Key Management Service API, gRPC: SymmetricCryptoService.Encrypt

Written by

Updated at December 9, 2025

Encrypts given plaintext with the specified key.

gRPC request

{
  "key_id": "string",
  "version_id": "string",
  "aad_context": "bytes",
  "plaintext": "bytes"
}

Field	Description
key_id	string Required field. ID of the symmetric KMS key to use for encryption. The maximum string length in characters is 50.
version_id	string ID of the key version to encrypt plaintext with. Defaults to the primary version if not specified. The maximum string length in characters is 50.
aad_context	bytes Additional authenticated data (AAD context), optional. If specified, this data will be required for decryption with the SymmetricDecryptRequest. Should be encoded with base64. The maximum string length in characters is 8192.
plaintext	bytes Required field. Plaintext to be encrypted. Should be encoded with base64. The maximum string length in characters is 32768.

{
  "key_id": "string",
  "version_id": "string",
  "ciphertext": "bytes"
}

Field	Description
key_id	string Required field. ID of the symmetric KMS key that was used for encryption. The maximum string length in characters is 50.
version_id	string ID of the key version that was used for encryption. The maximum string length in characters is 50.
ciphertext	bytes Resulting ciphertext.