GenerateDataKey

Generates a new symmetric data encryption key (not a KMS key) and returns the generated key as plaintext and as ciphertext encrypted with the specified symmetric KMS key.

TypeScript
Python

import { cloudApi, serviceClients, Session } from "@yandex-cloud/nodejs-sdk";

const GenerateDataKeyRequest =
  cloudApi.kms.symmetric_crypto_service.GenerateDataKeyRequest;
const SymmetricAlgorithm = cloudApi.kms.symmetric_key.SymmetricAlgorithm;

(async () => {
  const authToken = process.env["YC_OAUTH_TOKEN"];
  const session = new Session({ oauthToken: authToken });
  const client = session.client(serviceClients.SymmetricCryptoServiceClient);

  const result = await client.generateDataKey(
    GenerateDataKeyRequest.fromPartial({
      keyId: "keyId",
      // versionId: "versionId",
      // aadContext: Buffer.from([]),
      // dataKeySpec: SymmetricAlgorithm.AES_128,
      // skipPlaintext: true
    })
  );
  console.log(result);
})();

import os
import grpc
import yandexcloud

from yandex.cloud.kms.v1.symmetric_crypto_service_pb2 import GenerateDataKeyRequest
from yandex.cloud.kms.v1.symmetric_key_pb2 import SymmetricAlgorithm
from yandex.cloud.kms.v1.symmetric_crypto_service_pb2_grpc import SymmetricCryptoServiceStub

token = os.getenv("YC_OAUTH_TOKEN")

sdk = yandexcloud.SDK(token=token)

service = sdk.client(SymmetricCryptoServiceStub)
response = service.GenerateDataKey(
    GenerateDataKeyRequest(
        key_id="keyId",
        # version_id = "versionId",
        # aad_context = b'',
        # data_key_spec = SymmetricAlgorithm.AES_128,
        # skip_plaintext = true
    )
)
print(response)

GenerateDataKeyRequest

`keyId` : string

ID of the symmetric KMS key that the generated data key should be encrypted with.

`versionId` : string

ID of the key version to encrypt the generated data key with. Defaults to the primary version if not specified.

`aadContext` : bytes

Additional authenticated data (AAD context), optional. If specified, this data will be required for decryption with the SymmetricDecryptRequest. Should be encoded with base64.

`dataKeySpec` : SymmetricAlgorithm

Encryption algorithm and key length for the generated data key.

`skipPlaintext` : bool

If true, the method won't return the data key as plaintext. Default value is false.

GenerateDataKeyResponse

`keyId` : string

ID of the symmetric KMS key that was used to encrypt the generated data key.

`versionId` : string

ID of the key version that was used for encryption.

`dataKeyPlaintext` : bytes

Generated data key as plaintext. The field is empty, if the GenerateDataKeyRequest.skip_plaintext parameter was set to true.

`dataKeyCiphertext` : bytes

The encrypted data key.

GenerateDataKey

GenerateDataKeyRequest​

keyId : string​

versionId : string​

aadContext : bytes​

dataKeySpec : SymmetricAlgorithm​

skipPlaintext : bool​

GenerateDataKeyResponse​

keyId : string​

versionId : string​

dataKeyPlaintext : bytes​

dataKeyCiphertext : bytes​

GenerateDataKeyRequest

`keyId` : string

`versionId` : string

`aadContext` : bytes

`dataKeySpec` : SymmetricAlgorithm

`skipPlaintext` : bool

GenerateDataKeyResponse

`keyId` : string

`versionId` : string

`dataKeyPlaintext` : bytes

`dataKeyCiphertext` : bytes