class Aws::KMS::Types::GenerateDataKeyWithoutPlaintextRequest
@note When making an API call, you may pass GenerateDataKeyWithoutPlaintextRequest
data as a hash: { key_id: "KeyIdType", # required encryption_context: { "EncryptionContextKey" => "EncryptionContextValue", }, key_spec: "AES_256", # accepts AES_256, AES_128 number_of_bytes: 1, grant_tokens: ["GrantTokenType"], }
@!attribute [rw] key_id
The identifier of the symmetric KMS key that encrypts the data key. To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with `"alias/"`. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN. For example: * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab` * Key ARN: `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab` * Alias name: `alias/ExampleAlias` * Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias` To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases. @return [String]
@!attribute [rw] encryption_context
Specifies the encryption context that will be used when encrypting the data key. An *encryption context* is a collection of non-secret key-value pairs that represents additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is optional when encrypting with a symmetric KMS key, but it is highly recommended. For more information, see [Encryption Context][1] in the *Key Management Service Developer Guide*. [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context @return [Hash<String,String>]
@!attribute [rw] key_spec
The length of the data key. Use `AES_128` to generate a 128-bit symmetric key, or `AES_256` to generate a 256-bit symmetric key. @return [String]
@!attribute [rw] number_of_bytes
The length of the data key in bytes. For example, use the value 64 to generate a 512-bit data key (64 bytes is 512 bits). For common key lengths (128-bit and 256-bit symmetric keys), we recommend that you use the `KeySpec` field instead of this one. @return [Integer]
@!attribute [rw] grant_tokens
A list of grant tokens. Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved *eventual consistency*. For more information, see [Grant token][1] and [Using a grant token][2] in the *Key Management Service Developer Guide*. [1]: https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token [2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token @return [Array<String>]
@see docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintextRequest AWS API Documentation
Constants
- SENSITIVE