Skip to main content

ReEncrypt

Re-encrypts a ciphertext with the specified KMS key.

import { cloudApi, serviceClients, Session } from "@yandex-cloud/nodejs-sdk";

const SymmetricReEncryptRequest =
  cloudApi.kms.symmetric_crypto_service.SymmetricReEncryptRequest;

(async () => {
  const authToken = process.env["YC_OAUTH_TOKEN"];
  const session = new Session({ oauthToken: authToken });
  const client = session.client(serviceClients.SymmetricCryptoServiceClient);

  const result = await client.reEncrypt(
    SymmetricReEncryptRequest.fromPartial({
      keyId: "keyId",
      // versionId: "versionId",
      // aadContext: Buffer.from([]),
      sourceKeyId: "sourceKeyId",
      // sourceAadContext: Buffer.from([]),
      ciphertext: Buffer.from([]),
    })
  );
  console.log(result);
})();

SymmetricReEncryptRequest

keyId : string

ID of the new key to be used for encryption.

versionId : string

ID of the version of the new key to be used for encryption. Defaults to the primary version if not specified.

aadContext : bytes

Additional authenticated data to be required for decryption. Should be encoded with base64.

sourceKeyId : string

ID of the key that the ciphertext is currently encrypted with. May be the same as for the new key.

sourceAadContext : bytes

Additional authenticated data provided with the initial encryption request. Should be encoded with base64.

ciphertext : bytes

Ciphertext to re-encrypt. Should be encoded with base64.

SymmetricReEncryptResponse

keyId : string

ID of the key that the ciphertext is encrypted with now.

versionId : string

ID of key version that was used for encryption.

sourceKeyId : string

ID of the key that the ciphertext was encrypted with previously.

sourceVersionId : string

ID of the key version that was used to decrypt the re-encrypted ciphertext.

ciphertext : bytes

Resulting re-encrypted ciphertext.