProxyAuthenticationCredential: XksProxyAuthenticationCredentialTypeTypeDef = ...,  # (2)
    XksProxyConnectivity: XksProxyConnectivityTypeType = ...,  # (3)
) -> CreateCustomKeyStoreResponseTypeDef:  # (4)
    ...
  1. See CustomKeyStoreTypeType
  2. See XksProxyAuthenticationCredentialTypeTypeDef
  3. See XksProxyConnectivityTypeType
  4. See CreateCustomKeyStoreResponseTypeDef
# create_custom_key_store method usage example with argument unpacking

kwargs: CreateCustomKeyStoreRequestRequestTypeDef = {  # (1)
    "CustomKeyStoreName": ...,
}

parent.create_custom_key_store(**kwargs)
  1. See CreateCustomKeyStoreRequestRequestTypeDef

create_grant#

Adds a grant to a KMS key.

Type annotations and code completion for boto3.client("kms").create_grant method. boto3 documentation

# create_grant method definition

def create_grant(
    self,
    *,
    KeyId: str,
    GranteePrincipal: str,
    Operations: Sequence[GrantOperationType],  # (1)
    RetiringPrincipal: str = ...,
    Constraints: GrantConstraintsTypeDef = ...,  # (2)
    GrantTokens: Sequence[str] = ...,
    Name: str = ...,
    DryRun: bool = ...,
) -> CreateGrantResponseTypeDef:  # (3)
    ...
  1. See GrantOperationType
  2. See GrantConstraintsTypeDef
  3. See CreateGrantResponseTypeDef
# create_grant method usage example with argument unpacking

kwargs: CreateGrantRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "GranteePrincipal": ...,
    "Operations": ...,
}

parent.create_grant(**kwargs)
  1. See CreateGrantRequestRequestTypeDef

create_key#

Creates a unique customer managed KMS key in your Amazon Web Services account and Region.

Type annotations and code completion for boto3.client("kms").create_key method. boto3 documentation

# create_key method definition

def create_key(
    self,
    *,
    Policy: str = ...,
    Description: str = ...,
    KeyUsage: KeyUsageTypeType = ...,  # (1)
    CustomerMasterKeySpec: CustomerMasterKeySpecType = ...,  # (2)
    KeySpec: KeySpecType = ...,  # (3)
    Origin: OriginTypeType = ...,  # (4)
    CustomKeyStoreId: str = ...,
    BypassPolicyLockoutSafetyCheck: bool = ...,
    Tags: Sequence[TagTypeDef] = ...,  # (5)
    MultiRegion: bool = ...,
    XksKeyId: str = ...,
) -> CreateKeyResponseTypeDef:  # (6)
    ...
  1. See KeyUsageTypeType
  2. See CustomerMasterKeySpecType
  3. See KeySpecType
  4. See OriginTypeType
  5. See TagTypeDef
  6. See CreateKeyResponseTypeDef
# create_key method usage example with argument unpacking

kwargs: CreateKeyRequestRequestTypeDef = {  # (1)
    "Policy": ...,
}

parent.create_key(**kwargs)
  1. See CreateKeyRequestRequestTypeDef

decrypt#

Decrypts ciphertext that was encrypted by a KMS key using any of the following operations: * Encrypt * GenerateDataKey * GenerateDataKeyPair * GenerateDataKeyWithoutPlaintext * GenerateDataKeyPairWithoutPlaintext You can use this operation to decrypt ciphertext that was enc...

Type annotations and code completion for boto3.client("kms").decrypt method. boto3 documentation

# decrypt method definition

def decrypt(
    self,
    *,
    CiphertextBlob: Union[str, bytes, IO[Any], StreamingBody],
    EncryptionContext: Mapping[str, str] = ...,
    GrantTokens: Sequence[str] = ...,
    KeyId: str = ...,
    EncryptionAlgorithm: EncryptionAlgorithmSpecType = ...,  # (1)
    Recipient: RecipientInfoTypeDef = ...,  # (2)
    DryRun: bool = ...,
) -> DecryptResponseTypeDef:  # (3)
    ...
  1. See EncryptionAlgorithmSpecType
  2. See RecipientInfoTypeDef
  3. See DecryptResponseTypeDef
# decrypt method usage example with argument unpacking

kwargs: DecryptRequestRequestTypeDef = {  # (1)
    "CiphertextBlob": ...,
}

parent.decrypt(**kwargs)
  1. See DecryptRequestRequestTypeDef

delete_alias#

Deletes the specified alias.

Type annotations and code completion for boto3.client("kms").delete_alias method. boto3 documentation

# delete_alias method definition

def delete_alias(
    self,
    *,
    AliasName: str,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
# delete_alias method usage example with argument unpacking

kwargs: DeleteAliasRequestRequestTypeDef = {  # (1)
    "AliasName": ...,
}

parent.delete_alias(**kwargs)
  1. See DeleteAliasRequestRequestTypeDef

delete_custom_key_store#

Deletes a custom key store.

Type annotations and code completion for boto3.client("kms").delete_custom_key_store method. boto3 documentation

# delete_custom_key_store method definition

def delete_custom_key_store(
    self,
    *,
    CustomKeyStoreId: str,
) -> Dict[str, Any]:
    ...
# delete_custom_key_store method usage example with argument unpacking

kwargs: DeleteCustomKeyStoreRequestRequestTypeDef = {  # (1)
    "CustomKeyStoreId": ...,
}

parent.delete_custom_key_store(**kwargs)
  1. See DeleteCustomKeyStoreRequestRequestTypeDef

delete_imported_key_material#

Deletes key material that was previously imported.

Type annotations and code completion for boto3.client("kms").delete_imported_key_material method. boto3 documentation

# delete_imported_key_material method definition

def delete_imported_key_material(
    self,
    *,
    KeyId: str,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
# delete_imported_key_material method usage example with argument unpacking

kwargs: DeleteImportedKeyMaterialRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.delete_imported_key_material(**kwargs)
  1. See DeleteImportedKeyMaterialRequestRequestTypeDef

describe_custom_key_stores#

Gets information about custom key stores in the account and Region.

Type annotations and code completion for boto3.client("kms").describe_custom_key_stores method.