Generate a data encryption key for envelope encryption via KMS
kms_generate_data_key(key, bytes = 64L)
the KMS customer master key identifier as a fully specified Amazon Resource Name (eg arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
) or an alias with the alias/
prefix (eg alias/foobar
)
the required length of the data encryption key in bytes (so provide eg 64L
for a 512-bit key)
list
of the Base64-encoded encrypted version of the data encryption key (to be stored on disk), the raw
object of the encryption key and the KMS customer master key used to generate this object