Key Management Service API, gRPC: SymmetricCryptoService.GenerateDataKey
Generates a new symmetric data encryption key (not a KMS key) and returns
the generated key as plaintext and as ciphertext encrypted with the specified symmetric KMS key.
gRPC request
rpc GenerateDataKey (GenerateDataKeyRequest) returns (GenerateDataKeyResponse)
GenerateDataKeyRequest
{
"keyId": "string",
"versionId": "string",
"aadContext": "bytes",
"dataKeySpec": "SymmetricAlgorithm",
"skipPlaintext": "bool"
}
Field |
Description |
keyId |
string Required field. ID of the symmetric KMS key that the generated data key should be encrypted with. |
versionId |
string ID of the key version to encrypt the generated data key with. |
aadContext |
bytes Additional authenticated data (AAD context), optional. |
dataKeySpec |
enum SymmetricAlgorithm Encryption algorithm and key length for the generated data key.
|
skipPlaintext |
bool If |
GenerateDataKeyResponse
{
"keyId": "string",
"versionId": "string",
"dataKeyPlaintext": "bytes",
"dataKeyCiphertext": "bytes"
}
Field |
Description |
keyId |
string ID of the symmetric KMS key that was used to encrypt the generated data key. |
versionId |
string ID of the key version that was used for encryption. |
dataKeyPlaintext |
bytes Generated data key as plaintext. |
dataKeyCiphertext |
bytes The encrypted data key. |