Amazon KMS examples using Amazon SDK for .NET
The following code examples show you how to perform actions and implement common scenarios by using the Amazon SDK for .NET with Amazon KMS.
Actions are code excerpts from larger programs and must be run in context. While actions show you how to call individual service functions, you can see actions in context in their related scenarios and cross-service examples.
Scenarios are code examples that show you how to accomplish a specific task by calling multiple functions within the same service.
Each example includes a link to GitHub, where you can find instructions on how to set up and run the code in context.
Topics
Actions
The following code example shows how to use CreateAlias.
- Amazon SDK for .NET
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository
. using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; /// <summary> /// Creates an alias for an AWS Key Management Service (AWS KMS) key. /// </summary> public class CreateAlias { public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); // The alias name must start with alias/ and can be // up to 256 alphanumeric characters long. var aliasName = "alias/ExampleAlias"; // The value supplied as the TargetKeyId can be either // the key ID or key Amazon Resource Name (ARN) of the // AWS KMS key. var keyId = "1234abcd-12ab-34cd-56ef-1234567890ab"; var request = new CreateAliasRequest { AliasName = aliasName, TargetKeyId = keyId, }; var response = await client.CreateAliasAsync(request); if (response.HttpStatusCode == System.Net.HttpStatusCode.OK) { Console.WriteLine($"Alias, {aliasName}, successfully created."); } else { Console.WriteLine($"Could not create alias."); } } }-
For API details, see CreateAlias in Amazon SDK for .NET API Reference.
-
The following code example shows how to use CreateGrant.
- Amazon SDK for .NET
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository
. public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); // The identity that is given permission to perform the operations // specified in the grant. var grantee = "arn:aws:iam::111122223333:role/ExampleRole"; // The identifier of the AWS KMS key to which the grant applies. You // can use the key ID or the Amazon Resource Name (ARN) of the KMS key. var keyId = "7c9eccc2-38cb-4c4f-9db3-766ee8dd3ad4"; var request = new CreateGrantRequest { GranteePrincipal = grantee, KeyId = keyId, // A list of operations that the grant allows. Operations = new List<string> { "Encrypt", "Decrypt", }, }; var response = await client.CreateGrantAsync(request); string grantId = response.GrantId; // The unique identifier of the grant. string grantToken = response.GrantToken; // The grant token. Console.WriteLine($"Id: {grantId}, Token: {grantToken}"); } }-
For API details, see CreateGrant in Amazon SDK for .NET API Reference.
-
The following code example shows how to use CreateKey.
- Amazon SDK for .NET
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository
. using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; /// <summary> /// Shows how to create a new AWS Key Management Service (AWS KMS) /// key. /// </summary> public class CreateKey { public static async Task Main() { // Note that if you need to create a Key in an AWS Region // other than the Region defined for the default user, you need to // pass the Region to the client constructor. var client = new AmazonKeyManagementServiceClient(); // The call to CreateKeyAsync will create a symmetrical AWS KMS // key. For more information about symmetrical and asymmetrical // keys, see: // // https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html var response = await client.CreateKeyAsync(new CreateKeyRequest()); // The KeyMetadata object contains information about the new AWS KMS key. KeyMetadata keyMetadata = response.KeyMetadata; if (keyMetadata is not null) { Console.WriteLine($"KMS Key: {keyMetadata.KeyId} was successfully created."); } else { Console.WriteLine("Could not create KMS Key."); } } }-
For API details, see CreateKey in Amazon SDK for .NET API Reference.
-
The following code example shows how to use DescribeKey.
- Amazon SDK for .NET
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository
. using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; /// <summary> /// Retrieve information about an AWS Key Management Service (AWS KMS) key. /// You can supply either the key Id or the key Amazon Resource Name (ARN) /// to the DescribeKeyRequest KeyId property. /// </summary> public class DescribeKey { public static async Task Main() { var keyId = "7c9eccc2-38cb-4c4f-9db3-766ee8dd3ad4"; var request = new DescribeKeyRequest { KeyId = keyId, }; var client = new AmazonKeyManagementServiceClient(); var response = await client.DescribeKeyAsync(request); var metadata = response.KeyMetadata; Console.WriteLine($"{metadata.KeyId} created on: {metadata.CreationDate}"); Console.WriteLine($"State: {metadata.KeyState}"); Console.WriteLine($"{metadata.Description}"); } }-
For API details, see DescribeKey in Amazon SDK for .NET API Reference.
-
The following code example shows how to use DisableKey.
- Amazon SDK for .NET
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository
. using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; /// <summary> /// Disable an AWS Key Management Service (AWS KMS) key and then retrieve /// the key's status to show that it has been disabled. /// </summary> public class DisableKey { public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); // The identifier of the AWS KMS key to disable. You can use the // key Id or the Amazon Resource Name (ARN) of the AWS KMS key. var keyId = "1234abcd-12ab-34cd-56ef-1234567890ab"; var request = new DisableKeyRequest { KeyId = keyId, }; var response = await client.DisableKeyAsync(request); if (response.HttpStatusCode == System.Net.HttpStatusCode.OK) { // Retrieve information about the key to show that it has now // been disabled. var describeResponse = await client.DescribeKeyAsync(new DescribeKeyRequest { KeyId = keyId, }); Console.WriteLine($"{describeResponse.KeyMetadata.KeyId} - state: {describeResponse.KeyMetadata.KeyState}"); } } }-
For API details, see DisableKey in Amazon SDK for .NET API Reference.
-
The following code example shows how to use EnableKey.
- Amazon SDK for .NET
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository
. using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; /// <summary> /// Enable an AWS Key Management Service (AWS KMS) key. /// </summary> public class EnableKey { public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); // The identifier of the AWS KMS key to enable. You can use the // key Id or the Amazon Resource Name (ARN) of the AWS KMS key. var keyId = "1234abcd-12ab-34cd-56ef-1234567890ab"; var request = new EnableKeyRequest { KeyId = keyId, }; var response = await client.EnableKeyAsync(request); if (response.HttpStatusCode == System.Net.HttpStatusCode.OK) { // Retrieve information about the key to show that it has now // been enabled. var describeResponse = await client.DescribeKeyAsync(new DescribeKeyRequest { KeyId = keyId, }); Console.WriteLine($"{describeResponse.KeyMetadata.KeyId} - state: {describeResponse.KeyMetadata.KeyState}"); } } }-
For API details, see EnableKey in Amazon SDK for .NET API Reference.
-
The following code example shows how to use ListAliases.
- Amazon SDK for .NET
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository
. using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; /// <summary> /// List the AWS Key Management Service (AWS KMS) aliases that have been defined for /// the keys in the same AWS Region as the default user. If you want to list /// the aliases in a different Region, pass the Region to the client /// constructor. /// </summary> public class ListAliases { public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); var request = new ListAliasesRequest(); var response = new ListAliasesResponse(); do { response = await client.ListAliasesAsync(request); response.Aliases.ForEach(alias => { Console.WriteLine($"Created: {alias.CreationDate} Last Update: {alias.LastUpdatedDate} Name: {alias.AliasName}"); }); request.Marker = response.NextMarker; } while (response.Truncated); } }-
For API details, see ListAliases in Amazon SDK for .NET API Reference.
-
The following code example shows how to use ListGrants.
- Amazon SDK for .NET
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository
. using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; /// <summary> /// List the AWS Key Management Service (AWS KMS) grants that are associated with /// a specific key. /// </summary> public class ListGrants { public static async Task Main() { // The identifier of the AWS KMS key to disable. You can use the // key Id or the Amazon Resource Name (ARN) of the AWS KMS key. var keyId = "1234abcd-12ab-34cd-56ef-1234567890ab"; var client = new AmazonKeyManagementServiceClient(); var request = new ListGrantsRequest { KeyId = keyId, }; var response = new ListGrantsResponse(); do { response = await client.ListGrantsAsync(request); response.Grants.ForEach(grant => { Console.WriteLine($"{grant.GrantId}"); }); request.Marker = response.NextMarker; } while (response.Truncated); } }-
For API details, see ListGrants in Amazon SDK for .NET API Reference.
-
The following code example shows how to use ListKeys.
- Amazon SDK for .NET
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository
. using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; /// <summary> /// List the AWS Key Managements Service (AWS KMS) keys for the AWS Region /// of the default user. To list keys in another AWS Region, supply the Region /// as a parameter to the client constructor. /// </summary> public class ListKeys { public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); var request = new ListKeysRequest(); var response = new ListKeysResponse(); do { response = await client.ListKeysAsync(request); response.Keys.ForEach(key => { Console.WriteLine($"ID: {key.KeyId}, {key.KeyArn}"); }); // Set the Marker property when response.Truncated is true // in order to get the next keys. request.Marker = response.NextMarker; } while (response.Truncated); } }-
For API details, see ListKeys in Amazon SDK for .NET API Reference.
-