@aws-sdk/client-keyspaces

EncryptionSpecification Interface

Amazon Keyspaces encrypts and decrypts the table data at rest transparently and integrates with Key Management Service for storing and managing the encryption key. You can choose one of the following KMS keys (KMS keys):

  • Amazon Web Services owned key - This is the default encryption type. The key is owned by Amazon Keyspaces (no additional charge).

  • Customer managed key - This key is stored in your account and is created, owned, and managed by you. You have full control over the customer managed key (KMS charges apply).

For more information about encryption at rest in Amazon Keyspaces, see Encryption at rest  in the Amazon Keyspaces Developer Guide.

For more information about KMS, see KMS management service concepts  in the Key Management Service Developer Guide.

Members

Name
Type
Details
type RequiredEncryptionType | undefined

The encryption option specified for the table. You can choose one of the following KMS keys (KMS keys):

  • type:AWS_OWNED_KMS_KEY - This key is owned by Amazon Keyspaces.

  • type:CUSTOMER_MANAGED_KMS_KEY - This key is stored in your account and is created, owned, and managed by you. This option requires the kms_key_identifier of the KMS key in Amazon Resource Name (ARN) format as input.

The default is type:AWS_OWNED_KMS_KEY.

For more information, see Encryption at rest  in the Amazon Keyspaces Developer Guide.

kmsKeyIdentifier string | undefined

The Amazon Resource Name (ARN) of the customer managed KMS key, for example kms_key_identifier:ARN.

Full Signature

export interface EncryptionSpecification