GrantConstraints class
Use this structure to allow cryptographic operations in the grant only when the operation request includes the specified encryption context.
AWS KMS applies the grant constraints only to cryptographic operations that support an encryption context, that is, all cryptographic operations with a symmetric CMK. Grant constraints are not applied to operations that do not support an encryption context, such as cryptographic operations with asymmetric CMKs and management operations, such as DescribeKey or RetireGrant.
However, in a grant constraint, the key in each key-value pair is not case sensitive, but the value is case sensitive.
To avoid confusion, do not use multiple encryption context pairs that differ
only by case. To require a fully case-sensitive encryption context, use the
kms:EncryptionContext: and
kms:EncryptionContextKeys conditions in an IAM or key policy.
For details, see kms:EncryptionContext:
in the AWS Key Management Service Developer Guide .
Constructors
-
GrantConstraints({Map<
String, String> ? encryptionContextEquals, Map<String, String> ? encryptionContextSubset}) -
GrantConstraints.fromJson(Map<
String, dynamic> json) -
factory
Properties
-
encryptionContextEquals
→ Map<
String, String> ? -
A list of key-value pairs that must match the encryption context in the cryptographic
operation request. The grant allows the operation only when the
encryption context in the request is the same as the encryption context
specified in this constraint.
final
-
encryptionContextSubset
→ Map<
String, String> ? -
A list of key-value pairs that must be included in the encryption context of
the cryptographic
operation request. The grant allows the cryptographic operation only
when the encryption context in the request includes the key-value pairs
specified in this constraint, although it can include additional key-value
pairs.
final
- hashCode → int
-
The hash code for this object.
no setterinherited
- runtimeType → Type
-
A representation of the runtime type of the object.
no setterinherited
Methods
-
noSuchMethod(
Invocation invocation) → dynamic -
Invoked when a nonexistent method or property is accessed.
inherited
-
toJson(
) → Map< String, dynamic> -
toString(
) → String -
A string representation of this object.
inherited
Operators
-
operator ==(
Object other) → bool -
The equality operator.
inherited