NAME

Paws::KMS::GenerateDataKey - Arguments for method GenerateDataKey on Paws::KMS

DESCRIPTION

This class represents the parameters used for calling the method GenerateDataKey on the AWS Key Management Service service. Use the attributes of this class as arguments to method GenerateDataKey.

You shouldn't make instances of this class. Each attribute should be used as a named argument in the call to GenerateDataKey.

SYNOPSIS

    my $kms = Paws->service('KMS');
# To generate a data key
# The following example generates a 256-bit symmetric data encryption key (data
# key) in two formats. One is the unencrypted (plainext) data key, and the other
# is the data key encrypted with the specified customer master key (CMK).
    my $GenerateDataKeyResponse = $kms->GenerateDataKey(
      'KeyId'   => 'alias/ExampleAlias',
      'KeySpec' => 'AES_256'
    );
    # Results:
    my $CiphertextBlob = $GenerateDataKeyResponse->CiphertextBlob;
    my $KeyId          = $GenerateDataKeyResponse->KeyId;
    my $Plaintext      = $GenerateDataKeyResponse->Plaintext;
    # Returns a L<Paws::KMS::GenerateDataKeyResponse> object.

Values for attributes that are native types (Int, String, Float, etc) can passed as-is (scalar values). Values for complex Types (objects) can be passed as a HashRef. The keys and values of the hashref will be used to instance the underlying object. For the AWS API documentation, see <https://docs.aws.amazon.com/goto/WebAPI/kms/GenerateDataKey>

ATTRIBUTES

EncryptionContext => Paws::KMS::EncryptionContextType

Specifies the encryption context that will be used when encrypting the data key.

An encryption context is a collection of non-secret key-value pairs that represents additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is optional when encrypting with a symmetric CMK, but it is highly recommended.

For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) in the AWS Key Management Service Developer Guide.

GrantTokens => ArrayRef[Str|Undef]

A list of grant tokens.

Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) in the AWS Key Management Service Developer Guide.

REQUIRED KeyId => Str

Identifies the symmetric CMK that encrypts the data key.

To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or alias ARN.

For example:

Key ID: "1234abcd-12ab-34cd-56ef-1234567890ab"
Key ARN: "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
Alias name: "alias/ExampleAlias"
Alias ARN: "arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias"

To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.

KeySpec => Str

Specifies the length of the data key. Use "AES_128" to generate a 128-bit symmetric key, or "AES_256" to generate a 256-bit symmetric key.

You must specify either the "KeySpec" or the "NumberOfBytes" parameter (but not both) in every "GenerateDataKey" request.

Valid values are: "AES_256", "AES_128"

NumberOfBytes => Int

Specifies the length of the data key in bytes. For example, use the value 64 to generate a 512-bit data key (64 bytes is 512 bits). For 128-bit (16-byte) and 256-bit (32-byte) data keys, use the "KeySpec" parameter.

You must specify either the "KeySpec" or the "NumberOfBytes" parameter (but not both) in every "GenerateDataKey" request.

BUGS and CONTRIBUTIONS

The source code is located here: <https://github.com/pplu/aws-sdk-perl>

Please report bugs to: <https://github.com/pplu/aws-sdk-perl/issues>