Hello Cloud Gurus, Suppose I have encrypted a S3 bucket using a customer Master key (through console). As per my understanding, KMS will generate a data key (which will be encrypted by Master Key) and use that data key to encrypt/decrypt the actual S3 data. The encrypted data key is stored in the application space (assuming in S3 itself). So is it possible if I can view the data key ? if yes, is it possible to decrypt it using Master key ? Let me know please if my understanding is wrong.