com.amazonaws.services.kms.AWSKMSAsync Maven / Gradle / Ivy
Show all versions of aws-java-sdk-kms Show documentation
/*
* Copyright 2011-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not
* use this file except in compliance with the License. A copy of the License is
* located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
package com.amazonaws.services.kms;
import com.amazonaws.services.kms.model.*;
/**
* Interface for accessing KMS asynchronously. Each asynchronous method will
* return a Java Future object representing the asynchronous operation;
* overloads which accept an {@code AsyncHandler} can be used to receive
* notification when an asynchronous operation completes.
*
* AWS Key Management Service
*
* AWS Key Management Service (AWS KMS) is an encryption and key management web
* service. This guide describes the AWS KMS operations that you can call
* programmatically. For general information about AWS KMS, see the AWS Key
* Management Service Developer Guide.
*
*
*
* AWS provides SDKs that consist of libraries and sample code for various
* programming languages and platforms (Java, Ruby, .Net, iOS, Android, etc.).
* The SDKs provide a convenient way to create programmatic access to AWS KMS
* and other AWS services. For example, the SDKs take care of tasks such as
* signing requests (see below), managing errors, and retrying requests
* automatically. For more information about the AWS SDKs, including how to
* download and install them, see Tools
* for Amazon Web Services.
*
*
*
* We recommend that you use the AWS SDKs to make programmatic API calls to AWS
* KMS.
*
*
* Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS
* 1.2. Clients must also support cipher suites with Perfect Forward Secrecy
* (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral
* Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support
* these modes.
*
*
* Signing Requests
*
*
* Requests must be signed by using an access key ID and a secret access key. We
* strongly recommend that you do not use your AWS account (root) access
* key ID and secret key for everyday work with AWS KMS. Instead, use the access
* key ID and secret access key for an IAM user, or you can use the AWS Security
* Token Service to generate temporary security credentials that you can use to
* sign requests.
*
*
* All AWS KMS operations require Signature Version 4.
*
*
* Logging API Requests
*
*
* AWS KMS supports AWS CloudTrail, a service that logs AWS API calls and
* related events for your AWS account and delivers them to an Amazon S3 bucket
* that you specify. By using the information collected by CloudTrail, you can
* determine what requests were made to AWS KMS, who made the request, when it
* was made, and so on. To learn more about CloudTrail, including how to turn it
* on and find your log files, see the AWS
* CloudTrail User Guide.
*
*
* Additional Resources
*
*
* For more information about credentials and request signing, see the
* following:
*
*
* -
*
* AWS Security Credentials - This topic provides general information about
* the types of credentials used for accessing AWS.
*
*
* -
*
* Temporary Security Credentials - This section of the IAM User
* Guide describes how to create and use temporary security credentials.
*
*
* -
*
* Signature Version 4 Signing Process - This set of topics walks you
* through the process of signing a request using an access key ID and a secret
* access key.
*
*
*
*
* Commonly Used APIs
*
*
* Of the APIs discussed in this guide, the following will prove the most useful
* for most applications. You will likely perform actions other than these, such
* as creating keys and assigning policies, by using the console.
*
*
* -
*
* Encrypt
*
*
* -
*
* Decrypt
*
*
* -
*
* GenerateDataKey
*
*
* -
*
*
*
*/
public interface AWSKMSAsync extends AWSKMS {
/**
*
* Cancels the deletion of a customer master key (CMK). When this operation
* is successful, the CMK is set to the Disabled state. To
* enable a CMK, use EnableKey.
*
*
* For more information about scheduling and canceling deletion of a CMK,
* see Deleting Customer Master Keys in the AWS Key Management Service
* Developer Guide.
*
*
* @param cancelKeyDeletionRequest
* @return A Java Future containing the result of the CancelKeyDeletion
* operation returned by the service.
* @sample AWSKMSAsync.CancelKeyDeletion
*/
java.util.concurrent.Future cancelKeyDeletionAsync(
CancelKeyDeletionRequest cancelKeyDeletionRequest);
/**
*
* Cancels the deletion of a customer master key (CMK). When this operation
* is successful, the CMK is set to the Disabled state. To
* enable a CMK, use EnableKey.
*
*
* For more information about scheduling and canceling deletion of a CMK,
* see Deleting Customer Master Keys in the AWS Key Management Service
* Developer Guide.
*
*
* @param cancelKeyDeletionRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the CancelKeyDeletion
* operation returned by the service.
* @sample AWSKMSAsyncHandler.CancelKeyDeletion
*/
java.util.concurrent.Future cancelKeyDeletionAsync(
CancelKeyDeletionRequest cancelKeyDeletionRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Creates a display name for a customer master key. An alias can be used to
* identify a key and should be unique. The console enforces a one-to-one
* mapping between the alias and a key. An alias name can contain only
* alphanumeric characters, forward slashes (/), underscores (_), and dashes
* (-). An alias must start with the word "alias" followed by a forward
* slash (alias/). An alias that begins with "aws" after the forward slash
* (alias/aws...) is reserved by Amazon Web Services (AWS).
*
*
* The alias and the key it is mapped to must be in the same AWS account and
* the same region.
*
*
* To map an alias to a different key, call UpdateAlias.
*
*
* @param createAliasRequest
* @return A Java Future containing the result of the CreateAlias operation
* returned by the service.
* @sample AWSKMSAsync.CreateAlias
*/
java.util.concurrent.Future createAliasAsync(
CreateAliasRequest createAliasRequest);
/**
*
* Creates a display name for a customer master key. An alias can be used to
* identify a key and should be unique. The console enforces a one-to-one
* mapping between the alias and a key. An alias name can contain only
* alphanumeric characters, forward slashes (/), underscores (_), and dashes
* (-). An alias must start with the word "alias" followed by a forward
* slash (alias/). An alias that begins with "aws" after the forward slash
* (alias/aws...) is reserved by Amazon Web Services (AWS).
*
*
* The alias and the key it is mapped to must be in the same AWS account and
* the same region.
*
*
* To map an alias to a different key, call UpdateAlias.
*
*
* @param createAliasRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the CreateAlias operation
* returned by the service.
* @sample AWSKMSAsyncHandler.CreateAlias
*/
java.util.concurrent.Future createAliasAsync(
CreateAliasRequest createAliasRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Adds a grant to a key to specify who can use the key and under what
* conditions. Grants are alternate permission mechanisms to key policies.
*
*
* For more information about grants, see Grants in the AWS Key Management Service Developer Guide.
*
*
* @param createGrantRequest
* @return A Java Future containing the result of the CreateGrant operation
* returned by the service.
* @sample AWSKMSAsync.CreateGrant
*/
java.util.concurrent.Future createGrantAsync(
CreateGrantRequest createGrantRequest);
/**
*
* Adds a grant to a key to specify who can use the key and under what
* conditions. Grants are alternate permission mechanisms to key policies.
*
*
* For more information about grants, see Grants in the AWS Key Management Service Developer Guide.
*
*
* @param createGrantRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the CreateGrant operation
* returned by the service.
* @sample AWSKMSAsyncHandler.CreateGrant
*/
java.util.concurrent.Future createGrantAsync(
CreateGrantRequest createGrantRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Creates a customer master key (CMK).
*
*
* You can use a CMK to encrypt small amounts of data (4 KiB or less)
* directly, but CMKs are more commonly used to encrypt data encryption keys
* (DEKs), which are used to encrypt raw data. For more information about
* DEKs and the difference between CMKs and DEKs, see the following:
*
*
* -
*
* The GenerateDataKey operation
*
*
* -
*
* AWS
* Key Management Service Concepts in the AWS Key Management Service
* Developer Guide
*
*
*
*
* @param createKeyRequest
* @return A Java Future containing the result of the CreateKey operation
* returned by the service.
* @sample AWSKMSAsync.CreateKey
*/
java.util.concurrent.Future createKeyAsync(
CreateKeyRequest createKeyRequest);
/**
*
* Creates a customer master key (CMK).
*
*
* You can use a CMK to encrypt small amounts of data (4 KiB or less)
* directly, but CMKs are more commonly used to encrypt data encryption keys
* (DEKs), which are used to encrypt raw data. For more information about
* DEKs and the difference between CMKs and DEKs, see the following:
*
*
* -
*
* The GenerateDataKey operation
*
*
* -
*
* AWS
* Key Management Service Concepts in the AWS Key Management Service
* Developer Guide
*
*
*
*
* @param createKeyRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the CreateKey operation
* returned by the service.
* @sample AWSKMSAsyncHandler.CreateKey
*/
java.util.concurrent.Future createKeyAsync(
CreateKeyRequest createKeyRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
* Simplified method form for invoking the CreateKey operation.
*
* @see #createKeyAsync(CreateKeyRequest)
*/
java.util.concurrent.Future createKeyAsync();
/**
* Simplified method form for invoking the CreateKey operation with an
* AsyncHandler.
*
* @see #createKeyAsync(CreateKeyRequest,
* com.amazonaws.handlers.AsyncHandler)
*/
java.util.concurrent.Future createKeyAsync(
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Decrypts ciphertext. Ciphertext is plaintext that has been previously
* encrypted by using any of the following functions:
*
*
* -
*
* GenerateDataKey
*
*
* -
*
*
* -
*
* Encrypt
*
*
*
*
* Note that if a caller has been granted access permissions to all keys
* (through, for example, IAM user policies that grant Decrypt
* permission on all resources), then ciphertext encrypted by using keys in
* other accounts where the key grants access to the caller can be
* decrypted. To remedy this, we recommend that you do not grant
* Decrypt access in an IAM user policy. Instead grant
* Decrypt access only in key policies. If you must grant
* Decrypt access in an IAM user policy, you should scope the
* resource to specific keys or to specific trusted accounts.
*
*
* @param decryptRequest
* @return A Java Future containing the result of the Decrypt operation
* returned by the service.
* @sample AWSKMSAsync.Decrypt
*/
java.util.concurrent.Future decryptAsync(
DecryptRequest decryptRequest);
/**
*
* Decrypts ciphertext. Ciphertext is plaintext that has been previously
* encrypted by using any of the following functions:
*
*
* -
*
* GenerateDataKey
*
*
* -
*
*
* -
*
* Encrypt
*
*
*
*
* Note that if a caller has been granted access permissions to all keys
* (through, for example, IAM user policies that grant Decrypt
* permission on all resources), then ciphertext encrypted by using keys in
* other accounts where the key grants access to the caller can be
* decrypted. To remedy this, we recommend that you do not grant
* Decrypt access in an IAM user policy. Instead grant
* Decrypt access only in key policies. If you must grant
* Decrypt access in an IAM user policy, you should scope the
* resource to specific keys or to specific trusted accounts.
*
*
* @param decryptRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the Decrypt operation
* returned by the service.
* @sample AWSKMSAsyncHandler.Decrypt
*/
java.util.concurrent.Future decryptAsync(
DecryptRequest decryptRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Deletes the specified alias. To map an alias to a different key, call
* UpdateAlias.
*
*
* @param deleteAliasRequest
* @return A Java Future containing the result of the DeleteAlias operation
* returned by the service.
* @sample AWSKMSAsync.DeleteAlias
*/
java.util.concurrent.Future deleteAliasAsync(
DeleteAliasRequest deleteAliasRequest);
/**
*
* Deletes the specified alias. To map an alias to a different key, call
* UpdateAlias.
*
*
* @param deleteAliasRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the DeleteAlias operation
* returned by the service.
* @sample AWSKMSAsyncHandler.DeleteAlias
*/
java.util.concurrent.Future deleteAliasAsync(
DeleteAliasRequest deleteAliasRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Deletes key material that you previously imported and makes the specified
* customer master key (CMK) unusable. For more information about importing
* key material into AWS KMS, see Importing Key Material in the AWS Key Management Service
* Developer Guide.
*
*
* When the specified CMK is in the PendingDeletion state, this
* operation does not change the CMK's state. Otherwise, it changes the
* CMK's state to PendingImport.
*
*
* After you delete key material, you can use ImportKeyMaterial to
* reimport the same key material into the CMK.
*
*
* @param deleteImportedKeyMaterialRequest
* @return A Java Future containing the result of the
* DeleteImportedKeyMaterial operation returned by the service.
* @sample AWSKMSAsync.DeleteImportedKeyMaterial
*/
java.util.concurrent.Future deleteImportedKeyMaterialAsync(
DeleteImportedKeyMaterialRequest deleteImportedKeyMaterialRequest);
/**
*
* Deletes key material that you previously imported and makes the specified
* customer master key (CMK) unusable. For more information about importing
* key material into AWS KMS, see Importing Key Material in the AWS Key Management Service
* Developer Guide.
*
*
* When the specified CMK is in the PendingDeletion state, this
* operation does not change the CMK's state. Otherwise, it changes the
* CMK's state to PendingImport.
*
*
* After you delete key material, you can use ImportKeyMaterial to
* reimport the same key material into the CMK.
*
*
* @param deleteImportedKeyMaterialRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the
* DeleteImportedKeyMaterial operation returned by the service.
* @sample AWSKMSAsyncHandler.DeleteImportedKeyMaterial
*/
java.util.concurrent.Future deleteImportedKeyMaterialAsync(
DeleteImportedKeyMaterialRequest deleteImportedKeyMaterialRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Provides detailed information about the specified customer master key.
*
*
* @param describeKeyRequest
* @return A Java Future containing the result of the DescribeKey operation
* returned by the service.
* @sample AWSKMSAsync.DescribeKey
*/
java.util.concurrent.Future describeKeyAsync(
DescribeKeyRequest describeKeyRequest);
/**
*
* Provides detailed information about the specified customer master key.
*
*
* @param describeKeyRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the DescribeKey operation
* returned by the service.
* @sample AWSKMSAsyncHandler.DescribeKey
*/
java.util.concurrent.Future describeKeyAsync(
DescribeKeyRequest describeKeyRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Sets the state of a customer master key (CMK) to disabled, thereby
* preventing its use for cryptographic operations. For more information
* about how key state affects the use of a CMK, see How
* Key State Affects the Use of a Customer Master Key in the AWS Key
* Management Service Developer Guide.
*
*
* @param disableKeyRequest
* @return A Java Future containing the result of the DisableKey operation
* returned by the service.
* @sample AWSKMSAsync.DisableKey
*/
java.util.concurrent.Future disableKeyAsync(
DisableKeyRequest disableKeyRequest);
/**
*
* Sets the state of a customer master key (CMK) to disabled, thereby
* preventing its use for cryptographic operations. For more information
* about how key state affects the use of a CMK, see How
* Key State Affects the Use of a Customer Master Key in the AWS Key
* Management Service Developer Guide.
*
*
* @param disableKeyRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the DisableKey operation
* returned by the service.
* @sample AWSKMSAsyncHandler.DisableKey
*/
java.util.concurrent.Future disableKeyAsync(
DisableKeyRequest disableKeyRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Disables rotation of the specified key.
*
*
* @param disableKeyRotationRequest
* @return A Java Future containing the result of the DisableKeyRotation
* operation returned by the service.
* @sample AWSKMSAsync.DisableKeyRotation
*/
java.util.concurrent.Future disableKeyRotationAsync(
DisableKeyRotationRequest disableKeyRotationRequest);
/**
*
* Disables rotation of the specified key.
*
*
* @param disableKeyRotationRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the DisableKeyRotation
* operation returned by the service.
* @sample AWSKMSAsyncHandler.DisableKeyRotation
*/
java.util.concurrent.Future disableKeyRotationAsync(
DisableKeyRotationRequest disableKeyRotationRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Marks a key as enabled, thereby permitting its use.
*
*
* @param enableKeyRequest
* @return A Java Future containing the result of the EnableKey operation
* returned by the service.
* @sample AWSKMSAsync.EnableKey
*/
java.util.concurrent.Future enableKeyAsync(
EnableKeyRequest enableKeyRequest);
/**
*
* Marks a key as enabled, thereby permitting its use.
*
*
* @param enableKeyRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the EnableKey operation
* returned by the service.
* @sample AWSKMSAsyncHandler.EnableKey
*/
java.util.concurrent.Future enableKeyAsync(
EnableKeyRequest enableKeyRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Enables rotation of the specified customer master key.
*
*
* @param enableKeyRotationRequest
* @return A Java Future containing the result of the EnableKeyRotation
* operation returned by the service.
* @sample AWSKMSAsync.EnableKeyRotation
*/
java.util.concurrent.Future enableKeyRotationAsync(
EnableKeyRotationRequest enableKeyRotationRequest);
/**
*
* Enables rotation of the specified customer master key.
*
*
* @param enableKeyRotationRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the EnableKeyRotation
* operation returned by the service.
* @sample AWSKMSAsyncHandler.EnableKeyRotation
*/
java.util.concurrent.Future enableKeyRotationAsync(
EnableKeyRotationRequest enableKeyRotationRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Encrypts plaintext into ciphertext by using a customer master key. The
* Encrypt function has two primary use cases:
*
*
* -
*
* You can encrypt up to 4 KB of arbitrary data such as an RSA key, a
* database password, or other sensitive customer information.
*
*
* -
*
* If you are moving encrypted data from one region to another, you can use
* this API to encrypt in the new region the plaintext data key that was
* used to encrypt the data in the original region. This provides you with
* an encrypted copy of the data key that can be decrypted in the new region
* and used there to decrypt the encrypted data.
*
*
*
*
* Unless you are moving encrypted data from one region to another, you
* don't use this function to encrypt a generated data key within a region.
* You retrieve data keys already encrypted by calling the
* GenerateDataKey or GenerateDataKeyWithoutPlaintext
* function. Data keys don't need to be encrypted again by calling
* Encrypt.
*
*
* If you want to encrypt data locally in your application, you can use the
* GenerateDataKey function to return a plaintext data
* encryption key and a copy of the key encrypted under the customer master
* key (CMK) of your choosing.
*
*
* @param encryptRequest
* @return A Java Future containing the result of the Encrypt operation
* returned by the service.
* @sample AWSKMSAsync.Encrypt
*/
java.util.concurrent.Future encryptAsync(
EncryptRequest encryptRequest);
/**
*
* Encrypts plaintext into ciphertext by using a customer master key. The
* Encrypt function has two primary use cases:
*
*
* -
*
* You can encrypt up to 4 KB of arbitrary data such as an RSA key, a
* database password, or other sensitive customer information.
*
*
* -
*
* If you are moving encrypted data from one region to another, you can use
* this API to encrypt in the new region the plaintext data key that was
* used to encrypt the data in the original region. This provides you with
* an encrypted copy of the data key that can be decrypted in the new region
* and used there to decrypt the encrypted data.
*
*
*
*
* Unless you are moving encrypted data from one region to another, you
* don't use this function to encrypt a generated data key within a region.
* You retrieve data keys already encrypted by calling the
* GenerateDataKey or GenerateDataKeyWithoutPlaintext
* function. Data keys don't need to be encrypted again by calling
* Encrypt.
*
*
* If you want to encrypt data locally in your application, you can use the
* GenerateDataKey function to return a plaintext data
* encryption key and a copy of the key encrypted under the customer master
* key (CMK) of your choosing.
*
*
* @param encryptRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the Encrypt operation
* returned by the service.
* @sample AWSKMSAsyncHandler.Encrypt
*/
java.util.concurrent.Future encryptAsync(
EncryptRequest encryptRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Generates a data key that you can use in your application to locally
* encrypt data. This call returns a plaintext version of the key in the
* Plaintext field of the response object and an encrypted copy
* of the key in the CiphertextBlob field. The key is encrypted
* by using the master key specified by the KeyId field. To
* decrypt the encrypted key, pass it to the Decrypt API.
*
*
* We recommend that you use the following pattern to locally encrypt data:
* call the GenerateDataKey API, use the key returned in the
* Plaintext response field to locally encrypt data, and then
* erase the plaintext data key from memory. Store the encrypted data key
* (contained in the CiphertextBlob field) alongside of the
* locally encrypted data.
*
*
*
* You should not call the Encrypt function to re-encrypt your
* data keys within a region. GenerateDataKey always returns
* the data key encrypted and tied to the customer master key that will be
* used to decrypt it. There is no need to decrypt it twice.
*
*
*
* If you decide to use the optional EncryptionContext
* parameter, you must also store the context in full or at least store
* enough information along with the encrypted data to be able to
* reconstruct the context when submitting the ciphertext to the
* Decrypt API. It is a good practice to choose a context that
* you can reconstruct on the fly to better secure the ciphertext. For more
* information about how this parameter is used, see Encryption Context.
*
*
* To decrypt data, pass the encrypted data key to the Decrypt
* API. Decrypt uses the associated master key to decrypt the
* encrypted data key and returns it as plaintext. Use the plaintext data
* key to locally decrypt your data and then erase the key from memory. You
* must specify the encryption context, if any, that you specified when you
* generated the key. The encryption context is logged by CloudTrail, and
* you can use this log to help track the use of particular data.
*
*
* @param generateDataKeyRequest
* @return A Java Future containing the result of the GenerateDataKey
* operation returned by the service.
* @sample AWSKMSAsync.GenerateDataKey
*/
java.util.concurrent.Future generateDataKeyAsync(
GenerateDataKeyRequest generateDataKeyRequest);
/**
*
* Generates a data key that you can use in your application to locally
* encrypt data. This call returns a plaintext version of the key in the
* Plaintext field of the response object and an encrypted copy
* of the key in the CiphertextBlob field. The key is encrypted
* by using the master key specified by the KeyId field. To
* decrypt the encrypted key, pass it to the Decrypt API.
*
*
* We recommend that you use the following pattern to locally encrypt data:
* call the GenerateDataKey API, use the key returned in the
* Plaintext response field to locally encrypt data, and then
* erase the plaintext data key from memory. Store the encrypted data key
* (contained in the CiphertextBlob field) alongside of the
* locally encrypted data.
*
*
*
* You should not call the Encrypt function to re-encrypt your
* data keys within a region. GenerateDataKey always returns
* the data key encrypted and tied to the customer master key that will be
* used to decrypt it. There is no need to decrypt it twice.
*
*
*
* If you decide to use the optional EncryptionContext
* parameter, you must also store the context in full or at least store
* enough information along with the encrypted data to be able to
* reconstruct the context when submitting the ciphertext to the
* Decrypt API. It is a good practice to choose a context that
* you can reconstruct on the fly to better secure the ciphertext. For more
* information about how this parameter is used, see Encryption Context.
*
*
* To decrypt data, pass the encrypted data key to the Decrypt
* API. Decrypt uses the associated master key to decrypt the
* encrypted data key and returns it as plaintext. Use the plaintext data
* key to locally decrypt your data and then erase the key from memory. You
* must specify the encryption context, if any, that you specified when you
* generated the key. The encryption context is logged by CloudTrail, and
* you can use this log to help track the use of particular data.
*
*
* @param generateDataKeyRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the GenerateDataKey
* operation returned by the service.
* @sample AWSKMSAsyncHandler.GenerateDataKey
*/
java.util.concurrent.Future generateDataKeyAsync(
GenerateDataKeyRequest generateDataKeyRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Returns a data key encrypted by a customer master key without the
* plaintext copy of that key. Otherwise, this API functions exactly like
* GenerateDataKey. You can use this API to, for example, satisfy an
* audit requirement that an encrypted key be made available without
* exposing the plaintext copy of that key.
*
*
* @param generateDataKeyWithoutPlaintextRequest
* @return A Java Future containing the result of the
* GenerateDataKeyWithoutPlaintext operation returned by the
* service.
* @sample AWSKMSAsync.GenerateDataKeyWithoutPlaintext
*/
java.util.concurrent.Future generateDataKeyWithoutPlaintextAsync(
GenerateDataKeyWithoutPlaintextRequest generateDataKeyWithoutPlaintextRequest);
/**
*
* Returns a data key encrypted by a customer master key without the
* plaintext copy of that key. Otherwise, this API functions exactly like
* GenerateDataKey. You can use this API to, for example, satisfy an
* audit requirement that an encrypted key be made available without
* exposing the plaintext copy of that key.
*
*
* @param generateDataKeyWithoutPlaintextRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the
* GenerateDataKeyWithoutPlaintext operation returned by the
* service.
* @sample AWSKMSAsyncHandler.GenerateDataKeyWithoutPlaintext
*/
java.util.concurrent.Future generateDataKeyWithoutPlaintextAsync(
GenerateDataKeyWithoutPlaintextRequest generateDataKeyWithoutPlaintextRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Generates an unpredictable byte string.
*
*
* @param generateRandomRequest
* @return A Java Future containing the result of the GenerateRandom
* operation returned by the service.
* @sample AWSKMSAsync.GenerateRandom
*/
java.util.concurrent.Future generateRandomAsync(
GenerateRandomRequest generateRandomRequest);
/**
*
* Generates an unpredictable byte string.
*
*
* @param generateRandomRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the GenerateRandom
* operation returned by the service.
* @sample AWSKMSAsyncHandler.GenerateRandom
*/
java.util.concurrent.Future generateRandomAsync(
GenerateRandomRequest generateRandomRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
* Simplified method form for invoking the GenerateRandom operation.
*
* @see #generateRandomAsync(GenerateRandomRequest)
*/
java.util.concurrent.Future generateRandomAsync();
/**
* Simplified method form for invoking the GenerateRandom operation with an
* AsyncHandler.
*
* @see #generateRandomAsync(GenerateRandomRequest,
* com.amazonaws.handlers.AsyncHandler)
*/
java.util.concurrent.Future generateRandomAsync(
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Retrieves a policy attached to the specified key.
*
*
* @param getKeyPolicyRequest
* @return A Java Future containing the result of the GetKeyPolicy operation
* returned by the service.
* @sample AWSKMSAsync.GetKeyPolicy
*/
java.util.concurrent.Future getKeyPolicyAsync(
GetKeyPolicyRequest getKeyPolicyRequest);
/**
*
* Retrieves a policy attached to the specified key.
*
*
* @param getKeyPolicyRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the GetKeyPolicy operation
* returned by the service.
* @sample AWSKMSAsyncHandler.GetKeyPolicy
*/
java.util.concurrent.Future getKeyPolicyAsync(
GetKeyPolicyRequest getKeyPolicyRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Retrieves a Boolean value that indicates whether key rotation is enabled
* for the specified key.
*
*
* @param getKeyRotationStatusRequest
* @return A Java Future containing the result of the GetKeyRotationStatus
* operation returned by the service.
* @sample AWSKMSAsync.GetKeyRotationStatus
*/
java.util.concurrent.Future getKeyRotationStatusAsync(
GetKeyRotationStatusRequest getKeyRotationStatusRequest);
/**
*
* Retrieves a Boolean value that indicates whether key rotation is enabled
* for the specified key.
*
*
* @param getKeyRotationStatusRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the GetKeyRotationStatus
* operation returned by the service.
* @sample AWSKMSAsyncHandler.GetKeyRotationStatus
*/
java.util.concurrent.Future getKeyRotationStatusAsync(
GetKeyRotationStatusRequest getKeyRotationStatusRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Returns the items you need in order to import key material into AWS KMS
* from your existing key management infrastructure. For more information
* about importing key material into AWS KMS, see Importing Key Material in the AWS Key Management Service
* Developer Guide.
*
*
* You must specify the key ID of the customer master key (CMK) into which
* you will import key material. This CMK's Origin must be
* EXTERNAL. You must also specify the wrapping algorithm and
* type of wrapping key (public key) that you will use to encrypt the key
* material.
*
*
* This operation returns a public key and an import token. Use the public
* key to encrypt the key material. Store the import token to send with a
* subsequent ImportKeyMaterial request. The public key and import
* token from the same response must be used together. These items are valid
* for 24 hours, after which they cannot be used for a subsequent
* ImportKeyMaterial request. To retrieve new ones, send another
* GetParametersForImport request.
*
*
* @param getParametersForImportRequest
* @return A Java Future containing the result of the GetParametersForImport
* operation returned by the service.
* @sample AWSKMSAsync.GetParametersForImport
*/
java.util.concurrent.Future getParametersForImportAsync(
GetParametersForImportRequest getParametersForImportRequest);
/**
*
* Returns the items you need in order to import key material into AWS KMS
* from your existing key management infrastructure. For more information
* about importing key material into AWS KMS, see Importing Key Material in the AWS Key Management Service
* Developer Guide.
*
*
* You must specify the key ID of the customer master key (CMK) into which
* you will import key material. This CMK's Origin must be
* EXTERNAL. You must also specify the wrapping algorithm and
* type of wrapping key (public key) that you will use to encrypt the key
* material.
*
*
* This operation returns a public key and an import token. Use the public
* key to encrypt the key material. Store the import token to send with a
* subsequent ImportKeyMaterial request. The public key and import
* token from the same response must be used together. These items are valid
* for 24 hours, after which they cannot be used for a subsequent
* ImportKeyMaterial request. To retrieve new ones, send another
* GetParametersForImport request.
*
*
* @param getParametersForImportRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the GetParametersForImport
* operation returned by the service.
* @sample AWSKMSAsyncHandler.GetParametersForImport
*/
java.util.concurrent.Future getParametersForImportAsync(
GetParametersForImportRequest getParametersForImportRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Imports key material into an AWS KMS customer master key (CMK) from your
* existing key management infrastructure. For more information about
* importing key material into AWS KMS, see Importing Key Material in the AWS Key Management Service
* Developer Guide.
*
*
* You must specify the key ID of the CMK to import the key material into.
* This CMK's Origin must be EXTERNAL. You must
* also send an import token and the encrypted key material. Send the import
* token that you received in the same GetParametersForImport
* response that contained the public key that you used to encrypt the key
* material. You must also specify whether the key material expires and if
* so, when. When the key material expires, AWS KMS deletes the key material
* and the CMK becomes unusable. To use the CMK again, you can reimport the
* same key material. If you set an expiration date, you can change it only
* by reimporting the same key material and specifying a new expiration
* date.
*
*
* When this operation is successful, the specified CMK's key state changes
* to Enabled, and you can use the CMK.
*
*
* After you successfully import key material into a CMK, you can reimport
* the same key material into that CMK, but you cannot import different key
* material.
*
*
* @param importKeyMaterialRequest
* @return A Java Future containing the result of the ImportKeyMaterial
* operation returned by the service.
* @sample AWSKMSAsync.ImportKeyMaterial
*/
java.util.concurrent.Future importKeyMaterialAsync(
ImportKeyMaterialRequest importKeyMaterialRequest);
/**
*
* Imports key material into an AWS KMS customer master key (CMK) from your
* existing key management infrastructure. For more information about
* importing key material into AWS KMS, see Importing Key Material in the AWS Key Management Service
* Developer Guide.
*
*
* You must specify the key ID of the CMK to import the key material into.
* This CMK's Origin must be EXTERNAL. You must
* also send an import token and the encrypted key material. Send the import
* token that you received in the same GetParametersForImport
* response that contained the public key that you used to encrypt the key
* material. You must also specify whether the key material expires and if
* so, when. When the key material expires, AWS KMS deletes the key material
* and the CMK becomes unusable. To use the CMK again, you can reimport the
* same key material. If you set an expiration date, you can change it only
* by reimporting the same key material and specifying a new expiration
* date.
*
*
* When this operation is successful, the specified CMK's key state changes
* to Enabled, and you can use the CMK.
*
*
* After you successfully import key material into a CMK, you can reimport
* the same key material into that CMK, but you cannot import different key
* material.
*
*
* @param importKeyMaterialRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the ImportKeyMaterial
* operation returned by the service.
* @sample AWSKMSAsyncHandler.ImportKeyMaterial
*/
java.util.concurrent.Future importKeyMaterialAsync(
ImportKeyMaterialRequest importKeyMaterialRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Lists all of the key aliases in the account.
*
*
* @param listAliasesRequest
* @return A Java Future containing the result of the ListAliases operation
* returned by the service.
* @sample AWSKMSAsync.ListAliases
*/
java.util.concurrent.Future listAliasesAsync(
ListAliasesRequest listAliasesRequest);
/**
*
* Lists all of the key aliases in the account.
*
*
* @param listAliasesRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the ListAliases operation
* returned by the service.
* @sample AWSKMSAsyncHandler.ListAliases
*/
java.util.concurrent.Future listAliasesAsync(
ListAliasesRequest listAliasesRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
* Simplified method form for invoking the ListAliases operation.
*
* @see #listAliasesAsync(ListAliasesRequest)
*/
java.util.concurrent.Future listAliasesAsync();
/**
* Simplified method form for invoking the ListAliases operation with an
* AsyncHandler.
*
* @see #listAliasesAsync(ListAliasesRequest,
* com.amazonaws.handlers.AsyncHandler)
*/
java.util.concurrent.Future listAliasesAsync(
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* List the grants for a specified key.
*
*
* @param listGrantsRequest
* @return A Java Future containing the result of the ListGrants operation
* returned by the service.
* @sample AWSKMSAsync.ListGrants
*/
java.util.concurrent.Future listGrantsAsync(
ListGrantsRequest listGrantsRequest);
/**
*
* List the grants for a specified key.
*
*
* @param listGrantsRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the ListGrants operation
* returned by the service.
* @sample AWSKMSAsyncHandler.ListGrants
*/
java.util.concurrent.Future listGrantsAsync(
ListGrantsRequest listGrantsRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Retrieves a list of policies attached to a key.
*
*
* @param listKeyPoliciesRequest
* @return A Java Future containing the result of the ListKeyPolicies
* operation returned by the service.
* @sample AWSKMSAsync.ListKeyPolicies
*/
java.util.concurrent.Future listKeyPoliciesAsync(
ListKeyPoliciesRequest listKeyPoliciesRequest);
/**
*
* Retrieves a list of policies attached to a key.
*
*
* @param listKeyPoliciesRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the ListKeyPolicies
* operation returned by the service.
* @sample AWSKMSAsyncHandler.ListKeyPolicies
*/
java.util.concurrent.Future listKeyPoliciesAsync(
ListKeyPoliciesRequest listKeyPoliciesRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Lists the customer master keys.
*
*
* @param listKeysRequest
* @return A Java Future containing the result of the ListKeys operation
* returned by the service.
* @sample AWSKMSAsync.ListKeys
*/
java.util.concurrent.Future listKeysAsync(
ListKeysRequest listKeysRequest);
/**
*
* Lists the customer master keys.
*
*
* @param listKeysRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the ListKeys operation
* returned by the service.
* @sample AWSKMSAsyncHandler.ListKeys
*/
java.util.concurrent.Future listKeysAsync(
ListKeysRequest listKeysRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
* Simplified method form for invoking the ListKeys operation.
*
* @see #listKeysAsync(ListKeysRequest)
*/
java.util.concurrent.Future listKeysAsync();
/**
* Simplified method form for invoking the ListKeys operation with an
* AsyncHandler.
*
* @see #listKeysAsync(ListKeysRequest, com.amazonaws.handlers.AsyncHandler)
*/
java.util.concurrent.Future listKeysAsync(
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Returns a list of all grants for which the grant's
* RetiringPrincipal matches the one specified.
*
*
* A typical use is to list all grants that you are able to retire. To
* retire a grant, use RetireGrant.
*
*
* @param listRetirableGrantsRequest
* @return A Java Future containing the result of the ListRetirableGrants
* operation returned by the service.
* @sample AWSKMSAsync.ListRetirableGrants
*/
java.util.concurrent.Future listRetirableGrantsAsync(
ListRetirableGrantsRequest listRetirableGrantsRequest);
/**
*
* Returns a list of all grants for which the grant's
* RetiringPrincipal matches the one specified.
*
*
* A typical use is to list all grants that you are able to retire. To
* retire a grant, use RetireGrant.
*
*
* @param listRetirableGrantsRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the ListRetirableGrants
* operation returned by the service.
* @sample AWSKMSAsyncHandler.ListRetirableGrants
*/
java.util.concurrent.Future listRetirableGrantsAsync(
ListRetirableGrantsRequest listRetirableGrantsRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Attaches a key policy to the specified customer master key (CMK).
*
*
* For more information about key policies, see Key Policies in the AWS Key Management Service Developer
* Guide.
*
*
* @param putKeyPolicyRequest
* @return A Java Future containing the result of the PutKeyPolicy operation
* returned by the service.
* @sample AWSKMSAsync.PutKeyPolicy
*/
java.util.concurrent.Future putKeyPolicyAsync(
PutKeyPolicyRequest putKeyPolicyRequest);
/**
*
* Attaches a key policy to the specified customer master key (CMK).
*
*
* For more information about key policies, see Key Policies in the AWS Key Management Service Developer
* Guide.
*
*
* @param putKeyPolicyRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the PutKeyPolicy operation
* returned by the service.
* @sample AWSKMSAsyncHandler.PutKeyPolicy
*/
java.util.concurrent.Future putKeyPolicyAsync(
PutKeyPolicyRequest putKeyPolicyRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Encrypts data on the server side with a new customer master key without
* exposing the plaintext of the data on the client side. The data is first
* decrypted and then encrypted. This operation can also be used to change
* the encryption context of a ciphertext.
*
*
* Unlike other actions, ReEncrypt is authorized twice - once
* as ReEncryptFrom on the source key and once as
* ReEncryptTo on the destination key. We therefore recommend
* that you include the "action":"kms:ReEncrypt*" statement in
* your key policies to permit re-encryption from or to the key. The
* statement is included automatically when you authorize use of the key
* through the console but must be included manually when you set a policy
* by using the PutKeyPolicy function.
*
*
* @param reEncryptRequest
* @return A Java Future containing the result of the ReEncrypt operation
* returned by the service.
* @sample AWSKMSAsync.ReEncrypt
*/
java.util.concurrent.Future reEncryptAsync(
ReEncryptRequest reEncryptRequest);
/**
*
* Encrypts data on the server side with a new customer master key without
* exposing the plaintext of the data on the client side. The data is first
* decrypted and then encrypted. This operation can also be used to change
* the encryption context of a ciphertext.
*
*
* Unlike other actions, ReEncrypt is authorized twice - once
* as ReEncryptFrom on the source key and once as
* ReEncryptTo on the destination key. We therefore recommend
* that you include the "action":"kms:ReEncrypt*" statement in
* your key policies to permit re-encryption from or to the key. The
* statement is included automatically when you authorize use of the key
* through the console but must be included manually when you set a policy
* by using the PutKeyPolicy function.
*
*
* @param reEncryptRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the ReEncrypt operation
* returned by the service.
* @sample AWSKMSAsyncHandler.ReEncrypt
*/
java.util.concurrent.Future reEncryptAsync(
ReEncryptRequest reEncryptRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Retires a grant. You can retire a grant when you're done using it to
* clean up. You should revoke a grant when you intend to actively deny
* operations that depend on it. The following are permitted to call this
* API:
*
*
* -
*
* The account that created the grant
*
*
* -
*
* The RetiringPrincipal, if present
*
*
* -
*
* The GranteePrincipal, if RetireGrant is a
* grantee operation
*
*
*
*
* The grant to retire must be identified by its grant token or by a
* combination of the key ARN and the grant ID. A grant token is a unique
* variable-length base64-encoded string. A grant ID is a 64 character
* unique identifier of a grant. Both are returned by the
* CreateGrant function.
*
*
* @param retireGrantRequest
* @return A Java Future containing the result of the RetireGrant operation
* returned by the service.
* @sample AWSKMSAsync.RetireGrant
*/
java.util.concurrent.Future retireGrantAsync(
RetireGrantRequest retireGrantRequest);
/**
*
* Retires a grant. You can retire a grant when you're done using it to
* clean up. You should revoke a grant when you intend to actively deny
* operations that depend on it. The following are permitted to call this
* API:
*
*
* -
*
* The account that created the grant
*
*
* -
*
* The RetiringPrincipal, if present
*
*
* -
*
* The GranteePrincipal, if RetireGrant is a
* grantee operation
*
*
*
*
* The grant to retire must be identified by its grant token or by a
* combination of the key ARN and the grant ID. A grant token is a unique
* variable-length base64-encoded string. A grant ID is a 64 character
* unique identifier of a grant. Both are returned by the
* CreateGrant function.
*
*
* @param retireGrantRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the RetireGrant operation
* returned by the service.
* @sample AWSKMSAsyncHandler.RetireGrant
*/
java.util.concurrent.Future retireGrantAsync(
RetireGrantRequest retireGrantRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
* Simplified method form for invoking the RetireGrant operation.
*
* @see #retireGrantAsync(RetireGrantRequest)
*/
java.util.concurrent.Future retireGrantAsync();
/**
* Simplified method form for invoking the RetireGrant operation with an
* AsyncHandler.
*
* @see #retireGrantAsync(RetireGrantRequest,
* com.amazonaws.handlers.AsyncHandler)
*/
java.util.concurrent.Future retireGrantAsync(
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Revokes a grant. You can revoke a grant to actively deny operations that
* depend on it.
*
*
* @param revokeGrantRequest
* @return A Java Future containing the result of the RevokeGrant operation
* returned by the service.
* @sample AWSKMSAsync.RevokeGrant
*/
java.util.concurrent.Future revokeGrantAsync(
RevokeGrantRequest revokeGrantRequest);
/**
*
* Revokes a grant. You can revoke a grant to actively deny operations that
* depend on it.
*
*
* @param revokeGrantRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the RevokeGrant operation
* returned by the service.
* @sample AWSKMSAsyncHandler.RevokeGrant
*/
java.util.concurrent.Future revokeGrantAsync(
RevokeGrantRequest revokeGrantRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Schedules the deletion of a customer master key (CMK). You may provide a
* waiting period, specified in days, before deletion occurs. If you do not
* provide a waiting period, the default period of 30 days is used. When
* this operation is successful, the state of the CMK changes to
* PendingDeletion. Before the waiting period ends, you can use
* CancelKeyDeletion to cancel the deletion of the CMK. After the
* waiting period ends, AWS KMS deletes the CMK and all AWS KMS data
* associated with it, including all aliases that point to it.
*
*
*
* Deleting a CMK is a destructive and potentially dangerous operation. When
* a CMK is deleted, all data that was encrypted under the CMK is rendered
* unrecoverable. To restrict the use of a CMK without deleting it, use
* DisableKey.
*
*
*
* For more information about scheduling a CMK for deletion, see Deleting Customer Master Keys in the AWS Key Management Service
* Developer Guide.
*
*
* @param scheduleKeyDeletionRequest
* @return A Java Future containing the result of the ScheduleKeyDeletion
* operation returned by the service.
* @sample AWSKMSAsync.ScheduleKeyDeletion
*/
java.util.concurrent.Future scheduleKeyDeletionAsync(
ScheduleKeyDeletionRequest scheduleKeyDeletionRequest);
/**
*
* Schedules the deletion of a customer master key (CMK). You may provide a
* waiting period, specified in days, before deletion occurs. If you do not
* provide a waiting period, the default period of 30 days is used. When
* this operation is successful, the state of the CMK changes to
* PendingDeletion. Before the waiting period ends, you can use
* CancelKeyDeletion to cancel the deletion of the CMK. After the
* waiting period ends, AWS KMS deletes the CMK and all AWS KMS data
* associated with it, including all aliases that point to it.
*
*
*
* Deleting a CMK is a destructive and potentially dangerous operation. When
* a CMK is deleted, all data that was encrypted under the CMK is rendered
* unrecoverable. To restrict the use of a CMK without deleting it, use
* DisableKey.
*
*
*
* For more information about scheduling a CMK for deletion, see Deleting Customer Master Keys in the AWS Key Management Service
* Developer Guide.
*
*
* @param scheduleKeyDeletionRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the ScheduleKeyDeletion
* operation returned by the service.
* @sample AWSKMSAsyncHandler.ScheduleKeyDeletion
*/
java.util.concurrent.Future scheduleKeyDeletionAsync(
ScheduleKeyDeletionRequest scheduleKeyDeletionRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Updates an alias to map it to a different key.
*
*
* An alias is not a property of a key. Therefore, an alias can be mapped to
* and unmapped from an existing key without changing the properties of the
* key.
*
*
* An alias name can contain only alphanumeric characters, forward slashes
* (/), underscores (_), and dashes (-). An alias must start with the word
* "alias" followed by a forward slash (alias/). An alias that begins with
* "aws" after the forward slash (alias/aws...) is reserved by Amazon Web
* Services (AWS).
*
*
* The alias and the key it is mapped to must be in the same AWS account and
* the same region.
*
*
* @param updateAliasRequest
* @return A Java Future containing the result of the UpdateAlias operation
* returned by the service.
* @sample AWSKMSAsync.UpdateAlias
*/
java.util.concurrent.Future updateAliasAsync(
UpdateAliasRequest updateAliasRequest);
/**
*
* Updates an alias to map it to a different key.
*
*
* An alias is not a property of a key. Therefore, an alias can be mapped to
* and unmapped from an existing key without changing the properties of the
* key.
*
*
* An alias name can contain only alphanumeric characters, forward slashes
* (/), underscores (_), and dashes (-). An alias must start with the word
* "alias" followed by a forward slash (alias/). An alias that begins with
* "aws" after the forward slash (alias/aws...) is reserved by Amazon Web
* Services (AWS).
*
*
* The alias and the key it is mapped to must be in the same AWS account and
* the same region.
*
*
* @param updateAliasRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the UpdateAlias operation
* returned by the service.
* @sample AWSKMSAsyncHandler.UpdateAlias
*/
java.util.concurrent.Future updateAliasAsync(
UpdateAliasRequest updateAliasRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Updates the description of a key.
*
*
* @param updateKeyDescriptionRequest
* @return A Java Future containing the result of the UpdateKeyDescription
* operation returned by the service.
* @sample AWSKMSAsync.UpdateKeyDescription
*/
java.util.concurrent.Future updateKeyDescriptionAsync(
UpdateKeyDescriptionRequest updateKeyDescriptionRequest);
/**
*
* Updates the description of a key.
*
*
* @param updateKeyDescriptionRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the
* request. Users can provide an implementation of the callback
* methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the UpdateKeyDescription
* operation returned by the service.
* @sample AWSKMSAsyncHandler.UpdateKeyDescription
*/
java.util.concurrent.Future updateKeyDescriptionAsync(
UpdateKeyDescriptionRequest updateKeyDescriptionRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
}