class Aws::KMS::Types::GenerateDataKeyRequest

@note When making an API call, you may pass GenerateDataKeyRequest

data as a hash:

    {
      key_id: "KeyIdType", # required
      encryption_context: {
        "EncryptionContextKey" => "EncryptionContextValue",
      },
      number_of_bytes: 1,
      key_spec: "AES_256", # accepts AES_256, AES_128
      grant_tokens: ["GrantTokenType"],
    }

@!attribute [rw] key_id

Identifies the symmetric KMS key that encrypts the data key.

To specify a KMS key, use its key ID, key ARN, alias name, or alias
ARN. When using an alias name, prefix it with `"alias/"`. To specify
a KMS key in a different Amazon Web Services account, you must use
the key ARN or alias ARN.

For example:

* Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`

* Key ARN:
  `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`

* Alias name: `alias/ExampleAlias`

* Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`

To get the key ID and key ARN for a KMS key, use ListKeys or
DescribeKey. To get the alias name and alias ARN, use ListAliases.
@return [String]

@!attribute [rw] encryption_context

Specifies the encryption context that will be used when encrypting
the data key.

An *encryption context* is a collection of non-secret key-value
pairs that represents additional authenticated data. When you use an
encryption context to encrypt data, you must specify the same (an
exact case-sensitive match) encryption context to decrypt the data.
An encryption context is optional when encrypting with a symmetric
KMS key, but it is highly recommended.

For more information, see [Encryption Context][1] in the *Key
Management Service Developer Guide*.

[1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
@return [Hash<String,String>]

@!attribute [rw] number_of_bytes

Specifies the length of the data key in bytes. For example, use the
value 64 to generate a 512-bit data key (64 bytes is 512 bits). For
128-bit (16-byte) and 256-bit (32-byte) data keys, use the `KeySpec`
parameter.

You must specify either the `KeySpec` or the `NumberOfBytes`
parameter (but not both) in every `GenerateDataKey` request.
@return [Integer]

@!attribute [rw] key_spec

Specifies the length of the data key. Use `AES_128` to generate a
128-bit symmetric key, or `AES_256` to generate a 256-bit symmetric
key.

You must specify either the `KeySpec` or the `NumberOfBytes`
parameter (but not both) in every `GenerateDataKey` request.
@return [String]

@!attribute [rw] grant_tokens

A list of grant tokens.

Use a grant token when your permission to call this operation comes
from a new grant that has not yet achieved *eventual consistency*.
For more information, see [Grant token][1] and [Using a grant
token][2] in the *Key Management Service Developer Guide*.

[1]: https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token
[2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token
@return [Array<String>]

@see docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyRequest AWS API Documentation

Constants

SENSITIVE