Key Management Service API, REST: SymmetricCrypto.GenerateDataKey
Generates a new symmetric data encryption key (not a KMS key) and returns
the generated key as plaintext and as ciphertext encrypted with the specified symmetric KMS key.
HTTP request
POST https://kms.yandex/kms/v1/keys/{keyId}:generateDataKey
Path parameters
|
Field |
Description |
|
keyId |
string Required field. ID of the symmetric KMS key that the generated data key should be encrypted with. |
Body parameters
{
"versionId": "string",
"aadContext": "string",
"dataKeySpec": "string",
"skipPlaintext": "boolean"
}
|
Field |
Description |
|
versionId |
string ID of the key version to encrypt the generated data key with. |
|
aadContext |
string (bytes) Additional authenticated data (AAD context), optional. |
|
dataKeySpec |
enum (SymmetricAlgorithm) Encryption algorithm and key length for the generated data key.
|
|
skipPlaintext |
boolean If |
Response
HTTP Code: 200 - OK
{
"keyId": "string",
"versionId": "string",
"dataKeyPlaintext": "string",
"dataKeyCiphertext": "string"
}
|
Field |
Description |
|
keyId |
string ID of the symmetric KMS key that was used to encrypt the generated data key. |
|
versionId |
string ID of the key version that was used for encryption. |
|
dataKeyPlaintext |
string (bytes) Generated data key as plaintext. |
|
dataKeyCiphertext |
string (bytes) The encrypted data key. |