// encrypt returns a KMS encrypted byte array // See http://docs.aws.amazon.com/sdk-for-go/api/service/kms/KMS.html#Encrypt-instance_method func encrypt(payload []byte, svc *kms.KMS, keyID string) ([]byte, error) { params := &kms.EncryptInput{ KeyId: aws.String(keyID), Plaintext: payload, EncryptionContext: aws.StringMap(map[string]string{ "Key": "EncryptionContextValue", }), GrantTokens: aws.StringSlice([]string{ "GrantTokenType", }), } resp, err := svc.Encrypt(params) if err != nil { return nil, err } return resp.CiphertextBlob, nil }