Key Management Service API, gRPC: SymmetricCryptoService.GenerateDataKey
Generates a new symmetric data encryption key (not a KMS key) and returns
the generated key as plaintext and as ciphertext encrypted with the specified symmetric KMS key.
gRPC request
rpc GenerateDataKey (GenerateDataKeyRequest) returns (GenerateDataKeyResponse)
GenerateDataKeyRequest
{
"key_id": "string",
"version_id": "string",
"aad_context": "bytes",
"data_key_spec": "SymmetricAlgorithm",
"skip_plaintext": "bool"
}
|
Field |
Description |
|
key_id |
string Required field. ID of the symmetric KMS key that the generated data key should be encrypted with. |
|
version_id |
string ID of the key version to encrypt the generated data key with. |
|
aad_context |
bytes Additional authenticated data (AAD context), optional. |
|
data_key_spec |
enum SymmetricAlgorithm Encryption algorithm and key length for the generated data key.
|
|
skip_plaintext |
bool If |
GenerateDataKeyResponse
{
"key_id": "string",
"version_id": "string",
"data_key_plaintext": "bytes",
"data_key_ciphertext": "bytes"
}
|
Field |
Description |
|
key_id |
string ID of the symmetric KMS key that was used to encrypt the generated data key. |
|
version_id |
string ID of the key version that was used for encryption. |
|
data_key_plaintext |
bytes Generated data key as plaintext. |
|
data_key_ciphertext |
bytes The encrypted data key. |