Amazon KMS examples using Amazon SDK for .NET - Amazon SDK for .NET
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Amazon KMS examples using Amazon SDK for .NET

The following code examples show you how to perform actions and implement common scenarios by using the Amazon SDK for .NET with Amazon KMS.

Actions are code excerpts that show you how to call individual service functions.

Scenarios are code examples that show you how to accomplish a specific task by calling multiple functions within the same service.

Each example includes a link to GitHub, where you can find instructions on how to set up and run the code in context.

Topics

Actions

The following code example shows how to create a grant for a KMS key.

Amazon SDK for .NET
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

This examples grants a user permission to use a key for encryption and decryption.

public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); // The identity that is given permission to perform the operations // specified in the grant. var grantee = "arn:aws:iam::111122223333:role/ExampleRole"; // The identifier of the AWS KMS key to which the grant applies. You // can use the key ID or the Amazon Resource Name (ARN) of the KMS key. var keyId = "7c9eccc2-38cb-4c4f-9db3-766ee8dd3ad4"; var request = new CreateGrantRequest { GranteePrincipal = grantee, KeyId = keyId, // A list of operations that the grant allows. Operations = new List<string> { "Encrypt", "Decrypt", }, }; var response = await client.CreateGrantAsync(request); string grantId = response.GrantId; // The unique identifier of the grant. string grantToken = response.GrantToken; // The grant token. Console.WriteLine($"Id: {grantId}, Token: {grantToken}"); } }
  • For API details, see CreateGrant in Amazon SDK for .NET API Reference.

The following code example shows how to create an Amazon KMS key.

Amazon SDK for .NET
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; public class CreateKey { public static async Task Main() { // Note that if you need to create a Key in an AWS Region // other than the Region defined for the default user, you need to // pass the Region to the client constructor. var client = new AmazonKeyManagementServiceClient(); // The call to CreateKeyAsync will create a symmetrical AWS KMS // key. For more information about symmetrical and asymmetrical // keys, see: // // https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html var response = await client.CreateKeyAsync(new CreateKeyRequest()); // The KeyMetadata object contains information about the new AWS KMS key. KeyMetadata keyMetadata = response.KeyMetadata; if (keyMetadata is not null) { Console.WriteLine($"KMS Key: {keyMetadata.KeyId} was successfully created."); } else { Console.WriteLine("Could not create KMS Key."); } } }
  • For API details, see CreateKey in Amazon SDK for .NET API Reference.

The following code example shows how to create an alias for a KMS key key.

Amazon SDK for .NET
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; public class CreateAlias { public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); // The alias name must start with alias/ and can be // up to 256 alphanumeric characters long. var aliasName = "alias/ExampleAlias"; // The value supplied as the TargetKeyId can be either // the key ID or key Amazon Resource Name (ARN) of the // AWS KMS key. var keyId = "1234abcd-12ab-34cd-56ef-1234567890ab"; var request = new CreateAliasRequest { AliasName = aliasName, TargetKeyId = keyId, }; var response = await client.CreateAliasAsync(request); if (response.HttpStatusCode == System.Net.HttpStatusCode.OK) { Console.WriteLine($"Alias, {aliasName}, successfully created."); } else { Console.WriteLine($"Could not create alias."); } } }
  • For API details, see CreateAlias in Amazon SDK for .NET API Reference.

The following code example shows how to describe a KMS key.

Amazon SDK for .NET
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; public class DescribeKey { public static async Task Main() { var keyId = "7c9eccc2-38cb-4c4f-9db3-766ee8dd3ad4"; var request = new DescribeKeyRequest { KeyId = keyId, }; var client = new AmazonKeyManagementServiceClient(); var response = await client.DescribeKeyAsync(request); var metadata = response.KeyMetadata; Console.WriteLine($"{metadata.KeyId} created on: {metadata.CreationDate}"); Console.WriteLine($"State: {metadata.KeyState}"); Console.WriteLine($"{metadata.Description}"); } }
  • For API details, see DescribeKey in Amazon SDK for .NET API Reference.

The following code example shows how to disable a KMS key.

Amazon SDK for .NET
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; public class DisableKey { public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); // The identifier of the AWS KMS key to disable. You can use the // key Id or the Amazon Resource Name (ARN) of the AWS KMS key. var keyId = "1234abcd-12ab-34cd-56ef-1234567890ab"; var request = new DisableKeyRequest { KeyId = keyId, }; var response = await client.DisableKeyAsync(request); if (response.HttpStatusCode == System.Net.HttpStatusCode.OK) { // Retrieve information about the key to show that it has now // been disabled. var describeResponse = await client.DescribeKeyAsync(new DescribeKeyRequest { KeyId = keyId, }); Console.WriteLine($"{describeResponse.KeyMetadata.KeyId} - state: {describeResponse.KeyMetadata.KeyState}"); } } }
  • For API details, see DisableKey in Amazon SDK for .NET API Reference.

The following code example shows how to enable a KMS key.

Amazon SDK for .NET
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; public class EnableKey { public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); // The identifier of the AWS KMS key to enable. You can use the // key Id or the Amazon Resource Name (ARN) of the AWS KMS key. var keyId = "1234abcd-12ab-34cd-56ef-1234567890ab"; var request = new EnableKeyRequest { KeyId = keyId, }; var response = await client.EnableKeyAsync(request); if (response.HttpStatusCode == System.Net.HttpStatusCode.OK) { // Retrieve information about the key to show that it has now // been enabled. var describeResponse = await client.DescribeKeyAsync(new DescribeKeyRequest { KeyId = keyId, }); Console.WriteLine($"{describeResponse.KeyMetadata.KeyId} - state: {describeResponse.KeyMetadata.KeyState}"); } } }
  • For API details, see EnableKey in Amazon SDK for .NET API Reference.

The following code example shows how to list aliases for a KMS key.

Amazon SDK for .NET
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; public class ListAliases { public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); var request = new ListAliasesRequest(); var response = new ListAliasesResponse(); do { response = await client.ListAliasesAsync(request); response.Aliases.ForEach(alias => { Console.WriteLine($"Created: {alias.CreationDate} Last Update: {alias.LastUpdatedDate} Name: {alias.AliasName}"); }); request.Marker = response.NextMarker; } while (response.Truncated); } }
  • For API details, see ListAliases in Amazon SDK for .NET API Reference.

The following code example shows how to list grants for a KMS key.

Amazon SDK for .NET
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; public class ListGrants { public static async Task Main() { // The identifier of the AWS KMS key to disable. You can use the // key Id or the Amazon Resource Name (ARN) of the AWS KMS key. var keyId = "1234abcd-12ab-34cd-56ef-1234567890ab"; var client = new AmazonKeyManagementServiceClient(); var request = new ListGrantsRequest { KeyId = keyId, }; var response = new ListGrantsResponse(); do { response = await client.ListGrantsAsync(request); response.Grants.ForEach(grant => { Console.WriteLine($"{grant.GrantId}"); }); request.Marker = response.NextMarker; } while (response.Truncated); } }
  • For API details, see ListGrants in Amazon SDK for .NET API Reference.

The following code example shows how to list KMS keys.

Amazon SDK for .NET
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; public class ListKeys { public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); var request = new ListKeysRequest(); var response = new ListKeysResponse(); do { response = await client.ListKeysAsync(request); response.Keys.ForEach(key => { Console.WriteLine($"ID: {key.KeyId}, {key.KeyArn}"); }); // Set the Marker property when response.Truncated is true // in order to get the next keys. request.Marker = response.NextMarker; } while (response.Truncated); } }
  • For API details, see ListKeys in Amazon SDK for .NET API Reference.