API Reference

PREVIEW DOCUMENTATION - This is a preview of a new format for the AWS SDK for Go API Reference documentation. For the current AWS SDK for Go API Reference, see

We welcome your feedback on this new version of the documentation. Send your comments to


import ""

type GenerateDataKeyWithoutPlaintextInput struct { EncryptionContext map[string]*string `type:"map"` GrantTokens []*string `type:"list"` KeyId *string `min:"1" type:"string" required:"true"` KeySpec *string `type:"string" enum:"DataKeySpec"` NumberOfBytes *int64 `min:"1" type:"integer"` }


Type: map[string]*string

A set of key-value pairs that represents additional authenticated data.

For more information, see Encryption Context ( in the AWS Key Management Service Developer Guide.


Type: []*string

A list of grant tokens.

For more information, see Grant Tokens ( in the AWS Key Management Service Developer Guide.


Type: *string

The identifier of the customer master key (CMK) under which to generate and encrypt the data encryption key.

To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or alias ARN.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

  • Alias name: alias/ExampleAlias

  • Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.

KeyId is a required field


Type: *string

The length of the data encryption key. Use AES_128 to generate a 128-bit symmetric key, or AES_256 to generate a 256-bit symmetric key.


Type: *int64

The length of the data encryption key in bytes. For example, use the value 64 to generate a 512-bit data key (64 bytes is 512 bits). For common key lengths (128-bit and 256-bit symmetric keys), we recommend that you use the KeySpec field instead of this one.



func (s GenerateDataKeyWithoutPlaintextInput) GoString() string

GoString returns the string representation


func (s *GenerateDataKeyWithoutPlaintextInput) SetEncryptionContext(v map[string]*string) *GenerateDataKeyWithoutPlaintextInput

SetEncryptionContext sets the EncryptionContext field's value.


func (s *GenerateDataKeyWithoutPlaintextInput) SetGrantTokens(v []*string) *GenerateDataKeyWithoutPlaintextInput

SetGrantTokens sets the GrantTokens field's value.


func (s *GenerateDataKeyWithoutPlaintextInput) SetKeyId(v string) *GenerateDataKeyWithoutPlaintextInput

SetKeyId sets the KeyId field's value.


func (s *GenerateDataKeyWithoutPlaintextInput) SetKeySpec(v string) *GenerateDataKeyWithoutPlaintextInput

SetKeySpec sets the KeySpec field's value.


func (s *GenerateDataKeyWithoutPlaintextInput) SetNumberOfBytes(v int64) *GenerateDataKeyWithoutPlaintextInput

SetNumberOfBytes sets the NumberOfBytes field's value.


func (s GenerateDataKeyWithoutPlaintextInput) String() string

String returns the string representation


func (s *GenerateDataKeyWithoutPlaintextInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

On this page: