Skip to content

Latest commit

 

History

History
 
 

kms

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
CreateKey
CreateKey
 
 
DecryptData
DecryptData
 
 
EncryptData
EncryptData
 
 
ReEncryptData
ReEncryptData
 
 
README.md
README.md
 
 
metadata.yaml
metadata.yaml
 
 

README.md

AWS SDK for Go V2 code examples for AWS KMS

Purpose

These examples demonstrate how to perform several AWS Key Management Service (AWS KMS) operations using version 2 of the AWS SDK for Go.

Prerequisites

You must have an AWS account, and have your default credentials and AWS Region configured as described in Configuring the AWS SDK for Go in the AWS SDK for Go Developer Guide.

Running the code

CreateKey/CreateKeyv2.go

This example creates an AWS KMS key (KMS key).

go run CreateKeyv2.go

DecryptData/DecryptDatav2.go

This example decrypts some text that was encrypted with an AWS KMS key (KMS key).

go run DecryptDatav2.go -d DATA

  • DATA is the encrypted data, as a string.

The unit test accepts a similar value in config.json.

EncryptData/EncryptDatav2.go

This example encrypts some text using an AWS KMS key (KMS key).

go run EncryptDatav2.go -k KEYID -t TEXT

  • KEYID is the ID for the AWS KMS key to use for encrypting the text.
  • TEXT is the text to encrypt.

The unit test accepts similar values in config.json.

ReEncryptData/ReEncryptDatav2.go

This example reencrypts some text using an AWS KMS key (KMS key).

go run ReEncryptDatav2.go -k KeyID -d DATA

  • KeyID is the ID of the AWS KMS key to use for reencrypting the data.
  • DATA is the data to reencrypt, as a string.

The unit test accepts similar values in config.json.

Notes

  • We recommend that you grant this code least privilege, or at most the minimum permissions required to perform the task. For more information, see Grant Least Privilege in the AWS Identity and Access Management User Guide.
  • This code has not been tested in all AWS Regions. Some AWS services are available only in specific Regions.
  • Running this code might result in charges to your AWS account.

Running the unit tests

Unit tests should delete any resources they create. However, they might result in charges to your AWS account.

To run a unit test, enter:

go test

You should see something like the following, where PATH is the path to the folder containing the Go files:

PASS
ok      PATH 6.593s

If you want to see any log messages, enter:

go test -v

You should see some additional log messages. The last two lines should be similar to the previous output shown.

Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: Apache-2.0