# EncryptionConfiguration


Use this structure to specify a customer managed AWS KMS key to use to encrypt investigation data. 

## Contents


 ** kmsKeyId **   <a name="cloudwatchinvestigations-Type-EncryptionConfiguration-kmsKeyId"></a>
If the investigation group uses a customer managed key for encryption, this field displays the ID of that key.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 256.  
Pattern: `arn:.*`   
Required: No

 ** type **   <a name="cloudwatchinvestigations-Type-EncryptionConfiguration-type"></a>
Displays whether investigation data is encrypted by a customer managed key or an AWS owned key.  
Type: String  
Valid Values: `AWS_OWNED_KEY | CUSTOMER_MANAGED_KMS_KEY`   
Required: No

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/aiops-2018-05-10/EncryptionConfiguration) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/aiops-2018-05-10/EncryptionConfiguration) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/aiops-2018-05-10/EncryptionConfiguration)