A developer is creating an application to retrieve and format sensitive data into a PDF, potentially over 1 MB, using AWS KMS for encryption. Which method should be used to encrypt the PDF with a symmetric customer-managed KMS key, ensuring it can be decrypted later?
