Generate a data encryption key for envelope encryption via KMS

kms_generate_data_key(key, bytes = 64L)

Arguments

key

the KMS customer master key identifier as a fully specified Amazon Resource Name (eg arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012) or an alias with the alias/ prefix (eg alias/foobar)

bytes

the required length of the data encryption key in bytes (so provide eg 64L for a 512-bit key)

Value

list of the Base64-encoded encrypted version of the data encryption key (to be stored on disk), the raw object of the encryption key and the KMS customer master key used to generate this object