Smaws_Client_KMS.GenerateRandomval request :
Smaws_Lib.Context.t ->
generate_random_request ->
(generate_random_response,
[> Smaws_Lib.Protocols.AwsJson.error
| `CustomKeyStoreInvalidStateException of
custom_key_store_invalid_state_exception
| `CustomKeyStoreNotFoundException of custom_key_store_not_found_exception
| `DependencyTimeoutException of dependency_timeout_exception
| `KMSInternalException of kms_internal_exception
| `UnsupportedOperationException of unsupported_operation_exception ])
Stdlib.resultReturns a random byte string that is cryptographically secure.
You must use the NumberOfBytes parameter to specify the length of the random byte string. There is no default value for string length.
By default, the random byte string is generated in KMS. To generate the byte string in the CloudHSM cluster associated with an CloudHSM key store, use the CustomKeyStoreId parameter.
GenerateRandom also supports Amazon Web Services Nitro Enclaves, which provide an isolated compute environment in Amazon EC2. To call GenerateRandom for a Nitro enclave, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK. Use the Recipient parameter to provide the attestation document for the enclave. Instead of plaintext bytes, the response includes the plaintext bytes encrypted under the public key from the attestation document (CiphertextForRecipient).For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.
For more information about entropy and random number generation, see Key Management Service Cryptographic Details.
Cross-account use: Not applicable. GenerateRandom does not use any account-specific resources, such as KMS keys.
Required permissions: kms:GenerateRandom (IAM policy)
Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.