Key Management Service API, REST: SymmetricCrypto.generateDataKey
Generates a new symmetric data encryption key (not a KMS key) and returns
the generated key as plaintext and as ciphertext encrypted with the specified symmetric KMS key.
HTTP request
POST https://kms.yandex/kms/v1/keys/{keyId}:generateDataKey
Path parameters
Parameter | Description |
---|---|
keyId | Required. ID of the symmetric KMS key that the generated data key should be encrypted with. The maximum string length in characters is 50. |
Body parameters
{
"versionId": "string",
"aadContext": "string",
"dataKeySpec": "string",
"skipPlaintext": true
}
Field | Description |
---|---|
versionId | string ID of the key version to encrypt the generated data key with. Defaults to the primary version if not specified. The maximum string length in characters is 50. |
aadContext | string (byte) Additional authenticated data (AAD context), optional. If specified, this data will be required for decryption with the The maximum string length in characters is 8192. |
dataKeySpec | string Encryption algorithm and key length for the generated data key. Supported symmetric encryption algorithms.
|
skipPlaintext | boolean (boolean) If |
Response
HTTP Code: 200 - OK
{
"keyId": "string",
"versionId": "string",
"dataKeyPlaintext": "string",
"dataKeyCiphertext": "string"
}
Field | Description |
---|---|
keyId | string ID of the symmetric KMS key that was used to encrypt the generated data key. |
versionId | string ID of the key version that was used for encryption. |
dataKeyPlaintext | string (byte) Generated data key as plaintext. The field is empty, if the skipPlaintext parameter was set to |
dataKeyCiphertext | string (byte) The encrypted data key. |