com.amazonaws.services.kms.package-info Maven / Gradle / Ivy
/*
* Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
/**
* Key Management Service
*
* Key Management Service (KMS) is an encryption and key management web service. This guide describes the KMS operations
* that you can call programmatically. For general information about KMS, see the Key Management Service Developer Guide .
*
*
*
* KMS has replaced the term customer master key (CMK) with KMS key and KMS key. The concept has
* not changed. To prevent breaking changes, KMS is keeping some variations of this term.
*
*
* Amazon Web Services provides SDKs that consist of libraries and sample code for various programming languages and
* platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs provide a convenient way to create programmatic access
* to KMS and other Amazon Web Services services. For example, the SDKs take care of tasks such as signing requests (see
* below), managing errors, and retrying requests automatically. For more information about the Amazon Web Services
* SDKs, including how to download and install them, see Tools for Amazon Web
* Services.
*
*
*
* We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to KMS.
*
*
* If you need to use FIPS 140-2 validated cryptographic modules when communicating with Amazon Web Services, use the
* FIPS endpoint in your preferred Amazon Web Services Region. For more information about the available FIPS endpoints,
* see Service endpoints in the Key
* Management Service topic of the Amazon Web Services General Reference.
*
*
* All KMS API calls must be signed and be transmitted using Transport Layer Security (TLS). KMS recommends you always
* use the latest supported TLS version. Clients must also support cipher suites with Perfect Forward Secrecy (PFS) such
* as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE). Most modern systems such as
* Java 7 and later support these modes.
*
*
* Signing Requests
*
*
* Requests must be signed using an access key ID and a secret access key. We strongly recommend that you do not use
* your Amazon Web Services account root access key ID and secret access key for everyday work. You can use the access
* key ID and secret access key for an IAM user or you can use the Security Token Service (STS) to generate temporary
* security credentials and use those to sign requests.
*
*
* All KMS requests must be signed with Signature Version 4.
*
*
* Logging API Requests
*
*
* KMS supports CloudTrail, a service that logs Amazon Web Services API calls and related events for your Amazon Web
* Services account and delivers them to an Amazon S3 bucket that you specify. By using the information collected by
* CloudTrail, you can determine what requests were made to KMS, who made the request, when it was made, and so on. To
* learn more about CloudTrail, including how to turn it on and find your log files, see the CloudTrail User Guide.
*
*
* Additional Resources
*
*
* For more information about credentials and request signing, see the following:
*
*
* -
*
* Amazon Web Services Security
* Credentials - This topic provides general information about the types of credentials used to access Amazon Web
* Services.
*
*
* -
*
* Temporary Security
* Credentials - This section of the IAM User Guide describes how to create and use temporary security
* credentials.
*
*
* -
*
* Signature Version 4 Signing
* Process - This set of topics walks you through the process of signing a request using an access key ID and a
* secret access key.
*
*
*
*
* Commonly Used API Operations
*
*
* Of the API operations discussed in this guide, the following will prove the most useful for most applications. You
* will likely perform operations other than these, such as creating keys and assigning policies, by using the console.
*
*
* -
*
* Encrypt
*
*
* -
*
* Decrypt
*
*
* -
*
* GenerateDataKey
*
*
* -
*
*
*
*/
package com.amazonaws.services.kms;