You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.

Class: Aws::KMS::Types::GenerateDataKeyWithoutPlaintextRequest

Inherits:
Struct
  • Object
show all
Defined in:
(unknown)

Overview

Note:

When passing GenerateDataKeyWithoutPlaintextRequest as input to an Aws::Client method, you can use a vanilla Hash:

{
  key_id: "KeyIdType", # required
  encryption_context: {
    "EncryptionContextKey" => "EncryptionContextValue",
  },
  key_spec: "AES_256", # accepts AES_256, AES_128
  number_of_bytes: 1,
  grant_tokens: ["GrantTokenType"],
}

Instance Attribute Summary collapse

Instance Attribute Details

#encryption_contextHash<String,String>

A set of key-value pairs that represents additional authenticated data.

For more information, see Encryption Context in the AWS Key Management Service Developer Guide.

Returns:

  • (Hash<String,String>)

    A set of key-value pairs that represents additional authenticated data.

#grant_tokensArray<String>

A list of grant tokens.

For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.

Returns:

  • (Array<String>)

    A list of grant tokens.

#key_idString

The identifier of the customer master key (CMK) under which to generate and encrypt the data encryption key.

To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with \"alias/\". To specify a CMK in a different AWS account, you must use the key ARN or alias ARN.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

  • Alias name: alias/ExampleAlias

  • Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.

Returns:

  • (String)

    The identifier of the customer master key (CMK) under which to generate and encrypt the data encryption key.

#key_specString

The length of the data encryption key. Use AES_128 to generate a 128-bit symmetric key, or AES_256 to generate a 256-bit symmetric key.

Possible values:

  • AES_256
  • AES_128

Returns:

  • (String)

    The length of the data encryption key.

#number_of_bytesInteger

The length of the data encryption key in bytes. For example, use the value 64 to generate a 512-bit data key (64 bytes is 512 bits). For common key lengths (128-bit and 256-bit symmetric keys), we recommend that you use the KeySpec field instead of this one.

Returns:

  • (Integer)

    The length of the data encryption key in bytes.