Key Management Service API, gRPC: SymmetricCryptoService.GenerateDataKey

Field

Description

key_id

string

Required field. ID of the symmetric KMS key that the generated data key should be encrypted with.

version_id

string

ID of the key version to encrypt the generated data key with.
Defaults to the primary version if not specified.

aad_context

bytes

Additional authenticated data (AAD context), optional.
If specified, this data will be required for decryption with the SymmetricDecryptRequest.
Should be encoded with base64.

data_key_spec

enum SymmetricAlgorithm

Encryption algorithm and key length for the generated data key.

• SYMMETRIC_ALGORITHM_UNSPECIFIED
• AES_128: AES algorithm with 128-bit keys.
• AES_192: AES algorithm with 192-bit keys.
• AES_256: AES algorithm with 256-bit keys.
• AES_256_HSM: AES algorithm with 256-bit keys hosted by HSM

skip_plaintext

bool

If true, the method won't return the data key as plaintext.
Default value is false.

Field

Description

key_id

string

ID of the symmetric KMS key that was used to encrypt the generated data key.

version_id

string

ID of the key version that was used for encryption.

data_key_plaintext

bytes

Generated data key as plaintext.
The field is empty, if the GenerateDataKeyRequest.skip_plaintext parameter
was set to true.

data_key_ciphertext

bytes

The encrypted data key.