Skip to content

KMSClient

Index > KMS > KMSClient

Auto-generated documentation for KMS type annotations stubs module mypy-boto3-kms.

KMSClient

Type annotations and code completion for boto3.client("kms"). boto3 documentation

Usage example
from boto3.session import Session
from mypy_boto3_kms.client import KMSClient

def get_kms_client() -> KMSClient:
    return Session().client("kms")

Exceptions

boto3 client exceptions are generated in runtime. This class provides code completion for boto3.client("kms").exceptions structure.

Usage example
client = boto3.client("kms")

try:
    do_something(client)
except (
    client.AlreadyExistsException,
    client.ClientError,
    client.CloudHsmClusterInUseException,
    client.CloudHsmClusterInvalidConfigurationException,
    client.CloudHsmClusterNotActiveException,
    client.CloudHsmClusterNotFoundException,
    client.CloudHsmClusterNotRelatedException,
    client.CustomKeyStoreHasCMKsException,
    client.CustomKeyStoreInvalidStateException,
    client.CustomKeyStoreNameInUseException,
    client.CustomKeyStoreNotFoundException,
    client.DependencyTimeoutException,
    client.DisabledException,
    client.ExpiredImportTokenException,
    client.IncorrectKeyException,
    client.IncorrectKeyMaterialException,
    client.IncorrectTrustAnchorException,
    client.InvalidAliasNameException,
    client.InvalidArnException,
    client.InvalidCiphertextException,
    client.InvalidGrantIdException,
    client.InvalidGrantTokenException,
    client.InvalidImportTokenException,
    client.InvalidKeyUsageException,
    client.InvalidMarkerException,
    client.KMSInternalException,
    client.KMSInvalidMacException,
    client.KMSInvalidSignatureException,
    client.KMSInvalidStateException,
    client.KeyUnavailableException,
    client.LimitExceededException,
    client.MalformedPolicyDocumentException,
    client.NotFoundException,
    client.TagException,
    client.UnsupportedOperationException,
) as e:
    print(e)
Type checking example
from mypy_boto3_kms.client import Exceptions

def handle_error(exc: Exceptions.AlreadyExistsException) -> None:
    ...

Methods

can_paginate

Check if an operation can be paginated.

Type annotations and code completion for boto3.client("kms").can_paginate method. boto3 documentation

Method definition
def can_paginate(
    self,
    operation_name: str,
) -> bool:
    ...

cancel_key_deletion

Cancels the deletion of a KMS key.

Type annotations and code completion for boto3.client("kms").cancel_key_deletion method. boto3 documentation

Method definition
def cancel_key_deletion(
    self,
    *,
    KeyId: str,
) -> CancelKeyDeletionResponseTypeDef:  # (1)
    ...
  1. See CancelKeyDeletionResponseTypeDef
Usage example with kwargs
kwargs: CancelKeyDeletionRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.cancel_key_deletion(**kwargs)
  1. See CancelKeyDeletionRequestRequestTypeDef

close

Closes underlying endpoint connections.

Type annotations and code completion for boto3.client("kms").close method. boto3 documentation

Method definition
def close(
    self,
) -> None:
    ...

connect_custom_key_store

Connects or reconnects a custom key store_ to its associated CloudHSM cluster.

Type annotations and code completion for boto3.client("kms").connect_custom_key_store method. boto3 documentation

Method definition
def connect_custom_key_store(
    self,
    *,
    CustomKeyStoreId: str,
) -> Dict[str, Any]:
    ...
Usage example with kwargs
kwargs: ConnectCustomKeyStoreRequestRequestTypeDef = {  # (1)
    "CustomKeyStoreId": ...,
}

parent.connect_custom_key_store(**kwargs)
  1. See ConnectCustomKeyStoreRequestRequestTypeDef

create_alias

Creates a friendly name for a KMS key.

Type annotations and code completion for boto3.client("kms").create_alias method. boto3 documentation

Method definition
def create_alias(
    self,
    *,
    AliasName: str,
    TargetKeyId: str,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
Usage example with kwargs
kwargs: CreateAliasRequestRequestTypeDef = {  # (1)
    "AliasName": ...,
    "TargetKeyId": ...,
}

parent.create_alias(**kwargs)
  1. See CreateAliasRequestRequestTypeDef

create_custom_key_store

Creates a custom key store that is associated with an CloudHSM cluster that you own and manage.

Type annotations and code completion for boto3.client("kms").create_custom_key_store method. boto3 documentation

Method definition
def create_custom_key_store(
    self,
    *,
    CustomKeyStoreName: str,
    CloudHsmClusterId: str = ...,
    TrustAnchorCertificate: str = ...,
    KeyStorePassword: str = ...,
) -> CreateCustomKeyStoreResponseTypeDef:  # (1)
    ...
  1. See CreateCustomKeyStoreResponseTypeDef
Usage example with kwargs
kwargs: CreateCustomKeyStoreRequestRequestTypeDef = {  # (1)
    "CustomKeyStoreName": ...,
}

parent.create_custom_key_store(**kwargs)
  1. See CreateCustomKeyStoreRequestRequestTypeDef

create_grant

Adds a grant to a KMS key.

Type annotations and code completion for boto3.client("kms").create_grant method. boto3 documentation

Method definition
def create_grant(
    self,
    *,
    KeyId: str,
    GranteePrincipal: str,
    Operations: Sequence[GrantOperationType],  # (1)
    RetiringPrincipal: str = ...,
    Constraints: GrantConstraintsTypeDef = ...,  # (2)
    GrantTokens: Sequence[str] = ...,
    Name: str = ...,
) -> CreateGrantResponseTypeDef:  # (3)
    ...
  1. See GrantOperationType
  2. See GrantConstraintsTypeDef
  3. See CreateGrantResponseTypeDef
Usage example with kwargs
kwargs: CreateGrantRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "GranteePrincipal": ...,
    "Operations": ...,
}

parent.create_grant(**kwargs)
  1. See CreateGrantRequestRequestTypeDef

create_key

Creates a unique customer managed KMS key_ in your Amazon Web Services account and Region.

Type annotations and code completion for boto3.client("kms").create_key method. boto3 documentation

Method definition
def create_key(
    self,
    *,
    Policy: str = ...,
    Description: str = ...,
    KeyUsage: KeyUsageTypeType = ...,  # (1)
    CustomerMasterKeySpec: CustomerMasterKeySpecType = ...,  # (2)
    KeySpec: KeySpecType = ...,  # (3)
    Origin: OriginTypeType = ...,  # (4)
    CustomKeyStoreId: str = ...,
    BypassPolicyLockoutSafetyCheck: bool = ...,
    Tags: Sequence[TagTypeDef] = ...,  # (5)
    MultiRegion: bool = ...,
) -> CreateKeyResponseTypeDef:  # (6)
    ...
  1. See KeyUsageTypeType
  2. See CustomerMasterKeySpecType
  3. See KeySpecType
  4. See OriginTypeType
  5. See TagTypeDef
  6. See CreateKeyResponseTypeDef
Usage example with kwargs
kwargs: CreateKeyRequestRequestTypeDef = {  # (1)
    "Policy": ...,
}

parent.create_key(**kwargs)
  1. See CreateKeyRequestRequestTypeDef

decrypt

Decrypts ciphertext that was encrypted by a KMS key using any of the following operations * Encrypt * GenerateDataKey * GenerateDataKeyPair * GenerateDataKeyWithoutPlaintext * GenerateDataKeyPairWithoutPlaintext You can use this operation to decrypt cipher...

Type annotations and code completion for boto3.client("kms").decrypt method. boto3 documentation

Method definition
def decrypt(
    self,
    *,
    CiphertextBlob: Union[str, bytes, IO[Any], StreamingBody],
    EncryptionContext: Mapping[str, str] = ...,
    GrantTokens: Sequence[str] = ...,
    KeyId: str = ...,
    EncryptionAlgorithm: EncryptionAlgorithmSpecType = ...,  # (1)
) -> DecryptResponseTypeDef:  # (2)
    ...
  1. See EncryptionAlgorithmSpecType
  2. See DecryptResponseTypeDef
Usage example with kwargs
kwargs: DecryptRequestRequestTypeDef = {  # (1)
    "CiphertextBlob": ...,
}

parent.decrypt(**kwargs)
  1. See DecryptRequestRequestTypeDef

delete_alias

Deletes the specified alias.

Type annotations and code completion for boto3.client("kms").delete_alias method. boto3 documentation

Method definition
def delete_alias(
    self,
    *,
    AliasName: str,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
Usage example with kwargs
kwargs: DeleteAliasRequestRequestTypeDef = {  # (1)
    "AliasName": ...,
}

parent.delete_alias(**kwargs)
  1. See DeleteAliasRequestRequestTypeDef

delete_custom_key_store

Deletes a custom key store_.

Type annotations and code completion for boto3.client("kms").delete_custom_key_store method. boto3 documentation

Method definition
def delete_custom_key_store(
    self,
    *,
    CustomKeyStoreId: str,
) -> Dict[str, Any]:
    ...
Usage example with kwargs
kwargs: DeleteCustomKeyStoreRequestRequestTypeDef = {  # (1)
    "CustomKeyStoreId": ...,
}

parent.delete_custom_key_store(**kwargs)
  1. See DeleteCustomKeyStoreRequestRequestTypeDef

delete_imported_key_material

Deletes key material that you previously imported.

Type annotations and code completion for boto3.client("kms").delete_imported_key_material method. boto3 documentation

Method definition
def delete_imported_key_material(
    self,
    *,
    KeyId: str,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
Usage example with kwargs
kwargs: DeleteImportedKeyMaterialRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.delete_imported_key_material(**kwargs)
  1. See DeleteImportedKeyMaterialRequestRequestTypeDef

describe_custom_key_stores

Gets information about custom key stores_ in the account and Region.

Type annotations and code completion for boto3.client("kms").describe_custom_key_stores method. boto3 documentation

Method definition
def describe_custom_key_stores(
    self,
    *,
    CustomKeyStoreId: str = ...,
    CustomKeyStoreName: str = ...,
    Limit: int = ...,
    Marker: str = ...,
) -> DescribeCustomKeyStoresResponseTypeDef:  # (1)
    ...
  1. See DescribeCustomKeyStoresResponseTypeDef
Usage example with kwargs
kwargs: DescribeCustomKeyStoresRequestRequestTypeDef = {  # (1)
    "CustomKeyStoreId": ...,
}

parent.describe_custom_key_stores(**kwargs)
  1. See DescribeCustomKeyStoresRequestRequestTypeDef

describe_key

Provides detailed information about a KMS key.

Type annotations and code completion for boto3.client("kms").describe_key method. boto3 documentation

Method definition
def describe_key(
    self,
    *,
    KeyId: str,
    GrantTokens: Sequence[str] = ...,
) -> DescribeKeyResponseTypeDef:  # (1)
    ...
  1. See DescribeKeyResponseTypeDef
Usage example with kwargs
kwargs: DescribeKeyRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.describe_key(**kwargs)
  1. See DescribeKeyRequestRequestTypeDef

disable_key

Sets the state of a KMS key to disabled.

Type annotations and code completion for boto3.client("kms").disable_key method. boto3 documentation

Method definition
def disable_key(
    self,
    *,
    KeyId: str,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
Usage example with kwargs
kwargs: DisableKeyRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.disable_key(**kwargs)
  1. See DisableKeyRequestRequestTypeDef

disable_key_rotation

Disables automatic rotation of the key material_ of the specified symmetric encryption KMS key.

Type annotations and code completion for boto3.client("kms").disable_key_rotation method. boto3 documentation

Method definition
def disable_key_rotation(
    self,
    *,
    KeyId: str,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
Usage example with kwargs
kwargs: DisableKeyRotationRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.disable_key_rotation(**kwargs)
  1. See DisableKeyRotationRequestRequestTypeDef

disconnect_custom_key_store

Disconnects the custom key store_ from its associated CloudHSM cluster.

Type annotations and code completion for boto3.client("kms").disconnect_custom_key_store method. boto3 documentation

Method definition
def disconnect_custom_key_store(
    self,
    *,
    CustomKeyStoreId: str,
) -> Dict[str, Any]:
    ...
Usage example with kwargs
kwargs: DisconnectCustomKeyStoreRequestRequestTypeDef = {  # (1)
    "CustomKeyStoreId": ...,
}

parent.disconnect_custom_key_store(**kwargs)
  1. See DisconnectCustomKeyStoreRequestRequestTypeDef

enable_key

Sets the key state of a KMS key to enabled.

Type annotations and code completion for boto3.client("kms").enable_key method. boto3 documentation

Method definition
def enable_key(
    self,
    *,
    KeyId: str,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
Usage example with kwargs
kwargs: EnableKeyRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.enable_key(**kwargs)
  1. See EnableKeyRequestRequestTypeDef

enable_key_rotation

Enables automatic rotation of the key material_ of the specified symmetric encryption KMS key.

Type annotations and code completion for boto3.client("kms").enable_key_rotation method. boto3 documentation

Method definition
def enable_key_rotation(
    self,
    *,
    KeyId: str,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
Usage example with kwargs
kwargs: EnableKeyRotationRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.enable_key_rotation(**kwargs)
  1. See EnableKeyRotationRequestRequestTypeDef

encrypt

Encrypts plaintext of up to 4,096 bytes using a KMS key.

Type annotations and code completion for boto3.client("kms").encrypt method. boto3 documentation

Method definition
def encrypt(
    self,
    *,
    KeyId: str,
    Plaintext: Union[str, bytes, IO[Any], StreamingBody],
    EncryptionContext: Mapping[str, str] = ...,
    GrantTokens: Sequence[str] = ...,
    EncryptionAlgorithm: EncryptionAlgorithmSpecType = ...,  # (1)
) -> EncryptResponseTypeDef:  # (2)
    ...
  1. See EncryptionAlgorithmSpecType
  2. See EncryptResponseTypeDef
Usage example with kwargs
kwargs: EncryptRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "Plaintext": ...,
}

parent.encrypt(**kwargs)
  1. See EncryptRequestRequestTypeDef

generate_data_key

Returns a unique symmetric data key for use outside of KMS.

Type annotations and code completion for boto3.client("kms").generate_data_key method. boto3 documentation

Method definition
def generate_data_key(
    self,
    *,
    KeyId: str,
    EncryptionContext: Mapping[str, str] = ...,
    NumberOfBytes: int = ...,
    KeySpec: DataKeySpecType = ...,  # (1)
    GrantTokens: Sequence[str] = ...,
) -> GenerateDataKeyResponseTypeDef:  # (2)
    ...
  1. See DataKeySpecType
  2. See GenerateDataKeyResponseTypeDef
Usage example with kwargs
kwargs: GenerateDataKeyRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.generate_data_key(**kwargs)
  1. See GenerateDataKeyRequestRequestTypeDef

generate_data_key_pair

Returns a unique asymmetric data key pair for use outside of KMS.

Type annotations and code completion for boto3.client("kms").generate_data_key_pair method. boto3 documentation

Method definition
def generate_data_key_pair(
    self,
    *,
    KeyId: str,
    KeyPairSpec: DataKeyPairSpecType,  # (1)
    EncryptionContext: Mapping[str, str] = ...,
    GrantTokens: Sequence[str] = ...,
) -> GenerateDataKeyPairResponseTypeDef:  # (2)
    ...
  1. See DataKeyPairSpecType
  2. See GenerateDataKeyPairResponseTypeDef
Usage example with kwargs
kwargs: GenerateDataKeyPairRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "KeyPairSpec": ...,
}

parent.generate_data_key_pair(**kwargs)
  1. See GenerateDataKeyPairRequestRequestTypeDef

generate_data_key_pair_without_plaintext

Returns a unique asymmetric data key pair for use outside of KMS.

Type annotations and code completion for boto3.client("kms").generate_data_key_pair_without_plaintext method. boto3 documentation

Method definition
def generate_data_key_pair_without_plaintext(
    self,
    *,
    KeyId: str,
    KeyPairSpec: DataKeyPairSpecType,  # (1)
    EncryptionContext: Mapping[str, str] = ...,
    GrantTokens: Sequence[str] = ...,
) -> GenerateDataKeyPairWithoutPlaintextResponseTypeDef:  # (2)
    ...
  1. See DataKeyPairSpecType
  2. See GenerateDataKeyPairWithoutPlaintextResponseTypeDef
Usage example with kwargs
kwargs: GenerateDataKeyPairWithoutPlaintextRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "KeyPairSpec": ...,
}

parent.generate_data_key_pair_without_plaintext(**kwargs)
  1. See GenerateDataKeyPairWithoutPlaintextRequestRequestTypeDef

generate_data_key_without_plaintext

Returns a unique symmetric data key for use outside of KMS.

Type annotations and code completion for boto3.client("kms").generate_data_key_without_plaintext method. boto3 documentation

Method definition
def generate_data_key_without_plaintext(
    self,
    *,
    KeyId: str,
    EncryptionContext: Mapping[str, str] = ...,
    KeySpec: DataKeySpecType = ...,  # (1)
    NumberOfBytes: int = ...,
    GrantTokens: Sequence[str] = ...,
) -> GenerateDataKeyWithoutPlaintextResponseTypeDef:  # (2)
    ...
  1. See DataKeySpecType
  2. See GenerateDataKeyWithoutPlaintextResponseTypeDef
Usage example with kwargs
kwargs: GenerateDataKeyWithoutPlaintextRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.generate_data_key_without_plaintext(**kwargs)
  1. See GenerateDataKeyWithoutPlaintextRequestRequestTypeDef

generate_mac

Generates a hash-based message authentication code (HMAC) for a message using an HMAC KMS key and a MAC algorithm that the key supports.

Type annotations and code completion for boto3.client("kms").generate_mac method. boto3 documentation

Method definition
def generate_mac(
    self,
    *,
    Message: Union[str, bytes, IO[Any], StreamingBody],
    KeyId: str,
    MacAlgorithm: MacAlgorithmSpecType,  # (1)
    GrantTokens: Sequence[str] = ...,
) -> GenerateMacResponseTypeDef:  # (2)
    ...
  1. See MacAlgorithmSpecType
  2. See GenerateMacResponseTypeDef
Usage example with kwargs
kwargs: GenerateMacRequestRequestTypeDef = {  # (1)
    "Message": ...,
    "KeyId": ...,
    "MacAlgorithm": ...,
}

parent.generate_mac(**kwargs)
  1. See GenerateMacRequestRequestTypeDef

generate_presigned_url

Generate a presigned url given a client, its method, and arguments.

Type annotations and code completion for boto3.client("kms").generate_presigned_url method. boto3 documentation

Method definition
def generate_presigned_url(
    self,
    ClientMethod: str,
    Params: Mapping[str, Any] = ...,
    ExpiresIn: int = 3600,
    HttpMethod: str = ...,
) -> str:
    ...

generate_random

Returns a random byte string that is cryptographically secure.

Type annotations and code completion for boto3.client("kms").generate_random method. boto3 documentation

Method definition
def generate_random(
    self,
    *,
    NumberOfBytes: int = ...,
    CustomKeyStoreId: str = ...,
) -> GenerateRandomResponseTypeDef:  # (1)
    ...
  1. See GenerateRandomResponseTypeDef
Usage example with kwargs
kwargs: GenerateRandomRequestRequestTypeDef = {  # (1)
    "NumberOfBytes": ...,
}

parent.generate_random(**kwargs)
  1. See GenerateRandomRequestRequestTypeDef

get_key_policy

Gets a key policy attached to the specified KMS key.

Type annotations and code completion for boto3.client("kms").get_key_policy method. boto3 documentation

Method definition
def get_key_policy(
    self,
    *,
    KeyId: str,
    PolicyName: str,
) -> GetKeyPolicyResponseTypeDef:  # (1)
    ...
  1. See GetKeyPolicyResponseTypeDef
Usage example with kwargs
kwargs: GetKeyPolicyRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "PolicyName": ...,
}

parent.get_key_policy(**kwargs)
  1. See GetKeyPolicyRequestRequestTypeDef

get_key_rotation_status

Gets a Boolean value that indicates whether automatic rotation of the key material_ is enabled for the specified KMS key.

Type annotations and code completion for boto3.client("kms").get_key_rotation_status method. boto3 documentation

Method definition
def get_key_rotation_status(
    self,
    *,
    KeyId: str,
) -> GetKeyRotationStatusResponseTypeDef:  # (1)
    ...
  1. See GetKeyRotationStatusResponseTypeDef
Usage example with kwargs
kwargs: GetKeyRotationStatusRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.get_key_rotation_status(**kwargs)
  1. See GetKeyRotationStatusRequestRequestTypeDef

get_parameters_for_import

Returns the items you need to import key material into a symmetric encryption KMS key.

Type annotations and code completion for boto3.client("kms").get_parameters_for_import method. boto3 documentation

Method definition
def get_parameters_for_import(
    self,
    *,
    KeyId: str,
    WrappingAlgorithm: AlgorithmSpecType,  # (1)
    WrappingKeySpec: WrappingKeySpecType,  # (2)
) -> GetParametersForImportResponseTypeDef:  # (3)
    ...
  1. See AlgorithmSpecType
  2. See WrappingKeySpecType
  3. See GetParametersForImportResponseTypeDef
Usage example with kwargs
kwargs: GetParametersForImportRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "WrappingAlgorithm": ...,
    "WrappingKeySpec": ...,
}

parent.get_parameters_for_import(**kwargs)
  1. See GetParametersForImportRequestRequestTypeDef

get_public_key

Returns the public key of an asymmetric KMS key.

Type annotations and code completion for boto3.client("kms").get_public_key method. boto3 documentation

Method definition
def get_public_key(
    self,
    *,
    KeyId: str,
    GrantTokens: Sequence[str] = ...,
) -> GetPublicKeyResponseTypeDef:  # (1)
    ...
  1. See GetPublicKeyResponseTypeDef
Usage example with kwargs
kwargs: GetPublicKeyRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.get_public_key(**kwargs)
  1. See GetPublicKeyRequestRequestTypeDef

import_key_material

Imports key material into an existing symmetric encryption KMS key that was created without key material.

Type annotations and code completion for boto3.client("kms").import_key_material method. boto3 documentation

Method definition
def import_key_material(
    self,
    *,
    KeyId: str,
    ImportToken: Union[str, bytes, IO[Any], StreamingBody],
    EncryptedKeyMaterial: Union[str, bytes, IO[Any], StreamingBody],
    ValidTo: Union[datetime, str] = ...,
    ExpirationModel: ExpirationModelTypeType = ...,  # (1)
) -> Dict[str, Any]:
    ...
  1. See ExpirationModelTypeType
Usage example with kwargs
kwargs: ImportKeyMaterialRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "ImportToken": ...,
    "EncryptedKeyMaterial": ...,
}

parent.import_key_material(**kwargs)
  1. See ImportKeyMaterialRequestRequestTypeDef

list_aliases

Gets a list of aliases in the caller's Amazon Web Services account and region.

Type annotations and code completion for boto3.client("kms").list_aliases method. boto3 documentation

Method definition
def list_aliases(
    self,
    *,
    KeyId: str = ...,
    Limit: int = ...,
    Marker: str = ...,
) -> ListAliasesResponseTypeDef:  # (1)
    ...
  1. See ListAliasesResponseTypeDef
Usage example with kwargs
kwargs: ListAliasesRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.list_aliases(**kwargs)
  1. See ListAliasesRequestRequestTypeDef

list_grants

Gets a list of all grants for the specified KMS key.

Type annotations and code completion for boto3.client("kms").list_grants method. boto3 documentation

Method definition
def list_grants(
    self,
    *,
    KeyId: str,
    Limit: int = ...,
    Marker: str = ...,
    GrantId: str = ...,
    GranteePrincipal: str = ...,
) -> ListGrantsResponseTypeDef:  # (1)
    ...
  1. See ListGrantsResponseTypeDef
Usage example with kwargs
kwargs: ListGrantsRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.list_grants(**kwargs)
  1. See ListGrantsRequestRequestTypeDef

list_key_policies

Gets the names of the key policies that are attached to a KMS key.

Type annotations and code completion for boto3.client("kms").list_key_policies method. boto3 documentation

Method definition
def list_key_policies(
    self,
    *,
    KeyId: str,
    Limit: int = ...,
    Marker: str = ...,
) -> ListKeyPoliciesResponseTypeDef:  # (1)
    ...
  1. See ListKeyPoliciesResponseTypeDef
Usage example with kwargs
kwargs: ListKeyPoliciesRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.list_key_policies(**kwargs)
  1. See ListKeyPoliciesRequestRequestTypeDef

list_keys

Gets a list of all KMS keys in the caller's Amazon Web Services account and Region.

Type annotations and code completion for boto3.client("kms").list_keys method. boto3 documentation

Method definition
def list_keys(
    self,
    *,
    Limit: int = ...,
    Marker: str = ...,
) -> ListKeysResponseTypeDef:  # (1)
    ...
  1. See ListKeysResponseTypeDef
Usage example with kwargs
kwargs: ListKeysRequestRequestTypeDef = {  # (1)
    "Limit": ...,
}

parent.list_keys(**kwargs)
  1. See ListKeysRequestRequestTypeDef

list_resource_tags

Returns all tags on the specified KMS key.

Type annotations and code completion for boto3.client("kms").list_resource_tags method. boto3 documentation

Method definition
def list_resource_tags(
    self,
    *,
    KeyId: str,
    Limit: int = ...,
    Marker: str = ...,
) -> ListResourceTagsResponseTypeDef:  # (1)
    ...
  1. See ListResourceTagsResponseTypeDef
Usage example with kwargs
kwargs: ListResourceTagsRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.list_resource_tags(**kwargs)
  1. See ListResourceTagsRequestRequestTypeDef

list_retirable_grants

Returns information about all grants in the Amazon Web Services account and Region that have the specified retiring principal.

Type annotations and code completion for boto3.client("kms").list_retirable_grants method. boto3 documentation

Method definition
def list_retirable_grants(
    self,
    *,
    RetiringPrincipal: str,
    Limit: int = ...,
    Marker: str = ...,
) -> ListGrantsResponseTypeDef:  # (1)
    ...
  1. See ListGrantsResponseTypeDef
Usage example with kwargs
kwargs: ListRetirableGrantsRequestRequestTypeDef = {  # (1)
    "RetiringPrincipal": ...,
}

parent.list_retirable_grants(**kwargs)
  1. See ListRetirableGrantsRequestRequestTypeDef

put_key_policy

Attaches a key policy to the specified KMS key.

Type annotations and code completion for boto3.client("kms").put_key_policy method. boto3 documentation

Method definition
def put_key_policy(
    self,
    *,
    KeyId: str,
    PolicyName: str,
    Policy: str,
    BypassPolicyLockoutSafetyCheck: bool = ...,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
Usage example with kwargs
kwargs: PutKeyPolicyRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "PolicyName": ...,
    "Policy": ...,
}

parent.put_key_policy(**kwargs)
  1. See PutKeyPolicyRequestRequestTypeDef

re_encrypt

Decrypts ciphertext and then reencrypts it entirely within KMS.

Type annotations and code completion for boto3.client("kms").re_encrypt method. boto3 documentation

Method definition
def re_encrypt(
    self,
    *,
    CiphertextBlob: Union[str, bytes, IO[Any], StreamingBody],
    DestinationKeyId: str,
    SourceEncryptionContext: Mapping[str, str] = ...,
    SourceKeyId: str = ...,
    DestinationEncryptionContext: Mapping[str, str] = ...,
    SourceEncryptionAlgorithm: EncryptionAlgorithmSpecType = ...,  # (1)
    DestinationEncryptionAlgorithm: EncryptionAlgorithmSpecType = ...,  # (1)
    GrantTokens: Sequence[str] = ...,
) -> ReEncryptResponseTypeDef:  # (3)
    ...
  1. See EncryptionAlgorithmSpecType
  2. See EncryptionAlgorithmSpecType
  3. See ReEncryptResponseTypeDef
Usage example with kwargs
kwargs: ReEncryptRequestRequestTypeDef = {  # (1)
    "CiphertextBlob": ...,
    "DestinationKeyId": ...,
}

parent.re_encrypt(**kwargs)
  1. See ReEncryptRequestRequestTypeDef

replicate_key

Replicates a multi-Region key into the specified Region.

Type annotations and code completion for boto3.client("kms").replicate_key method. boto3 documentation

Method definition
def replicate_key(
    self,
    *,
    KeyId: str,
    ReplicaRegion: str,
    Policy: str = ...,
    BypassPolicyLockoutSafetyCheck: bool = ...,
    Description: str = ...,
    Tags: Sequence[TagTypeDef] = ...,  # (1)
) -> ReplicateKeyResponseTypeDef:  # (2)
    ...
  1. See TagTypeDef
  2. See ReplicateKeyResponseTypeDef
Usage example with kwargs
kwargs: ReplicateKeyRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "ReplicaRegion": ...,
}

parent.replicate_key(**kwargs)
  1. See ReplicateKeyRequestRequestTypeDef

retire_grant

Deletes a grant.

Type annotations and code completion for boto3.client("kms").retire_grant method. boto3 documentation

Method definition
def retire_grant(
    self,
    *,
    GrantToken: str = ...,
    KeyId: str = ...,
    GrantId: str = ...,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
Usage example with kwargs
kwargs: RetireGrantRequestRequestTypeDef = {  # (1)
    "GrantToken": ...,
}

parent.retire_grant(**kwargs)
  1. See RetireGrantRequestRequestTypeDef

revoke_grant

Deletes the specified grant.

Type annotations and code completion for boto3.client("kms").revoke_grant method. boto3 documentation

Method definition
def revoke_grant(
    self,
    *,
    KeyId: str,
    GrantId: str,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
Usage example with kwargs
kwargs: RevokeGrantRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "GrantId": ...,
}

parent.revoke_grant(**kwargs)
  1. See RevokeGrantRequestRequestTypeDef

schedule_key_deletion

Schedules the deletion of a KMS key.

Type annotations and code completion for boto3.client("kms").schedule_key_deletion method. boto3 documentation

Method definition
def schedule_key_deletion(
    self,
    *,
    KeyId: str,
    PendingWindowInDays: int = ...,
) -> ScheduleKeyDeletionResponseTypeDef:  # (1)
    ...
  1. See ScheduleKeyDeletionResponseTypeDef
Usage example with kwargs
kwargs: ScheduleKeyDeletionRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
}

parent.schedule_key_deletion(**kwargs)
  1. See ScheduleKeyDeletionRequestRequestTypeDef

sign

Creates a digital signature_ for a message or message digest by using the private key in an asymmetric signing KMS key.

Type annotations and code completion for boto3.client("kms").sign method. boto3 documentation

Method definition
def sign(
    self,
    *,
    KeyId: str,
    Message: Union[str, bytes, IO[Any], StreamingBody],
    SigningAlgorithm: SigningAlgorithmSpecType,  # (1)
    MessageType: MessageTypeType = ...,  # (2)
    GrantTokens: Sequence[str] = ...,
) -> SignResponseTypeDef:  # (3)
    ...
  1. See SigningAlgorithmSpecType
  2. See MessageTypeType
  3. See SignResponseTypeDef
Usage example with kwargs
kwargs: SignRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "Message": ...,
    "SigningAlgorithm": ...,
}

parent.sign(**kwargs)
  1. See SignRequestRequestTypeDef

tag_resource

Adds or edits tags on a customer managed key_ .

Type annotations and code completion for boto3.client("kms").tag_resource method. boto3 documentation

Method definition
def tag_resource(
    self,
    *,
    KeyId: str,
    Tags: Sequence[TagTypeDef],  # (1)
) -> EmptyResponseMetadataTypeDef:  # (2)
    ...
  1. See TagTypeDef
  2. See EmptyResponseMetadataTypeDef
Usage example with kwargs
kwargs: TagResourceRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "Tags": ...,
}

parent.tag_resource(**kwargs)
  1. See TagResourceRequestRequestTypeDef

untag_resource

Deletes tags from a customer managed key_.

Type annotations and code completion for boto3.client("kms").untag_resource method. boto3 documentation

Method definition
def untag_resource(
    self,
    *,
    KeyId: str,
    TagKeys: Sequence[str],
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
Usage example with kwargs
kwargs: UntagResourceRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "TagKeys": ...,
}

parent.untag_resource(**kwargs)
  1. See UntagResourceRequestRequestTypeDef

update_alias

Associates an existing KMS alias with a different KMS key.

Type annotations and code completion for boto3.client("kms").update_alias method. boto3 documentation

Method definition
def update_alias(
    self,
    *,
    AliasName: str,
    TargetKeyId: str,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
Usage example with kwargs
kwargs: UpdateAliasRequestRequestTypeDef = {  # (1)
    "AliasName": ...,
    "TargetKeyId": ...,
}

parent.update_alias(**kwargs)
  1. See UpdateAliasRequestRequestTypeDef

update_custom_key_store

Changes the properties of a custom key store.

Type annotations and code completion for boto3.client("kms").update_custom_key_store method. boto3 documentation

Method definition
def update_custom_key_store(
    self,
    *,
    CustomKeyStoreId: str,
    NewCustomKeyStoreName: str = ...,
    KeyStorePassword: str = ...,
    CloudHsmClusterId: str = ...,
) -> Dict[str, Any]:
    ...
Usage example with kwargs
kwargs: UpdateCustomKeyStoreRequestRequestTypeDef = {  # (1)
    "CustomKeyStoreId": ...,
}

parent.update_custom_key_store(**kwargs)
  1. See UpdateCustomKeyStoreRequestRequestTypeDef

update_key_description

Updates the description of a KMS key.

Type annotations and code completion for boto3.client("kms").update_key_description method. boto3 documentation

Method definition
def update_key_description(
    self,
    *,
    KeyId: str,
    Description: str,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
Usage example with kwargs
kwargs: UpdateKeyDescriptionRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "Description": ...,
}

parent.update_key_description(**kwargs)
  1. See UpdateKeyDescriptionRequestRequestTypeDef

update_primary_region

Changes the primary key of a multi-Region key.

Type annotations and code completion for boto3.client("kms").update_primary_region method. boto3 documentation

Method definition
def update_primary_region(
    self,
    *,
    KeyId: str,
    PrimaryRegion: str,
) -> EmptyResponseMetadataTypeDef:  # (1)
    ...
  1. See EmptyResponseMetadataTypeDef
Usage example with kwargs
kwargs: UpdatePrimaryRegionRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "PrimaryRegion": ...,
}

parent.update_primary_region(**kwargs)
  1. See UpdatePrimaryRegionRequestRequestTypeDef

verify

Verifies a digital signature that was generated by the Sign operation.

Type annotations and code completion for boto3.client("kms").verify method. boto3 documentation

Method definition
def verify(
    self,
    *,
    KeyId: str,
    Message: Union[str, bytes, IO[Any], StreamingBody],
    Signature: Union[str, bytes, IO[Any], StreamingBody],
    SigningAlgorithm: SigningAlgorithmSpecType,  # (1)
    MessageType: MessageTypeType = ...,  # (2)
    GrantTokens: Sequence[str] = ...,
) -> VerifyResponseTypeDef:  # (3)
    ...
  1. See SigningAlgorithmSpecType
  2. See MessageTypeType
  3. See VerifyResponseTypeDef
Usage example with kwargs
kwargs: VerifyRequestRequestTypeDef = {  # (1)
    "KeyId": ...,
    "Message": ...,
    "Signature": ...,
    "SigningAlgorithm": ...,
}

parent.verify(**kwargs)
  1. See VerifyRequestRequestTypeDef

verify_mac

Verifies the hash-based message authentication code (HMAC) for a specified message, HMAC KMS key, and MAC algorithm.

Type annotations and code completion for boto3.client("kms").verify_mac method. boto3 documentation

Method definition
def verify_mac(
    self,
    *,
    Message: Union[str, bytes, IO[Any], StreamingBody],
    KeyId: str,
    MacAlgorithm: MacAlgorithmSpecType,  # (1)
    Mac: Union[str, bytes, IO[Any], StreamingBody],
    GrantTokens: Sequence[str] = ...,
) -> VerifyMacResponseTypeDef:  # (2)
    ...
  1. See MacAlgorithmSpecType
  2. See VerifyMacResponseTypeDef
Usage example with kwargs
kwargs: VerifyMacRequestRequestTypeDef = {  # (1)
    "Message": ...,
    "KeyId": ...,
    "MacAlgorithm": ...,
    "Mac": ...,
}

parent.verify_mac(**kwargs)
  1. See VerifyMacRequestRequestTypeDef

get_paginator

Type annotations and code completion for boto3.client("kms").get_paginator method with overloads.