View aws master encryption key in kms for snowflake

Question

I encrypted an object in s3 bucket with a kms key. I need to pass this key to snowflake

https://docs.snowflake.net/manuals/user-guide/data-load-create-stage.html#creating-an-external-stage

It wants encryption=(master_key = 'eSxX0jzYfIamtnBKOEOwq80Au6NbSgPH5r4BDDwOaO8=')

I can view my kms keys but I don't actually see the key value.

$ aws kms get-key-policy --key-id 1234abcd-12ab-34cd-56ef-1234567890ab --policy-name default

{
  "Version" : "2012-10-17",
  "Id" : "key-default-1",
  "Statement" : [ {
    "Sid" : "Enable IAM User Permissions",
    "Effect" : "Allow",
    "Principal" : {
      "AWS" : "arn:aws:iam::111122223333:root"
    },
    "Action" : "kms:*",
    "Resource" : "*"
  } ]
}

Its not visible in console either. How do I see what the key is?

Illusionist Illusionist · Accepted Answer · 2017-09-20T15:52:16

I figured it out, I needed to generate it via aws kms generate-data-key --key-id ... --number-of-bytes 64

View aws master encryption key in kms for snowflake

1 Answers