Key Management Service API, gRPC: SymmetricCryptoService.GenerateDataKey

Field

Description

key_id

string

Required field. ID of the symmetric KMS key that the generated data key should be encrypted with.

The maximum string length in characters is 50.

version_id

string

ID of the key version to encrypt the generated data key with.
Defaults to the primary version if not specified.

The maximum string length in characters is 50.

aad_context

bytes

Additional authenticated data (AAD context), optional.
If specified, this data will be required for decryption with the SymmetricDecryptRequest.
Should be encoded with base64.

The maximum string length in characters is 8192.

data_key_spec

enum SymmetricAlgorithm

Encryption algorithm and key length for the generated data key.

• AES_128: AES algorithm with 128-bit keys.
• AES_192: AES algorithm with 192-bit keys.
• AES_256: AES algorithm with 256-bit keys.
• AES_256_HSM: AES algorithm with 256-bit keys hosted by HSM
• GOST_R_3412_2015_K: GOST R 34.12-2015 Kuznyechik algorithm

skip_plaintext

bool

If true, the method won't return the data key as plaintext.
Default value is false.

Field

Description

key_id

string

ID of the symmetric KMS key that was used to encrypt the generated data key.

version_id

string

ID of the key version that was used for encryption.

data_key_plaintext

bytes

Generated data key as plaintext.
The field is empty, if the GenerateDataKeyRequest.skip_plaintext parameter
was set to true.

data_key_ciphertext

bytes

The encrypted data key.