Key Management Service API, REST: SymmetricCrypto.Encrypt

Written by

Updated at December 9, 2025

Encrypts given plaintext with the specified key.

HTTP request

POST https://kms.yandex/kms/v1/keys/{keyId}:encrypt

Field

Description

keyId

string

Required field. ID of the symmetric KMS key to use for encryption.

The maximum string length in characters is 50.

{
  "versionId": "string",
  "aadContext": "string",
  "plaintext": "string"
}

Field	Description
versionId	string ID of the key version to encrypt plaintext with. Defaults to the primary version if not specified. The maximum string length in characters is 50.
aadContext	string (bytes) Additional authenticated data (AAD context), optional. If specified, this data will be required for decryption with the SymmetricDecryptRequest. Should be encoded with base64. The maximum string length in characters is 8192.
plaintext	string (bytes) Required field. Plaintext to be encrypted. Should be encoded with base64. The maximum string length in characters is 32768.

HTTP Code: 200 - OK

{
  "keyId": "string",
  "versionId": "string",
  "ciphertext": "string"
}

Field	Description
keyId	string Required field. ID of the symmetric KMS key that was used for encryption. The maximum string length in characters is 50.
versionId	string ID of the key version that was used for encryption. The maximum string length in characters is 50.
ciphertext	string (bytes) Resulting ciphertext.