Method: Aws::KMS::Types::GenerateDataKeyWithoutPlaintextRequest#encryption_context

Defined in:: lib/aws-sdk-kms/types.rb

#encryption_context ⇒ `Hash<String,String>`

Specifies the encryption context that will be used when encrypting the data key.

Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

An *encryption context* is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.

For more information, see [Encryption context] in the *Key Management Service Developer Guide*.

[1]: docs.aws.amazon.com/kms/latest/developerguide/encrypt_context.html

Returns:

(Hash<String,String>)

# File 'lib/aws-sdk-kms/types.rb', line 3135

class GenerateDataKeyWithoutPlaintextRequest < Struct.new(
  :key_id,
  :encryption_context,
  :key_spec,
  :number_of_bytes,
  :grant_tokens,
  :dry_run)
  SENSITIVE = []
  include Aws::Structure
end

Method: Aws::KMS::Types::GenerateDataKeyWithoutPlaintextRequest#encryption_context

#encryption_context ⇒ Hash<String,String>

#encryption_context ⇒ `Hash<String,String>`