kms/aws.sdk.kotlin.services.kms/KmsClient/generateRandom

generateRandom

abstract suspend fun generateRandom(input: GenerateRandomRequest = GenerateRandomRequest { }): GenerateRandomResponse

Returns a random byte string that is cryptographically secure.

You must use the NumberOfBytes parameter to specify the length of the random byte string. There is no default value for string length.

By default, the random byte string is generated in KMS. To generate the byte string in the CloudHSM cluster associated with an CloudHSM key store, use the CustomKeyStoreId parameter.

GenerateRandom also supports Amazon Web Services Nitro Enclaves, which provide an isolated compute environment in Amazon EC2. To call GenerateRandom for a Nitro enclave, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK. Use the Recipient parameter to provide the attestation document for the enclave. Instead of plaintext bytes, the response includes the plaintext bytes encrypted under the public key from the attestation document (CiphertextForRecipient).For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.

For more information about entropy and random number generation, see Entropy and random number generation in the Key Management Service Developer Guide.

Cross-account use: Not applicable. GenerateRandom does not use any account-specific resources, such as KMS keys.

Required permissions: kms:GenerateRandom (IAM policy)

Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

Samples


fun main() { 
   //sampleStart 
   // The following example generates 32 bytes of random data.
val resp = kmsClient.generateRandom {
    numberOfBytes = 32
} 
   //sampleEnd
}
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved. Generated by dokka