class Aws::KMS::Types::GenerateDataKeyWithoutPlaintextRequest

@note When making an API call, you may pass GenerateDataKeyWithoutPlaintextRequest

data as a hash:

    {
      key_id: "KeyIdType", # required
      encryption_context: {
        "EncryptionContextKey" => "EncryptionContextValue",
      },
      key_spec: "AES_256", # accepts AES_256, AES_128
      number_of_bytes: 1,
      grant_tokens: ["GrantTokenType"],
    }

@!attribute [rw] key_id

The identifier of the symmetric KMS key that encrypts the data key.

To specify a KMS key, use its key ID, key ARN, alias name, or alias
ARN. When using an alias name, prefix it with `"alias/"`. To specify
a KMS key in a different Amazon Web Services account, you must use
the key ARN or alias ARN.

For example:

* Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`

* Key ARN:
  `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`

* Alias name: `alias/ExampleAlias`

* Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`

To get the key ID and key ARN for a KMS key, use ListKeys or
DescribeKey. To get the alias name and alias ARN, use ListAliases.
@return [String]

@!attribute [rw] encryption_context

Specifies the encryption context that will be used when encrypting
the data key.

An *encryption context* is a collection of non-secret key-value
pairs that represents additional authenticated data. When you use an
encryption context to encrypt data, you must specify the same (an
exact case-sensitive match) encryption context to decrypt the data.
An encryption context is optional when encrypting with a symmetric
KMS key, but it is highly recommended.

For more information, see [Encryption Context][1] in the *Key
Management Service Developer Guide*.

[1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
@return [Hash<String,String>]

@!attribute [rw] key_spec

The length of the data key. Use `AES_128` to generate a 128-bit
symmetric key, or `AES_256` to generate a 256-bit symmetric key.
@return [String]

@!attribute [rw] number_of_bytes

The length of the data key in bytes. For example, use the value 64
to generate a 512-bit data key (64 bytes is 512 bits). For common
key lengths (128-bit and 256-bit symmetric keys), we recommend that
you use the `KeySpec` field instead of this one.
@return [Integer]

@!attribute [rw] grant_tokens

A list of grant tokens.

Use a grant token when your permission to call this operation comes
from a new grant that has not yet achieved *eventual consistency*.
For more information, see [Grant token][1] and [Using a grant
token][2] in the *Key Management Service Developer Guide*.

[1]: https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token
[2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token
@return [Array<String>]

@see docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintextRequest AWS API Documentation

Constants

SENSITIVE