Class: Aws::KMS::Types::GenerateDataKeyWithoutPlaintextRequest

Inherits:

Struct

• Object
• Struct
• Aws::KMS::Types::GenerateDataKeyWithoutPlaintextRequest

Defined in:

(unknown)

Overview

Note:

When passing GenerateDataKeyWithoutPlaintextRequest as input to an Aws::Client method, you can use a vanilla Hash:

{
  key_id: "KeyIdType", # required
  encryption_context: {
    "EncryptionContextKey" => "EncryptionContextValue",
  },
  key_spec: "AES_256", # accepts AES_256, AES_128
  number_of_bytes: 1,
  grant_tokens: ["GrantTokenType"],
}

See Also:

• AWS API Documentation

Instance Attribute Summary

• #encryption_context ⇒ Hash<String,String>

  Specifies the encryption context that will be used when encrypting the data key.

• #grant_tokens ⇒ Array<String>

  A list of grant tokens.

• #key_id ⇒ String

  The identifier of the symmetric customer master key (CMK) that encrypts the data key.

• #key_spec ⇒ String

  The length of the data key.

• #number_of_bytes ⇒ Integer

  The length of the data key in bytes.

Instance Attribute Details

#encryption_context ⇒ Hash<String,String>

Specifies the encryption context that will be used when encrypting the data key.

An encryption context is a collection of non-secret key-value pairs that represents additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is optional when encrypting with a symmetric CMK, but it is highly recommended.

For more information, see Encryption Context in the AWS Key Management Service Developer Guide.

Returns:

• (Hash<String,String>) —

  Specifies the encryption context that will be used when encrypting the data key.

#grant_tokens ⇒ Array<String>

A list of grant tokens.

For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.

Returns:

• (Array<String>) —

  A list of grant tokens.

#key_id ⇒ String

The identifier of the symmetric customer master key (CMK) that encrypts the data key.

To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or alias ARN.

For example:

• Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

• Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

• Alias name: alias/ExampleAlias

• Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.

Returns:

• (String) —

  The identifier of the symmetric customer master key (CMK) that encrypts the data key.

#key_spec ⇒ String

The length of the data key. Use AES_128 to generate a 128-bit symmetric key, or AES_256 to generate a 256-bit symmetric key.

Possible values:

• AES_256
• AES_128

Returns:

• (String) —

  The length of the data key.

#number_of_bytes ⇒ Integer

The length of the data key in bytes. For example, use the value 64 to generate a 512-bit data key (64 bytes is 512 bits). For common key lengths (128-bit and 256-bit symmetric keys), we recommend that you use the KeySpec field instead of this one.

Returns:

• (Integer) —

  The length of the data key in bytes.