Skip to content

Latest commit

 

History

History
 
 

kms

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
CreateKey
CreateKey
 
 
DecryptData
DecryptData
 
 
EncryptData
EncryptData
 
 
ReEncryptData
ReEncryptData
 
 
README.md
README.md
 
 
metadata.yaml
metadata.yaml
 
 

README.md

AWS SDK for Go code examples for AWS KMS

Purpose

These examples demonstrate how to perform several AWS Key Management Service (AWS KMS) operations.

Prerequisites

You must have an AWS account, and have your default credentials and AWS Region configured as described in Configuring the AWS SDK for Go in the AWS SDK for Go Developer Guide.

Running the code

CreateKey/CreateKey.go

This example creates an AWS KMS key.

go run CreateKey.go -k KEY-NAME -v KEY-VALUE

  • KEY-NAME is the name of the key.
  • KEY-VALUE is the value of the key.

The unit test mocks the service client and the CreateKey function.

DecryptData/DecryptData.go

This example decrypts some text that was encrypted with an AWS KMS key.

go run DecryptData.go -d DATA

  • DATA is the encrypted data, as a string.

The unit test mocks the service client and the Decrypt function.

EncryptData/EncryptData.go

This example encrypts some text using an AWS KMS key.

go run EncryptData.go -k KEY-ID -t "text"

  • KEY-ID is the ID of a KMS key.
  • text is the text to encrypt.

The unit test mocks the service client and the Encrypt function.

ReEncryptData/ReEncryptData.go

This example reencrypts some text using a new AWS KMS key.

go run ReEncryptData.go -k KEY-ID -d DATA

  • KEY-ID is the ID of a KMS key.
  • DATA is the data to reencrypt, as a string.

The unit test mocks the service client and the ReEncrypt function.

Notes

  • We recommend that you grant this code least privilege, or at most the minimum permissions required to perform the task. For more information, see Grant Least Privilege in the AWS Identity and Access Management User Guide.
  • This code has not been tested in all AWS Regions. Some AWS services are available only in specific Regions.
  • Running this code might result in charges to your AWS account.

Running the unit tests

Unit tests should delete any resources they create. However, they might result in charges to your AWS account.

To run a unit test, enter the following.

go test

You should see something like the following, where PATH is the path to the folder containing the Go files.

PASS
ok      PATH 6.593s

To see any log messages, enter the following.

go test -test.v

You should see additional log messages. The last two lines should be similar to the previous output shown.

Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: Apache-2.0