class Aws::KMS::Types::EncryptRequest
@note When making an API call, you may pass EncryptRequest
data as a hash: { key_id: "KeyIdType", # required plaintext: "data", # required encryption_context: { "EncryptionContextKey" => "EncryptionContextValue", }, grant_tokens: ["GrantTokenType"], encryption_algorithm: "SYMMETRIC_DEFAULT", # accepts SYMMETRIC_DEFAULT, RSAES_OAEP_SHA_1, RSAES_OAEP_SHA_256 }
@!attribute [rw] key_id
Identifies the KMS key to use in the encryption operation. To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with `"alias/"`. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN. For example: * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab` * Key ARN: `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab` * Alias name: `alias/ExampleAlias` * Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias` To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases. @return [String]
@!attribute [rw] plaintext
Data to be encrypted. @return [String]
@!attribute [rw] encryption_context
Specifies the encryption context that will be used to encrypt the data. An encryption context is valid only for [cryptographic operations][1] with a symmetric KMS key. The standard asymmetric encryption algorithms that KMS uses do not support an encryption context. An *encryption context* is a collection of non-secret key-value pairs that represents additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is optional when encrypting with a symmetric KMS key, but it is highly recommended. For more information, see [Encryption Context][2] in the *Key Management Service Developer Guide*. [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context @return [Hash<String,String>]
@!attribute [rw] grant_tokens
A list of grant tokens. Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved *eventual consistency*. For more information, see [Grant token][1] and [Using a grant token][2] in the *Key Management Service Developer Guide*. [1]: https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token [2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token @return [Array<String>]
@!attribute [rw] encryption_algorithm
Specifies the encryption algorithm that KMS will use to encrypt the plaintext message. The algorithm must be compatible with the KMS key that you specify. This parameter is required only for asymmetric KMS keys. The default value, `SYMMETRIC_DEFAULT`, is the algorithm used for symmetric KMS keys. If you are using an asymmetric KMS key, we recommend RSAES\_OAEP\_SHA\_256. @return [String]
@see docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EncryptRequest AWS API Documentation
Constants
- SENSITIVE