Encryption.KmsKMS options for ordinary and dual-layer KMS object encryption.
bucket_key_enabled applies to ordinary SSE-KMS destinations. DSSE-KMS request builders reject bucket-key settings because S3 does not support S3 bucket keys for dual-layer KMS encryption.
val create :
?key_id:string ->
?bucket_key_enabled:bool ->
unit ->
(t, Awskit.Error.t) Stdlib.resultBuild KMS encryption options. key_id, when present, must be a valid HTTP header value.
val create_exn : ?key_id:string -> ?bucket_key_enabled:bool -> unit -> tLike create, but raises Awskit.Error.Awskit_error carrying the structured validation error on validation failure.
val key_id : t -> string optionReturn the optional KMS key id.
val bucket_key_enabled : t -> bool optionReturn the optional S3 bucket-key setting.