KMSClient#
Auto-generated documentation for KMS type annotations stubs module types-boto3-kms.
KMSClient#
Type annotations and code completion for boto3.client("kms").
boto3 documentation
# KMSClient usage example
from boto3.session import Session
from types_boto3_kms.client import KMSClient
def get_kms_client() -> KMSClient:
return Session().client("kms")Exceptions#
boto3 client exceptions are generated in runtime.
This class provides code completion for boto3.client("kms").exceptions structure.
# Exceptions.exceptions usage example
client = boto3.client("kms")
try:
do_something(client)
except (
client.exceptions.AlreadyExistsException,
client.exceptions.ClientError,
client.exceptions.CloudHsmClusterInUseException,
client.exceptions.CloudHsmClusterInvalidConfigurationException,
client.exceptions.CloudHsmClusterNotActiveException,
client.exceptions.CloudHsmClusterNotFoundException,
client.exceptions.CloudHsmClusterNotRelatedException,
client.exceptions.ConflictException,
client.exceptions.CustomKeyStoreHasCMKsException,
client.exceptions.CustomKeyStoreInvalidStateException,
client.exceptions.CustomKeyStoreNameInUseException,
client.exceptions.CustomKeyStoreNotFoundException,
client.exceptions.DependencyTimeoutException,
client.exceptions.DisabledException,
client.exceptions.DryRunOperationException,
client.exceptions.ExpiredImportTokenException,
client.exceptions.IncorrectKeyException,
client.exceptions.IncorrectKeyMaterialException,
client.exceptions.IncorrectTrustAnchorException,
client.exceptions.InvalidAliasNameException,
client.exceptions.InvalidArnException,
client.exceptions.InvalidCiphertextException,
client.exceptions.InvalidGrantIdException,
client.exceptions.InvalidGrantTokenException,
client.exceptions.InvalidImportTokenException,
client.exceptions.InvalidKeyUsageException,
client.exceptions.InvalidMarkerException,
client.exceptions.KMSInternalException,
client.exceptions.KMSInvalidMacException,
client.exceptions.KMSInvalidSignatureException,
client.exceptions.KMSInvalidStateException,
client.exceptions.KeyUnavailableException,
client.exceptions.LimitExceededException,
client.exceptions.MalformedPolicyDocumentException,
client.exceptions.NotFoundException,
client.exceptions.TagException,
client.exceptions.UnsupportedOperationException,
client.exceptions.XksKeyAlreadyInUseException,
client.exceptions.XksKeyInvalidConfigurationException,
client.exceptions.XksKeyNotFoundException,
client.exceptions.XksProxyIncorrectAuthenticationCredentialException,
client.exceptions.XksProxyInvalidConfigurationException,
client.exceptions.XksProxyInvalidResponseException,
client.exceptions.XksProxyUriEndpointInUseException,
client.exceptions.XksProxyUriInUseException,
client.exceptions.XksProxyUriUnreachableException,
client.exceptions.XksProxyVpcEndpointServiceInUseException,
client.exceptions.XksProxyVpcEndpointServiceInvalidConfigurationException,
client.exceptions.XksProxyVpcEndpointServiceNotFoundException,
) as e:
print(e)# Exceptions.exceptions type checking example
from types_boto3_kms.client import Exceptions
def handle_error(exc: Exceptions.AlreadyExistsException) -> None:
...Methods#
can_paginate#
Type annotations and code completion for boto3.client("kms").can_paginate method.
boto3 documentation
# can_paginate method definition
def can_paginate(
self,
operation_name: str,
) -> bool:
...generate_presigned_url#
Type annotations and code completion for boto3.client("kms").generate_presigned_url method.
boto3 documentation
# generate_presigned_url method definition
def generate_presigned_url(
self,
ClientMethod: str,
Params: Mapping[str, Any] = ...,
ExpiresIn: int = 3600,
HttpMethod: str = ...,
) -> str:
...cancel_key_deletion#
Cancels the deletion of a KMS key.
Type annotations and code completion for boto3.client("kms").cancel_key_deletion method.
boto3 documentation
# cancel_key_deletion method definition
def cancel_key_deletion(
self,
*,
KeyId: str,
) -> CancelKeyDeletionResponseTypeDef: # (1)
...# cancel_key_deletion method usage example with argument unpacking
kwargs: CancelKeyDeletionRequestTypeDef = { # (1)
"KeyId": ...,
}
parent.cancel_key_deletion(**kwargs)connect_custom_key_store#
Connects or reconnects a custom key store to its backing key store.
Type annotations and code completion for boto3.client("kms").connect_custom_key_store method.
boto3 documentation
# connect_custom_key_store method definition
def connect_custom_key_store(
self,
*,
CustomKeyStoreId: str,
) -> Dict[str, Any]:
...# connect_custom_key_store method usage example with argument unpacking
kwargs: ConnectCustomKeyStoreRequestTypeDef = { # (1)
"CustomKeyStoreId": ...,
}
parent.connect_custom_key_store(**kwargs)create_alias#
Creates a friendly name for a KMS key.
Type annotations and code completion for boto3.client("kms").create_alias method.
boto3 documentation
# create_alias method definition
def create_alias(
self,
*,
AliasName: str,
TargetKeyId: str,
) -> EmptyResponseMetadataTypeDef: # (1)
...# create_alias method usage example with argument unpacking
kwargs: CreateAliasRequestTypeDef = { # (1)
"AliasName": ...,
"TargetKeyId": ...,
}
parent.create_alias(**kwargs)create_custom_key_store#
Creates a custom key store backed by a key store that you own and manage.
Type annotations and code completion for boto3.client("kms").create_custom_key_store method.
boto3 documentation
# create_custom_key_store method definition
def create_custom_key_store(
self,
*,
CustomKeyStoreName: str,
CloudHsmClusterId: str = ...,
TrustAnchorCertificate: str = ...,
KeyStorePassword: str = ...,
CustomKeyStoreType: CustomKeyStoreTypeType = ..., # (1)
XksProxyUriEndpoint: str = ...,
XksProxyUriPath: str = ...,
XksProxyVpcEndpointServiceName: str = ...,
XksProxyAuthenticationCredential: XksProxyAuthenticationCredentialTypeTypeDef = ..., # (2)
XksProxyConnectivity: XksProxyConnectivityTypeType = ..., # (3)
) -> CreateCustomKeyStoreResponseTypeDef: # (4)
...- See CustomKeyStoreTypeType
- See XksProxyAuthenticationCredentialTypeTypeDef
- See XksProxyConnectivityTypeType
- See CreateCustomKeyStoreResponseTypeDef
# create_custom_key_store method usage example with argument unpacking
kwargs: CreateCustomKeyStoreRequestTypeDef = { # (1)
"CustomKeyStoreName": ...,
}
parent.create_custom_key_store(**kwargs)create_grant#
Adds a grant to a KMS key.
Type annotations and code completion for boto3.client("kms").create_grant method.
boto3 documentation
# create_grant method definition
def create_grant(
self,
*,
KeyId: str,
GranteePrincipal: str,
Operations: Sequence[GrantOperationType], # (1)
RetiringPrincipal: str = ...,
Constraints: GrantConstraintsUnionTypeDef = ..., # (2)
GrantTokens: Sequence[str] = ...,
Name: str = ...,
DryRun: bool = ...,
) -> CreateGrantResponseTypeDef: # (3)
...- See GrantOperationType
- See GrantConstraintsTypeDef GrantConstraintsOutputTypeDef
- See CreateGrantResponseTypeDef
# create_grant method usage example with argument unpacking
kwargs: CreateGrantRequestTypeDef = { # (1)
"KeyId": ...,
"GranteePrincipal": ...,
"Operations": ...,
}
parent.create_grant(**kwargs)create_key#
Creates a unique customer managed KMS key in your Amazon Web Services account and Region.
Type annotations and code completion for boto3.client("kms").create_key method.
boto3 documentation
# create_key method definition
def create_key(
self,
*,
Policy: str = ...,
Description: str = ...,
KeyUsage: KeyUsageTypeType = ..., # (1)
CustomerMasterKeySpec: CustomerMasterKeySpecType = ..., # (2)
KeySpec: KeySpecType = ..., # (3)
Origin: OriginTypeType = ..., # (4)
CustomKeyStoreId: str = ...,
BypassPolicyLockoutSafetyCheck: bool = ...,
Tags: Sequence[TagTypeDef] = ..., # (5)
MultiRegion: bool = ...,
XksKeyId: str = ...,
) -> CreateKeyResponseTypeDef: # (6)
...- See KeyUsageTypeType
- See CustomerMasterKeySpecType
- See KeySpecType
- See OriginTypeType
- See TagTypeDef
- See CreateKeyResponseTypeDef
# create_key method usage example with argument unpacking
kwargs: CreateKeyRequestTypeDef = { # (1)
"Policy": ...,
}
parent.create_key(**kwargs)decrypt#
Decrypts ciphertext that was encrypted by a KMS key using any of the following operations:.
Type annotations and code completion for boto3.client("kms").decrypt method.
boto3 documentation
# decrypt method definition
def decrypt(
self,
*,
CiphertextBlob: BlobTypeDef,
EncryptionContext: Mapping[str, str] = ...,
GrantTokens: Sequence[str] = ...,
KeyId: str = ...,
EncryptionAlgorithm: EncryptionAlgorithmSpecType = ..., # (1)
Recipient: RecipientInfoTypeDef = ..., # (2)
DryRun: bool = ...,
) -> DecryptResponseTypeDef: # (3)
...# decrypt method usage example with argument unpacking
kwargs: DecryptRequestTypeDef = { # (1)
"CiphertextBlob": ...,
}
parent.decrypt(**kwargs)delete_alias#
Deletes the specified alias.
Type annotations and code completion for boto3.client("kms").delete_alias method.
boto3 documentation
# delete_alias method definition
def delete_alias(
self,
*,
AliasName: str,
) -> EmptyResponseMetadataTypeDef: # (1)
...# delete_alias method usage example with argument unpacking
kwargs: DeleteAliasRequestTypeDef = { # (1)
"AliasName": ...,
}
parent.delete_alias(**kwargs)delete_custom_key_store#
Deletes a custom key store.
Type annotations and code completion for boto3.client("kms").delete_custom_key_store method.
boto3 documentation
# delete_custom_key_store method definition
def delete_custom_key_store(
self,
*,
CustomKeyStoreId: str,
) -> Dict[str, Any]:
...# delete_custom_key_store method usage example with argument unpacking
kwargs: DeleteCustomKeyStoreRequestTypeDef = { # (1)
"CustomKeyStoreId": ...,
}
parent.delete_custom_key_store(**kwargs)delete_imported_key_material#
Deletes key material that was previously imported.
Type annotations and code completion for boto3.client("kms").delete_imported_key_material method.
boto3 documentation
# delete_imported_key_material method definition
def delete_imported_key_material(
self,
*,
KeyId: str,
) -> EmptyResponseMetadataTypeDef: # (1)
...# delete_imported_key_material method usage example with argument unpacking
kwargs: DeleteImportedKeyMaterialRequestTypeDef = { # (1)
"KeyId": ...,
}
parent.delete_imported_key_material(**kwargs)derive_shared_secret#
Derives a shared secret using a key agreement algorithm.
Type annotations and code completion for boto3.client("kms").derive_shared_secret method.
boto3 documentation
# derive_shared_secret method definition
def derive_shared_secret(
self,
*,
KeyId: str,
KeyAgreementAlgorithm: KeyAgreementAlgorithmSpecType, # (1)
PublicKey: BlobTypeDef,
GrantTokens: Sequence[str] = ...,
DryRun: bool = ...,
Recipient: RecipientInfoTypeDef = ..., # (2)
) -> DeriveSharedSecretResponseTypeDef: # (3)
...# derive_shared_secret method usage example with argument unpacking
kwargs: DeriveSharedSecretRequestTypeDef = { # (1)
"KeyId": ...,
"KeyAgreementAlgorithm": ...,
"PublicKey": ...,
}
parent.derive_shared_secret(**kwargs)describe_custom_key_stores#
Gets information about custom key stores in the account and Region.
Type annotations and code completion for boto3.client("kms").describe_custom_key_stores method.
boto3 documentation
# describe_custom_key_stores method definition
def describe_custom_key_stores(
self,
*,
CustomKeyStoreId: str = ...,
CustomKeyStoreName: str = ...,
Limit: int = ...,
Marker: str = ...,
) -> DescribeCustomKeyStoresResponseTypeDef: # (1)
...# describe_custom_key_stores method usage example with argument unpacking
kwargs: DescribeCustomKeyStoresRequestTypeDef = { # (1)
"CustomKeyStoreId": ...,
}
parent.describe_custom_key_stores(**kwargs)describe_key#
Provides detailed information about a KMS key.
Type annotations and code completion for boto3.client("kms").describe_key method.
boto3 documentation
# describe_key method definition
def describe_key(
self,
*,
KeyId: str,
GrantTokens: Sequence[str] = ...,
) -> DescribeKeyResponseTypeDef: # (1)
...# describe_key method usage example with argument unpacking
kwargs: DescribeKeyRequestTypeDef = { # (1)
"KeyId": ...,
}
parent.describe_key(**kwargs)disable_key#
Sets the state of a KMS key to disabled.
Type annotations and code completion for boto3.client("kms").disable_key method.
boto3 documentation
# disable_key method definition
def disable_key(
self,
*,
KeyId: str,
) -> EmptyResponseMetadataTypeDef: # (1)
...# disable_key method usage example with argument unpacking
kwargs: DisableKeyRequestTypeDef = { # (1)
"KeyId": ...,
}
parent.disable_key(**kwargs)disable_key_rotation#
Disables automatic rotation of the key material of the specified symmetric encryption KMS key.
Type annotations and code completion for boto3.client("kms").disable_key_rotation method.
boto3 documentation
# disable_key_rotation method definition
def disable_key_rotation(
self,
*,
KeyId: str,
) -> EmptyResponseMetadataTypeDef: # (1)
...# disable_key_rotation method usage example with argument unpacking
kwargs: DisableKeyRotationRequestTypeDef = { # (1)
"KeyId": ...,
}
parent.disable_key_rotation(**kwargs)disconnect_custom_key_store#
Disconnects the custom key store from its backing key store.
Type annotations and code completion for boto3.client("kms").disconnect_custom_key_store method.
boto3 documentation
# disconnect_custom_key_store method definition
def disconnect_custom_key_store(
self,
*,
CustomKeyStoreId: str,
) -> Dict[str, Any]:
...# disconnect_custom_key_store method usage example with argument unpacking
kwargs: DisconnectCustomKeyStoreRequestTypeDef = { # (1)
"CustomKeyStoreId": ...,
}
parent.disconnect_custom_key_store(**kwargs)enable_key#
Sets the key state of a KMS key to enabled.
Type annotations and code completion for boto3.client("kms").enable_key method.
boto3 documentation
# enable_key method definition
def enable_key(
self,
*,
KeyId: str,
) -> EmptyResponseMetadataTypeDef: # (1)
...# enable_key method usage example with argument unpacking
kwargs: EnableKeyRequestTypeDef = { # (1)
"KeyId": ...,
}
parent.enable_key(**kwargs)enable_key_rotation#
Enables automatic rotation of the key material of the specified symmetric encryption KMS key.
Type annotations and code completion for boto3.client("kms").enable_key_rotation method.
boto3 documentation
# enable_key_rotation method definition
def enable_key_rotation(
self,
*,
KeyId: str,
RotationPeriodInDays: int = ...,
) -> EmptyResponseMetadataTypeDef: # (1)
...# enable_key_rotation method usage example with argument unpacking
kwargs: EnableKeyRotationRequestTypeDef = { # (1)
"KeyId": ...,
}
parent.enable_key_rotation(**kwargs)encrypt#
Encrypts plaintext of up to 4,096 bytes using a KMS key.
Type annotations and code completion for boto3.client("kms").encrypt method.
boto3 documentation
# encrypt method definition
def encrypt(
self,
*,
KeyId: str,
Plaintext: BlobTypeDef,
EncryptionContext: Mapping[str, str] = ...,
GrantTokens: Sequence[str] = ...,
EncryptionAlgorithm: EncryptionAlgorithmSpecType = ..., # (1)
DryRun: bool = ...,
) -> EncryptResponseTypeDef: # (2)
...# encrypt method usage example with argument unpacking
kwargs: EncryptRequestTypeDef = { # (1)
"KeyId": ...,
"Plaintext": ...,
}
parent.encrypt(**kwargs)generate_data_key#
Returns a unique symmetric data key for use outside of KMS.
Type annotations and code completion for boto3.client("kms").generate_data_key method.
boto3 documentation
# generate_data_key method definition
def generate_data_key(
self,
*,
KeyId: str,
EncryptionContext: Mapping[str, str] = ...,
NumberOfBytes: int = ...,
KeySpec: DataKeySpecType = ..., # (1)
GrantTokens: Sequence[str] = ...,
Recipient: RecipientInfoTypeDef = ..., # (2)
DryRun: bool = ...,
) -> GenerateDataKeyResponseTypeDef: # (3)
...# generate_data_key method usage example with argument unpacking
kwargs: GenerateDataKeyRequestTypeDef = { # (1)
"KeyId": ...,
}
parent.generate_data_key(**kwargs)generate_data_key_pair#
Returns a unique asymmetric data key pair for use outside of KMS.
Type annotations and code completion for boto3.client("kms").generate_data_key_pair method.
boto3 documentation
# generate_data_key_pair method definition
def generate_data_key_pair(
self,
*,
KeyId: str,
KeyPairSpec: DataKeyPairSpecType, # (1)
EncryptionContext: Mapping[str, str] = ...,
GrantTokens: Sequence[str] = ...,
Recipient: RecipientInfoTypeDef = ..., # (2)
DryRun: bool = ...,
) -> GenerateDataKeyPairResponseTypeDef: # (3)
...# generate_data_key_pair method usage example with argument unpacking
kwargs: GenerateDataKeyPairRequestTypeDef = { # (1)
"KeyId": ...,
"KeyPairSpec": ...,
}
parent.generate_data_key_pair(**kwargs)generate_data_key_pair_without_plaintext#
Returns a unique asymmetric data key pair for use outside of KMS.
Type annotations and code completion for boto3.client("kms").generate_data_key_pair_without_plaintext method.
boto3 documentation
# generate_data_key_pair_without_plaintext method definition
def generate_data_key_pair_without_plaintext(
self,
*,
KeyId: str,
KeyPairSpec: DataKeyPairSpecType, # (1)
EncryptionContext: Mapping[str, str] = ...,
GrantTokens: Sequence[str] = ...,
DryRun: bool = ...,
) -> GenerateDataKeyPairWithoutPlaintextResponseTypeDef: # (2)
...# generate_data_key_pair_without_plaintext method usage example with argument unpacking
kwargs: GenerateDataKeyPairWithoutPlaintextRequestTypeDef = { # (1)
"KeyId": ...,
"KeyPairSpec": ...,
}
parent.generate_data_key_pair_without_plaintext(**kwargs)generate_data_key_without_plaintext#
Returns a unique symmetric data key for use outside of KMS.
Type annotations and code completion for boto3.client("kms").generate_data_key_without_plaintext method.
boto3 documentation
# generate_data_key_without_plaintext method definition
def generate_data_key_without_plaintext(
self,
*,
KeyId: str,
EncryptionContext: Mapping[str, str] = ...,
KeySpec: DataKeySpecType = ..., # (1)
NumberOfBytes: int = ...,
GrantTokens: Sequence[str] = ...,
DryRun: bool = ...,
) -> GenerateDataKeyWithoutPlaintextResponseTypeDef: # (2)
...# generate_data_key_without_plaintext method usage example with argument unpacking
kwargs: GenerateDataKeyWithoutPlaintextRequestTypeDef = { # (1)
"KeyId": ...,
}
parent.generate_data_key_without_plaintext(**kwargs)generate_mac#
Generates a hash-based message authentication code (HMAC) for a message using an HMAC KMS key and a MAC algorithm that the key supports.
Type annotations and code completion for boto3.client("kms").generate_mac method.
boto3 documentation
# generate_mac method definition
def generate_mac(
self,
*,
Message: BlobTypeDef,
KeyId: str,
MacAlgorithm: MacAlgorithmSpecType, # (1)
GrantTokens: Sequence[str] = ...,
DryRun: bool = ...,
) -> GenerateMacResponseTypeDef: # (2)
...# generate_mac method usage example with argument unpacking
kwargs: GenerateMacRequestTypeDef = { # (1)
"Message": ...,
"KeyId": ...,
"MacAlgorithm": ...,
}
parent.generate_mac(**kwargs)generate_random#
Returns a random byte string that is cryptographically secure.
Type annotations and code completion for boto3.client("kms").generate_random method.
boto3 documentation
# generate_random method definition
def generate_random(
self,
*,
NumberOfBytes: int = ...,
CustomKeyStoreId: str = ...,
Recipient: RecipientInfoTypeDef = ..., # (1)
) -> GenerateRandomResponseTypeDef: # (2)
...# generate_random method usage example with argument unpacking
kwargs: GenerateRandomRequestTypeDef = { # (1)
"NumberOfBytes": ...,
}
parent.generate_random(**kwargs)get_key_policy#
Gets a key policy attached to the specified KMS key.
Type annotations and code completion for boto3.client("kms").get_key_policy method.
boto3 documentation
# get_key_policy method definition
def get_key_policy(
self,
*,
KeyId: str,
PolicyName: str = ...,
) -> GetKeyPolicyResponseTypeDef: # (1)
...# get_key_policy method usage example with argument unpacking
kwargs: GetKeyPolicyRequestTypeDef = { # (1)
"KeyId": ...,
}
parent.get_key_policy(**kwargs)get_key_rotation_status#
Provides detailed information about the rotation status for a KMS key, including whether automatic rotation of the key material is enabled for the specified KMS key, the <a href="https://docs.aws.amazon.com/kms/l...
Type annotations and code completion for boto3.client("kms").get_key_rotation_status method.
boto3 documentation
# get_key_rotation_status method definition
def get_key_rotation_status(
self,
*,
KeyId: str,
) -> GetKeyRotationStatusResponseTypeDef: # (1)
...# get_key_rotation_status method usage example with argument unpacking
kwargs: GetKeyRotationStatusRequestTypeDef = { # (1)
"KeyId": ...,
}
parent.get_key_rotation_status(**kwargs)get_parameters_for_import#
Returns the public key and an import token you need to import or reimport key material for a KMS key.
Type annotations and code completion for boto3.client("kms").get_parameters_for_import method.
boto3 documentation
# get_parameters_for_import method definition
def get_parameters_for_import(
self,
*,
KeyId: str,
WrappingAlgorithm: AlgorithmSpecType, # (1)
WrappingKeySpec: WrappingKeySpecType, # (2)
) -> GetParametersForImportResponseTypeDef: # (3)
...# get_parameters_for_import method usage example with argument unpacking
kwargs: GetParametersForImportRequestTypeDef = { # (1)
"KeyId": ...,
"WrappingAlgorithm": ...,
"WrappingKeySpec": ...,
}
parent.get_parameters_for_import(**kwargs)get_public_key#
Returns the public key of an asymmetric KMS key.
Type annotations and code completion for boto3.client("kms").get_public_key method.
boto3 documentation
# get_public_key method definition
def get_public_key(
self,
*,
KeyId: str,
GrantTokens: Sequence[str] = ...,
) -> GetPublicKeyResponseTypeDef: # (1)
...# get_public_key method usage example with argument unpacking
kwargs: GetPublicKeyRequestTypeDef = { # (1)
"KeyId": ...,
}
parent.get_public_key(**kwargs)import_key_material#
Imports or reimports key material into an existing KMS key that was created without key material.
Type annotations and code completion for boto3.client("kms").import_key_material method.
boto3 documentation
# import_key_material method definition
def import_key_material(
self,
*,
KeyId: str,
ImportToken: BlobTypeDef,
EncryptedKeyMaterial: BlobTypeDef,
ValidTo: TimestampTypeDef = ...,
ExpirationModel: ExpirationModelTypeType = ..., # (1)
) -> Dict[str, Any]:
...# import_key_material method usage example with argument unpacking
kwargs: ImportKeyMaterialRequestTypeDef = { # (1)
"KeyId": ...,
"ImportToken": ...,
"EncryptedKeyMaterial": ...,
}
parent.import_key_material(**kwargs)list_aliases#
Gets a list of aliases in the caller's Amazon Web Services account and region.
Type annotations and code completion for boto3.client("kms").list_aliases method.
boto3 documentation
# list_aliases method definition
def list_aliases(
self,
*,
KeyId: str = ...,
Limit: int = ...,
Marker: str = ...,
) -> ListAliasesResponseTypeDef: # (1)
...# list_aliases method usage example with argument unpacking
kwargs: ListAliasesRequestTypeDef = { # (1)
"KeyId": ...,
}
parent.list_aliases(**kwargs)list_grants#
Gets a list of all grants for the specified KMS key.
Type annotations and code completion for boto3.client("kms").list_grants method.
boto3 documentation
# list_grants method definition
def list_grants(
self,
*,
KeyId: str,
Limit: int = ...,
Marker: str = ...,
GrantId: str = ...,
GranteePrincipal: str = ...,
) -> ListGrantsResponseTypeDef: # (1)
...# list_grants method usage example with argument unpacking
kwargs: ListGrantsRequestTypeDef = { # (1)
"KeyId": ...,
}
parent.list_grants(**kwargs)list_key_policies#
Gets the names of the key policies that are attached to a KMS key.
Type annotations and code completion for boto3.client("kms").list_key_policies method.
boto3 documentation
# list_key_policies method definition
def list_key_policies(
self,
*,
KeyId: str,
Limit: int = ...,
Marker: str = ...,
) -> ListKeyPoliciesResponseTypeDef: # (1)
...# list_key_policies method usage example with argument unpacking
kwargs: ListKeyPoliciesRequestTypeDef = { # (1)
"KeyId": ...,
}
parent.list_key_policies(**kwargs)list_key_rotations#
Returns information about all completed key material rotations for the specified KMS key.
Type annotations and code completion for boto3.client("kms").list_key_rotations method.
boto3 documentation
# list_key_rotations method definition
def list_key_rotations(
self,
*,
KeyId: str,
Limit: int = ...,
Marker: str = ...,
) -> ListKeyRotationsResponseTypeDef: # (1)
...# list_key_rotations method usage example with argument unpacking
kwargs: ListKeyRotationsRequestTypeDef = { # (1)
"KeyId": ...,
}
parent.list_key_rotations(**kwargs)list_keys#
Gets a list of all KMS keys in the caller's Amazon Web Services account and Region.
Type annotations and code completion for boto3.client("kms").list_keys method.
boto3 documentation
# list_keys method definition
def list_keys(
self,
*,
Limit: int = ...,
Marker: str = ...,
) -> ListKeysResponseTypeDef: # (1)
...# list_keys method usage example with argument unpacking
kwargs: ListKeysRequestTypeDef = { # (1)
"Limit": ...,
}
parent.list_keys(**kwargs)list_resource_tags#
Returns all tags on the specified KMS key.
Type annotations and code completion for boto3.client("kms").list_resource_tags method.
boto3 documentation
# list_resource_tags method definition
def list_resource_tags(
self,
*,
KeyId: str,
Limit: int = ...,
Marker: str = ...,
) -> ListResourceTagsResponseTypeDef: # (1)
...# list_resource_tags method usage example with argument unpacking
kwargs: ListResourceTagsRequestTypeDef = { # (1)
"KeyId": ...,
}
parent.list_resource_tags(**kwargs)list_retirable_grants#
Returns information about all grants in the Amazon Web Services account and Region that have the specified retiring principal.
Type annotations and code completion for boto3.client("kms").list_retirable_grants method.
boto3 documentation
# list_retirable_grants method definition
def list_retirable_grants(
self,
*,
RetiringPrincipal: str,
Limit: int = ...,
Marker: str = ...,
) -> ListGrantsResponseTypeDef: # (1)
...# list_retirable_grants method usage example with argument unpacking
kwargs: ListRetirableGrantsRequestTypeDef = { # (1)
"RetiringPrincipal": ...,
}
parent.list_retirable_grants(**kwargs)put_key_policy#
Attaches a key policy to the specified KMS key.
Type annotations and code completion for boto3.client("kms").put_key_policy method.
boto3 documentation
# put_key_policy method definition
def put_key_policy(
self,
*,
KeyId: str,
Policy: str,
PolicyName: str = ...,
BypassPolicyLockoutSafetyCheck: bool = ...,
) -> EmptyResponseMetadataTypeDef: # (1)
...# put_key_policy method usage example with argument unpacking
kwargs: PutKeyPolicyRequestTypeDef = { # (1)
"KeyId": ...,
"Policy": ...,
}
parent.put_key_policy(**kwargs)re_encrypt#
Decrypts ciphertext and then reencrypts it entirely within KMS.
Type annotations and code completion for boto3.client("kms").re_encrypt method.
boto3 documentation
# re_encrypt method definition
def re_encrypt(
self,
*,
CiphertextBlob: BlobTypeDef,
DestinationKeyId: str,
SourceEncryptionContext: Mapping[str, str] = ...,
SourceKeyId: str = ...,
DestinationEncryptionContext: Mapping[str, str] = ...,
SourceEncryptionAlgorithm: EncryptionAlgorithmSpecType = ..., # (1)
DestinationEncryptionAlgorithm: EncryptionAlgorithmSpecType = ..., # (1)
GrantTokens: Sequence[str] = ...,
DryRun: bool = ...,
) -> ReEncryptResponseTypeDef: # (3)
...# re_encrypt method usage example with argument unpacking
kwargs: ReEncryptRequestTypeDef = { # (1)
"CiphertextBlob": ...,
"DestinationKeyId": ...,
}
parent.re_encrypt(**kwargs)replicate_key#
Replicates a multi-Region key into the specified Region.
Type annotations and code completion for boto3.client("kms").replicate_key method.
boto3 documentation
# replicate_key method definition
def replicate_key(
self,
*,
KeyId: str,
ReplicaRegion: str,
Policy: str = ...,
BypassPolicyLockoutSafetyCheck: bool = ...,
Description: str = ...,
Tags: Sequence[TagTypeDef] = ..., # (1)
) -> ReplicateKeyResponseTypeDef: # (2)
...# replicate_key method usage example with argument unpacking
kwargs: ReplicateKeyRequestTypeDef = { # (1)
"KeyId": ...,
"ReplicaRegion": ...,
}
parent.replicate_key(**kwargs)retire_grant#
Deletes a grant.
Type annotations and code completion for boto3.client("kms").retire_grant method.
boto3 documentation
# retire_grant method definition
def retire_grant(
self,
*,
GrantToken: str = ...,
KeyId: str = ...,
GrantId: str = ...,
DryRun: bool = ...,
) -> EmptyResponseMetadataTypeDef: # (1)
...# retire_grant method usage example with argument unpacking
kwargs: RetireGrantRequestTypeDef = { # (1)
"GrantToken": ...,
}
parent.retire_grant(**kwargs)revoke_grant#
Deletes the specified grant.
Type annotations and code completion for boto3.client("kms").revoke_grant method.
boto3 documentation
# revoke_grant method definition
def revoke_grant(
self,
*,
KeyId: str,
GrantId: str,
DryRun: bool = ...,
) -> EmptyResponseMetadataTypeDef: # (1)
...# revoke_grant method usage example with argument unpacking
kwargs: RevokeGrantRequestTypeDef = { # (1)
"KeyId": ...,
"GrantId": ...,
}
parent.revoke_grant(**kwargs)rotate_key_on_demand#
Immediately initiates rotation of the key material of the specified symmetric encryption KMS key.
Type annotations and code completion for boto3.client("kms").rotate_key_on_demand method.
boto3 documentation
# rotate_key_on_demand method definition
def rotate_key_on_demand(
self,
*,
KeyId: str,
) -> RotateKeyOnDemandResponseTypeDef: # (1)
...# rotate_key_on_demand method usage example with argument unpacking
kwargs: RotateKeyOnDemandRequestTypeDef = { # (1)
"KeyId": ...,
}
parent.rotate_key_on_demand(**kwargs)schedule_key_deletion#
Schedules the deletion of a KMS key.
Type annotations and code completion for boto3.client("kms").schedule_key_deletion method.
boto3 documentation
# schedule_key_deletion method definition
def schedule_key_deletion(
self,
*,
KeyId: str,
PendingWindowInDays: int = ...,
) -> ScheduleKeyDeletionResponseTypeDef: # (1)
...# schedule_key_deletion method usage example with argument unpacking
kwargs: ScheduleKeyDeletionRequestTypeDef = { # (1)
"KeyId": ...,
}
parent.schedule_key_deletion(**kwargs)sign#
Creates a digital signature for a message or message digest by using the private key in an asymmetric signing KMS key.
Type annotations and code completion for boto3.client("kms").sign method.
boto3 documentation
# sign method definition
def sign(
self,
*,
KeyId: str,
Message: BlobTypeDef,
SigningAlgorithm: SigningAlgorithmSpecType, # (1)
MessageType: MessageTypeType = ..., # (2)
GrantTokens: Sequence[str] = ...,
DryRun: bool = ...,
) -> SignResponseTypeDef: # (3)
...# sign method usage example with argument unpacking
kwargs: SignRequestTypeDef = { # (1)
"KeyId": ...,
"Message": ...,
"SigningAlgorithm": ...,
}
parent.sign(**kwargs)tag_resource#
Adds or edits tags on a customer managed key.
Type annotations and code completion for boto3.client("kms").tag_resource method.
boto3 documentation
# tag_resource method definition
def tag_resource(
self,
*,
KeyId: str,
Tags: Sequence[TagTypeDef], # (1)
) -> EmptyResponseMetadataTypeDef: # (2)
...# tag_resource method usage example with argument unpacking
kwargs: TagResourceRequestTypeDef = { # (1)
"KeyId": ...,
"Tags": ...,
}
parent.tag_resource(**kwargs)untag_resource#
Deletes tags from a customer managed key.
Type annotations and code completion for boto3.client("kms").untag_resource method.
boto3 documentation
# untag_resource method definition
def untag_resource(
self,
*,
KeyId: str,
TagKeys: Sequence[str],
) -> EmptyResponseMetadataTypeDef: # (1)
...# untag_resource method usage example with argument unpacking
kwargs: UntagResourceRequestTypeDef = { # (1)
"KeyId": ...,
"TagKeys": ...,
}
parent.untag_resource(**kwargs)update_alias#
Associates an existing KMS alias with a different KMS key.
Type annotations and code completion for boto3.client("kms").update_alias method.
boto3 documentation
# update_alias method definition
def update_alias(
self,
*,
AliasName: str,
TargetKeyId: str,
) -> EmptyResponseMetadataTypeDef: # (1)
...# update_alias method usage example with argument unpacking
kwargs: UpdateAliasRequestTypeDef = { # (1)
"AliasName": ...,
"TargetKeyId": ...,
}
parent.update_alias(**kwargs)update_custom_key_store#
Changes the properties of a custom key store.
Type annotations and code completion for boto3.client("kms").update_custom_key_store method.
boto3 documentation
# update_custom_key_store method definition
def update_custom_key_store(
self,
*,
CustomKeyStoreId: str,
NewCustomKeyStoreName: str = ...,
KeyStorePassword: str = ...,
CloudHsmClusterId: str = ...,
XksProxyUriEndpoint: str = ...,
XksProxyUriPath: str = ...,
XksProxyVpcEndpointServiceName: str = ...,
XksProxyAuthenticationCredential: XksProxyAuthenticationCredentialTypeTypeDef = ..., # (1)
XksProxyConnectivity: XksProxyConnectivityTypeType = ..., # (2)
) -> Dict[str, Any]:
...# update_custom_key_store method usage example with argument unpacking
kwargs: UpdateCustomKeyStoreRequestTypeDef = { # (1)
"CustomKeyStoreId": ...,
}
parent.update_custom_key_store(**kwargs)update_key_description#
Updates the description of a KMS key.
Type annotations and code completion for boto3.client("kms").update_key_description method.
boto3 documentation
# update_key_description method definition
def update_key_description(
self,
*,
KeyId: str,
Description: str,
) -> EmptyResponseMetadataTypeDef: # (1)
...# update_key_description method usage example with argument unpacking
kwargs: UpdateKeyDescriptionRequestTypeDef = { # (1)
"KeyId": ...,
"Description": ...,
}
parent.update_key_description(**kwargs)update_primary_region#
Changes the primary key of a multi-Region key.
Type annotations and code completion for boto3.client("kms").update_primary_region method.
boto3 documentation
# update_primary_region method definition
def update_primary_region(
self,
*,
KeyId: str,
PrimaryRegion: str,
) -> EmptyResponseMetadataTypeDef: # (1)
...# update_primary_region method usage example with argument unpacking
kwargs: UpdatePrimaryRegionRequestTypeDef = { # (1)
"KeyId": ...,
"PrimaryRegion": ...,
}
parent.update_primary_region(**kwargs)verify#
Verifies a digital signature that was generated by the Sign operation.
Type annotations and code completion for boto3.client("kms").verify method.
boto3 documentation
# verify method definition
def verify(
self,
*,
KeyId: str,
Message: BlobTypeDef,
Signature: BlobTypeDef,
SigningAlgorithm: SigningAlgorithmSpecType, # (1)
MessageType: MessageTypeType = ..., # (2)
GrantTokens: Sequence[str] = ...,
DryRun: bool = ...,
) -> VerifyResponseTypeDef: # (3)
...# verify method usage example with argument unpacking
kwargs: VerifyRequestTypeDef = { # (1)
"KeyId": ...,
"Message": ...,
"Signature": ...,
"SigningAlgorithm": ...,
}
parent.verify(**kwargs)verify_mac#
Verifies the hash-based message authentication code (HMAC) for a specified message, HMAC KMS key, and MAC algorithm.
Type annotations and code completion for boto3.client("kms").verify_mac method.
boto3 documentation
# verify_mac method definition
def verify_mac(
self,
*,
Message: BlobTypeDef,
KeyId: str,
MacAlgorithm: MacAlgorithmSpecType, # (1)
Mac: BlobTypeDef,
GrantTokens: Sequence[str] = ...,
DryRun: bool = ...,
) -> VerifyMacResponseTypeDef: # (2)
...# verify_mac method usage example with argument unpacking
kwargs: VerifyMacRequestTypeDef = { # (1)
"Message": ...,
"KeyId": ...,
"MacAlgorithm": ...,
"Mac": ...,
}
parent.verify_mac(**kwargs)get_paginator#
Type annotations and code completion for boto3.client("kms").get_paginator method with overloads.
client.get_paginator("describe_custom_key_stores")-> DescribeCustomKeyStoresPaginatorclient.get_paginator("list_aliases")-> ListAliasesPaginatorclient.get_paginator("list_grants")-> ListGrantsPaginatorclient.get_paginator("list_key_policies")-> ListKeyPoliciesPaginatorclient.get_paginator("list_key_rotations")-> ListKeyRotationsPaginatorclient.get_paginator("list_keys")-> ListKeysPaginatorclient.get_paginator("list_resource_tags")-> ListResourceTagsPaginatorclient.get_paginator("list_retirable_grants")-> ListRetirableGrantsPaginator