class Aws::KMS::Types::EncryptRequest

@note When making an API call, you may pass EncryptRequest

data as a hash:

    {
      key_id: "KeyIdType", # required
      plaintext: "data", # required
      encryption_context: {
        "EncryptionContextKey" => "EncryptionContextValue",
      },
      grant_tokens: ["GrantTokenType"],
      encryption_algorithm: "SYMMETRIC_DEFAULT", # accepts SYMMETRIC_DEFAULT, RSAES_OAEP_SHA_1, RSAES_OAEP_SHA_256
    }

@!attribute [rw] key_id

Identifies the KMS key to use in the encryption operation.

To specify a KMS key, use its key ID, key ARN, alias name, or alias
ARN. When using an alias name, prefix it with `"alias/"`. To specify
a KMS key in a different Amazon Web Services account, you must use
the key ARN or alias ARN.

For example:

* Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`

* Key ARN:
  `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`

* Alias name: `alias/ExampleAlias`

* Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`

To get the key ID and key ARN for a KMS key, use ListKeys or
DescribeKey. To get the alias name and alias ARN, use ListAliases.
@return [String]

@!attribute [rw] plaintext

Data to be encrypted.
@return [String]

@!attribute [rw] encryption_context

Specifies the encryption context that will be used to encrypt the
data. An encryption context is valid only for [cryptographic
operations][1] with a symmetric KMS key. The standard asymmetric
encryption algorithms that KMS uses do not support an encryption
context.

An *encryption context* is a collection of non-secret key-value
pairs that represents additional authenticated data. When you use an
encryption context to encrypt data, you must specify the same (an
exact case-sensitive match) encryption context to decrypt the data.
An encryption context is optional when encrypting with a symmetric
KMS key, but it is highly recommended.

For more information, see [Encryption Context][2] in the *Key
Management Service Developer Guide*.

[1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
[2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
@return [Hash<String,String>]

@!attribute [rw] grant_tokens

A list of grant tokens.

Use a grant token when your permission to call this operation comes
from a new grant that has not yet achieved *eventual consistency*.
For more information, see [Grant token][1] and [Using a grant
token][2] in the *Key Management Service Developer Guide*.

[1]: https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token
[2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token
@return [Array<String>]

@!attribute [rw] encryption_algorithm

Specifies the encryption algorithm that KMS will use to encrypt the
plaintext message. The algorithm must be compatible with the KMS key
that you specify.

This parameter is required only for asymmetric KMS keys. The default
value, `SYMMETRIC_DEFAULT`, is the algorithm used for symmetric KMS
keys. If you are using an asymmetric KMS key, we recommend
RSAES\_OAEP\_SHA\_256.
@return [String]

@see docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EncryptRequest AWS API Documentation

Constants

SENSITIVE