Encrypts plaintext by using a symmetric CMK.
- KMS uses the primary version of a specified CMK to encrypt data.
- Only data of 6 KB or less can be encrypted. For example, you can call this operation to encrypt RSA keys, database access passwords, or other sensitive information.
- When you migrate encrypted data across regions, you can call this operation in the destination region to encrypt the plaintext of the data key that is used to encrypt the migrated data in the source region. This way, the ciphertext of the data key is generated in the destination region. You can also call the Decrypt operation to decrypt the data key.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | Yes | Encrypt |
The operation that you want to perform. Set the value to Encrypt. |
KeyId | String | Yes | 1234abcd-12ab-34cd-56ef-12345678**** |
The globally unique ID of the CMK. You can also set this parameter to an alias that is bound to the CMK. For more information, see Use aliases. |
Plaintext | String | Yes | SGVsbG8gd29y**** |
The plaintext to be encrypted. The plaintext must be Base64 encoded. |
EncryptionContext | Json | No | {"Example":"Example"} |
A JSON string that consists of key-value pairs. If you specify this parameter, an equivalent value is required when you call the Decrypt operation. For more information, see EncryptionContext. |
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
CiphertextBlob | String | DZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmaaSl+TztSIMe43nbTH/Z1Wr4XfLftKhAciUmDQXuMRl4WTvKhxjMThjK**** |
The ciphertext of the data that is encrypted by using the primary CMK version. |
KeyId | String | 1234abcd-12ab-34cd-56ef-12345678**** |
The globally unique ID of the CMK. If you set the KeyId parameter to an alias, the ID of the CMK to which the alias is bound is returned. |
KeyVersionId | String | 86a9efd9-3d16-4894-bd4f-1fc43f3f**** |
The ID of the key version that is used to encrypt the plaintext. It is the primary version of the CMK. |
RequestId | String | 475f1620-b9d3-4d35-b5c6-3fbdd941423d |
The ID of the request. |
Examples
Sample requests
http(s)://[Endpoint]/?Action=Encrypt
&KeyId=1234abcd-12ab-34cd-56ef-12345678****
&Plaintext=SGVsbG8gd29y****
&<Common request parameters>
Sample success responses
XML
format
<KMS>
<RequestId>475f1620-b9d3-4d35-b5c6-3fbdd941423d</RequestId>
<CiphertextBlob>DZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmaaSl+TztSIMe43nbTH/Z1Wr4XfLftKhAciUmDQXuMRl4WTvKhxjMThjK****</CiphertextBlob>
<KeyId>1234abcd-12ab-34cd-56ef-12345678****</KeyId>
<KeyVersionId>86a9efd9-3d16-4894-bd4f-1fc43f3f****</KeyVersionId>
</KMS>
JSON
format
{
"RequestId":"475f1620-b9d3-4d35-b5c6-3fbdd941423d",
"CiphertextBlob":"DZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmaaSl+TztSIMe43nbTH/Z1Wr4XfLftKhAciUmDQXuMRl4WTvKhxjMThjK****",
"KeyId":"1234abcd-12ab-34cd-56ef-12345678****",
"KeyVersionId":"86a9efd9-3d16-4894-bd4f-1fc43f3f****"
}
Error codes
For a list of error codes, visit the API Error Center.