Method: Aws::KMS::Types::GenerateDataKeyPairWithoutPlaintextRequest#encryption_context

Defined in:
lib/aws-sdk-kms/types.rb

#encryption_contextHash<String,String>

Specifies the encryption context that will be used when encrypting the private key in the data key pair.

Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

An *encryption context* is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.

For more information, see [Encryption context] in the *Key Management Service Developer Guide*.

[1]: docs.aws.amazon.com/kms/latest/developerguide/encrypt_context.html

Returns:

  • (Hash<String,String>) 


2857
2858
2859
2860
2861
2862
2863
2864
2865
 
# File 'lib/aws-sdk-kms/types.rb', line 2857

class GenerateDataKeyPairWithoutPlaintextRequest < Struct.new(
  :encryption_context,
  :key_id,
  :key_pair_spec,
  :grant_tokens,
  :dry_run)
  SENSITIVE = []
  include Aws::Structure
end