import { aws_iam as iam, aws_kms as kms, aws_secretsmanager as secretsManager, aws_ssm as ssm } from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { ICredentialPair } from './credential-pair';
/**
 * The type of the {@link OpenPGPKeyPairProps.removalPolicy} property.
 */
export declare enum OpenPGPKeyPairRemovalPolicy {
    /**
     * Keep the secret when this resource is deleted from the stack.
     * This is the default setting.
     */
    RETAIN = 0,
    /**
     * Remove the secret when this resource is deleted from the stack,
     * but leave a grace period of a few days that allows you to cancel the deletion from the AWS Console.
     */
    DESTROY_SAFELY = 1,
    /**
     * Remove the secret when this resource is deleted from the stack immediately.
     * Note that if you don't have a backup of this key somewhere,
     * this means it will be gone forever!
     */
    DESTROY_IMMEDIATELY = 2
}
interface OpenPGPKeyPairProps {
    /**
     * Identity to put into the key
     */
    identity: string;
    /**
     * Email address to attach to the key
     */
    email: string;
    /**
     * Key size in bits (1024, 2048, 4096)
     */
    keySizeBits: number;
    /**
     * GPG expiry specifier
     *
     * Example: '1y'
     */
    expiry: string;
    /**
     * Name of secret to create in AWS Secrets Manager
     */
    secretName: string;
    /**
     * Name of SSM parameter to store public key
     */
    pubKeyParameterName: string;
    /**
     * KMS Key ARN to use to encrypt Secrets Manager Secret
     */
    encryptionKey?: kms.IKey;
    /**
     * Version of the key
     *
     * Bump this number to regenerate the key
     */
    version: number;
    /**
     * A description to attach to the AWS SecretsManager secret.
     */
    description?: string;
    /**
     * What happens to the SecretsManager secret when this resource is removed from the stack.
     * The default is to keep the secret.
     *
     * @default OpenPGPKeyPairRemovalPolicy.RETAIN
     */
    removalPolicy?: OpenPGPKeyPairRemovalPolicy;
}
/**
 * A PGP key that is stored in Secrets Manager.
 * The SecretsManager secret is by default retained when the resource is deleted,
 * you can change that with the `removalPolicy` property.
 *
 * The string in secrets manager will be a JSON struct of
 *
 * { "PrivateKey": "... ASCII repr of key...", "Passphrase": "passphrase of the key" }
 */
export declare class OpenPGPKeyPair extends Construct implements ICredentialPair {
    readonly principal: ssm.IStringParameter;
    readonly credential: secretsManager.ISecret;
    constructor(parent: Construct, name: string, props: OpenPGPKeyPairProps);
    grantRead(grantee: iam.IPrincipal): void;
}
export {};