使用自定义KMS密钥

时间:2017-04-04 15:11:56

标签: java amazon-web-services amazon-ec2

我正在尝试使用java从参数存储中读取AWS参数,我已使用自定义加密密钥创建了参数。我没有在互联网上看到使用自定义KMS密钥的示例代码,下面是我目前正在使用的代码(这里我们使用默认的KMS密钥)。 

AWSSimpleSystemsManagement client= AWSSimpleSystemsManagementClientBuilder.defaultClient();
    GetParametersRequest request= new GetParametersRequest();
    request.withNames("test.username","test.password")
           .setWithDecryption(true);

这将使用默认KMS密钥给出结果 如果我们有自定义KMS密钥

,有没有人知道如何处理这个问题

3 个答案:

答案 0 :(得分:13)

以防万一,如果有人在寻找这个(使用默认加密密钥)

protected Parameter getParameterFromSSMByName(String parameterKey)
  {
    AWSCredentialsProvider credentials = InstanceProfileCredentialsProvider.getInstance();
    AWSSimpleSystemsManagement simpleSystemsManagementClient = (AWSSimpleSystemsManagement)((AWSSimpleSystemsManagementClientBuilder)((AWSSimpleSystemsManagementClientBuilder)AWSSimpleSystemsManagementClientBuilder.standard().withCredentials(credentials)).withRegion("us-east-1")).build();
    GetParameterRequest parameterRequest = new GetParameterRequest();
    parameterRequest.withName(parameterKey).setWithDecryption(Boolean.valueOf(true));
    GetParameterResult parameterResult = simpleSystemsManagementClient.getParameter(parameterRequest);
    return parameterResult.getParameter();
  }

答案 1 :(得分:4)

对于Line 29: request for member 'val' in something not a structure or union API,使用默认KMS密钥或自定义KMS密钥之间没有区别。它总是像你的代码一样工作。只需确保凭据的权限包括自定义密钥。

GetParameters API的差异,当使用默认KMS密钥时,您无需指定它,在使用自定义KMS密钥时,您将其KeyId设置为自定义密钥。 KeyId可以是以下示例之一:

  • 关键ARN示例arn:aws:kms:us-east-1:123456789012:key / 12345678-1234-1234-1234-123456789012
  • Alias ARN示例 - arn:aws:kms:us-east-1:123456789012:alias / MyAliasName
  • 全球唯一密钥ID示例 - 12345678-1234-1234-1234-123456789012
  • 别名名称示例 - 别名/ MyAliasName

答案 2 :(得分:4)

这是@Extreme的答案,作为带有导入和一些清理的类:

import com.amazonaws.auth.AWSCredentialsProvider;                                                                   
import com.amazonaws.auth.InstanceProfileCredentialsProvider;
import com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagement;
import com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagementClientBuilder;

import com.amazonaws.services.simplesystemsmanagement.model.GetParameterRequest;
import com.amazonaws.services.simplesystemsmanagement.model.GetParameterResult;

public class AWSSsmHelper
{
    private AWSCredentialsProvider credentials = InstanceProfileCredentialsProvider.getInstance();
    private AWSSimpleSystemsManagement simpleSystemsManagementClient =
        AWSSimpleSystemsManagementClientBuilder.standard().withCredentials(credentials)).withRegion("us-east-1")).build();                    

    public String getParameterFromSSMByName(String parameterKey) {
        GetParameterRequest parameterRequest = new GetParameterRequest();
        parameterRequest.withName(parameterKey).setWithDecryption(Boolean.valueOf(true));
        GetParameterResult parameterResult = simpleSystemsManagementClient.getParameter(parameterRequest);
        return parameterResult.getParameter().getValue();
    }
}
相关问题
最新问题