Key Management Service API, gRPC: SymmetricCryptoService.GenerateDataKey

Field

Description

keyId

string

Required field. ID of the symmetric KMS key that the generated data key should be encrypted with.

versionId

string

ID of the key version to encrypt the generated data key with.
Defaults to the primary version if not specified.

aadContext

bytes

Additional authenticated data (AAD context), optional.
If specified, this data will be required for decryption with the SymmetricDecryptRequest.
Should be encoded with base64.

dataKeySpec

enum SymmetricAlgorithm

Encryption algorithm and key length for the generated data key.

• SYMMETRIC_ALGORITHM_UNSPECIFIED
• AES_128: AES algorithm with 128-bit keys.
• AES_192: AES algorithm with 192-bit keys.
• AES_256: AES algorithm with 256-bit keys.
• AES_256_HSM: AES algorithm with 256-bit keys hosted by HSM

skipPlaintext

bool

If true, the method won't return the data key as plaintext.
Default value is false.

Field

Description

keyId

string

ID of the symmetric KMS key that was used to encrypt the generated data key.

versionId

string

ID of the key version that was used for encryption.

dataKeyPlaintext

bytes

Generated data key as plaintext.
The field is empty, if the GenerateDataKeyRequest.skipPlaintext parameter
was set to true.

dataKeyCiphertext

bytes

The encrypted data key.