pub struct Manager {
pub region: String,
pub cli: Client,
}Expand description
Implements AWS KMS manager.
Fields§
§region: String§cli: ClientImplementations§
Source§impl Manager
impl Manager
pub fn new(shared_config: &AwsSdkConfig) -> Self
Sourcepub async fn create_key(
&self,
key_spec: KeySpec,
key_usage: KeyUsageType,
tags: Option<HashMap<String, String>>,
multi_region: bool,
) -> Result<Key>
pub async fn create_key( &self, key_spec: KeySpec, key_usage: KeyUsageType, tags: Option<HashMap<String, String>>, multi_region: bool, ) -> Result<Key>
Creates an AWS KMS CMK. Set the tag “Name” with the name value for more descriptive key creation. ref. https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html
Sourcepub async fn create_grant_for_encrypt_decrypt(
&self,
key_id: &str,
grantee_principal: &str,
) -> Result<(String, String)>
pub async fn create_grant_for_encrypt_decrypt( &self, key_id: &str, grantee_principal: &str, ) -> Result<(String, String)>
Creates a KMS grant for encrypt and decrypt. And returns the grant Id and token. ref. https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html
Sourcepub async fn create_grant_for_sign_reads(
&self,
key_id: &str,
grantee_principal: &str,
) -> Result<(String, String)>
pub async fn create_grant_for_sign_reads( &self, key_id: &str, grantee_principal: &str, ) -> Result<(String, String)>
Creates a KMS grant for Sign, DescribeKey, and GetPublicKey operations. And returns the grant Id and token. Note that “GetPublicKey” are not supported when creating a grant for a symmetric KMS. ref. https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html
Sourcepub async fn revoke_grant(&self, key_id: &str, grant_id: &str) -> Result<()>
pub async fn revoke_grant(&self, key_id: &str, grant_id: &str) -> Result<()>
Revokes a KMS grant. ref. https://docs.aws.amazon.com/kms/latest/APIReference/API_RevokeGrant.html
Sourcepub async fn describe_key(
&self,
key_arn: &str,
) -> Result<(String, DescribeKeyOutput)>
pub async fn describe_key( &self, key_arn: &str, ) -> Result<(String, DescribeKeyOutput)>
Sourcepub async fn get_public_key(&self, key_arn: &str) -> Result<GetPublicKeyOutput>
pub async fn get_public_key(&self, key_arn: &str) -> Result<GetPublicKeyOutput>
Sourcepub async fn create_symmetric_default_key(
&self,
name: &str,
multi_region: bool,
) -> Result<Key>
pub async fn create_symmetric_default_key( &self, name: &str, multi_region: bool, ) -> Result<Key>
Creates a default symmetric AWS KMS CMK. ref. https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html
Sourcepub async fn sign_digest_secp256k1_ecdsa_sha256(
&self,
key_arn: &str,
digest: &[u8],
grant_token: Option<String>,
) -> Result<Vec<u8>>
pub async fn sign_digest_secp256k1_ecdsa_sha256( &self, key_arn: &str, digest: &[u8], grant_token: Option<String>, ) -> Result<Vec<u8>>
Signs the 32-byte SHA256 output message with the ECDSA private key and the recoverable code. Make sure to use key ARN in case sign happens cross-account with a grant token. ref. https://docs.aws.amazon.com/kms/latest/APIReference/API_Sign.html
Sourcepub async fn schedule_to_delete(
&self,
key_arn: &str,
pending_window_in_days: i32,
) -> Result<()>
pub async fn schedule_to_delete( &self, key_arn: &str, pending_window_in_days: i32, ) -> Result<()>
Schedules to delete a KMS CMK. Pass either CMK Id or Arn. The minimum pending window days are 7.
Sourcepub async fn encrypt(
&self,
key_id: &str,
spec: Option<EncryptionAlgorithmSpec>,
plaintext: Vec<u8>,
) -> Result<Vec<u8>>
pub async fn encrypt( &self, key_id: &str, spec: Option<EncryptionAlgorithmSpec>, plaintext: Vec<u8>, ) -> Result<Vec<u8>>
Encrypts data. The maximum size of the data KMS can encrypt is 4096 bytes for “SYMMETRIC_DEFAULT” encryption algorithm. To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. ref. https://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html
Sourcepub async fn decrypt(
&self,
key_id: &str,
spec: Option<EncryptionAlgorithmSpec>,
ciphertext: Vec<u8>,
) -> Result<Vec<u8>>
pub async fn decrypt( &self, key_id: &str, spec: Option<EncryptionAlgorithmSpec>, ciphertext: Vec<u8>, ) -> Result<Vec<u8>>
Decrypts data. The maximum length of “ciphertext” is 6144 bytes. ref. https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html
Sourcepub async fn encrypt_file(
&self,
key_id: &str,
spec: Option<EncryptionAlgorithmSpec>,
src_file: &str,
dst_file: &str,
) -> Result<()>
pub async fn encrypt_file( &self, key_id: &str, spec: Option<EncryptionAlgorithmSpec>, src_file: &str, dst_file: &str, ) -> Result<()>
Encrypts data from a file and save the ciphertext to the other file.
Sourcepub async fn decrypt_file(
&self,
key_id: &str,
spec: Option<EncryptionAlgorithmSpec>,
src_file: &str,
dst_file: &str,
) -> Result<()>
pub async fn decrypt_file( &self, key_id: &str, spec: Option<EncryptionAlgorithmSpec>, src_file: &str, dst_file: &str, ) -> Result<()>
Decrypts data from a file and save the plaintext to the other file.
Sourcepub async fn generate_data_key(
&self,
key_id: &str,
spec: Option<DataKeySpec>,
) -> Result<DEK>
pub async fn generate_data_key( &self, key_id: &str, spec: Option<DataKeySpec>, ) -> Result<DEK>
Generates a data-encryption key. The default key spec is AES_256 generate a 256-bit symmetric key. ref. https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey.html
Trait Implementations§
Auto Trait Implementations§
impl Freeze for Manager
impl !RefUnwindSafe for Manager
impl Send for Manager
impl Sync for Manager
impl Unpin for Manager
impl UnsafeUnpin for Manager
impl !UnwindSafe for Manager
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
Source§impl<T> Instrument for T
impl<T> Instrument for T
Source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
Source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
Source§impl<T> IntoEither for T
impl<T> IntoEither for T
Source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
self into a Left variant of Either<Self, Self>
if into_left is true.
Converts self into a Right variant of Either<Self, Self>
otherwise. Read moreSource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
self into a Left variant of Either<Self, Self>
if into_left(&self) returns true.
Converts self into a Right variant of Either<Self, Self>
otherwise. Read more