Amazon KMS使用示例Amazon SDK for .NET - Amazon SDK for .NET
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 Amazon Web Services 服务入门

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

Amazon KMS使用示例Amazon SDK for .NET

以下代码示例显示如何通过Amazon SDK for .NET和Amazon KMS.

操作代码节选Amazon KMS函数。

方案展示如何通过调用多个来完成特定任务的代码示例,这些示例介绍如何通过调用多个Amazon KMS函数。

每个示例都包含一个指向 GitHub,其中包含了有关如何在上下文中设置和运行代码的说明。

主题

操作

以下代码示例显示如何为 KMS 密钥创建授权。

Amazon SDK for .NET
提示

要了解如何设置和运行此示例,请参阅GitHub.

此示例授予用户使用密钥进行加密和解密的权限。

public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); // The identity that is given permission to perform the operations // specified in the grant. var grantee = "arn:aws:iam::111122223333:role/ExampleRole"; // The identifier of the AWS KMS key to which the grant applies. You // can use the key ID or the Amazon Resource Name (ARN) of the KMS key. var keyId = "7c9eccc2-38cb-4c4f-9db3-766ee8dd3ad4"; var request = new CreateGrantRequest { GranteePrincipal = grantee, KeyId = keyId, // A list of operations that the grant allows. Operations = new List<string> { "Encrypt", "Decrypt", }, }; var response = await client.CreateGrantAsync(request); string grantId = response.GrantId; // The unique identifier of the grant. string grantToken = response.GrantToken; // The grant token. Console.WriteLine($"Id: {grantId}, Token: {grantToken}"); } }
  • 有关详细信息,请参阅。CreateGrantAmazon SDK for .NETAPI 参考.

以下代码示例显示了如何创建Amazon KMS key.

Amazon SDK for .NET
提示

要了解如何设置和运行此示例,请参阅GitHub.

using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; public class CreateKey { public static async Task Main() { // Note that if you need to create a Key in an AWS Region // other than the region defined for the default user, you need to // pass the region to the client constructor. var client = new AmazonKeyManagementServiceClient(); // The call to CreateKeyAsync will create a symmetrical AWS KMS // key. For more information about symmetrical and asymmetrical // keys, see: // // https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html var response = await client.CreateKeyAsync(new CreateKeyRequest()); // The KeyMetadata object contains information about the new AWS KMS key. KeyMetadata keyMetadata = response.KeyMetadata; if (keyMetadata is not null) { Console.WriteLine($"KMS Key: {keyMetadata.KeyId} was successfully created."); } else { Console.WriteLine("Could not create KMS Key."); } } }
  • 有关详细信息,请参阅。CreateKeyAmazon SDK for .NETAPI 参考.

以下代码示例显示如何为 KMS 密钥创建别名。

Amazon SDK for .NET
提示

要了解如何设置和运行此示例,请参阅GitHub.

using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; public class CreateAlias { public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); // The alias name must start with alias/ and can be // up to 256 alphanumeric characters long. var aliasName = "alias/ExampleAlias"; // The value supplied as the TargetKeyId can be either // the key ID or key Amazon Resource Name (ARN) of the // AWS KMS key. var keyId = "1234abcd-12ab-34cd-56ef-1234567890ab"; var request = new CreateAliasRequest { AliasName = aliasName, TargetKeyId = keyId, }; var response = await client.CreateAliasAsync(request); if (response.HttpStatusCode == System.Net.HttpStatusCode.OK) { Console.WriteLine($"Alias, {aliasName}, successfully created."); } else { Console.WriteLine($"Could not create alias."); } } }
  • 有关详细信息,请参阅。CreateAliasAmazon SDK for .NETAPI 参考.

以下代码示例显示如何描述 KMS 密钥。

Amazon SDK for .NET
提示

要了解如何设置和运行此示例,请参阅GitHub.

using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; public class DescribeKey { public static async Task Main() { var keyId = "7c9eccc2-38cb-4c4f-9db3-766ee8dd3ad4"; var request = new DescribeKeyRequest { KeyId = keyId, }; var client = new AmazonKeyManagementServiceClient(); var response = await client.DescribeKeyAsync(request); var metadata = response.KeyMetadata; Console.WriteLine($"{metadata.KeyId} created on: {metadata.CreationDate}"); Console.WriteLine($"State: {metadata.KeyState}"); Console.WriteLine($"{metadata.Description}"); } }
  • 有关详细信息,请参阅。DescribeKeyAmazon SDK for .NETAPI 参考.

以下代码示例显示如何禁用 KMS 密钥。

Amazon SDK for .NET
提示

要了解如何设置和运行此示例,请参阅GitHub.

using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; public class DisableKey { public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); // The identifier of the AWS KMS key to disable. You can use the // key Id or the Amazon Resource Name (ARN) of the AWS KMS key. var keyId = "1234abcd-12ab-34cd-56ef-1234567890ab"; var request = new DisableKeyRequest { KeyId = keyId, }; var response = await client.DisableKeyAsync(request); if (response.HttpStatusCode == System.Net.HttpStatusCode.OK) { // Retrieve information about the key to show that it has now // been disabled. var describeResponse = await client.DescribeKeyAsync(new DescribeKeyRequest { KeyId = keyId, }); Console.WriteLine($"{describeResponse.KeyMetadata.KeyId} - state: {describeResponse.KeyMetadata.KeyState}"); } } }
  • 有关详细信息,请参阅。DisableKeyAmazon SDK for .NETAPI 参考.

以下代码示例显示如何启用 KMS 密钥。

Amazon SDK for .NET
提示

要了解如何设置和运行此示例,请参阅GitHub.

using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; public class EnableKey { public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); // The identifier of the AWS KMS key to enable. You can use the // key Id or the Amazon Resource Name (ARN) of the AWS KMS key. var keyId = "1234abcd-12ab-34cd-56ef-1234567890ab"; var request = new EnableKeyRequest { KeyId = keyId, }; var response = await client.EnableKeyAsync(request); if (response.HttpStatusCode == System.Net.HttpStatusCode.OK) { // Retrieve information about the key to show that it has now // been enabled. var describeResponse = await client.DescribeKeyAsync(new DescribeKeyRequest { KeyId = keyId, }); Console.WriteLine($"{describeResponse.KeyMetadata.KeyId} - state: {describeResponse.KeyMetadata.KeyState}"); } } }
  • 有关详细信息,请参阅。EnableKeyAmazon SDK for .NETAPI 参考.

以下代码示例显示如何列出 KMS 密钥的别。

Amazon SDK for .NET
提示

要了解如何设置和运行此示例,请参阅GitHub.

using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; public class ListAliases { public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); var request = new ListAliasesRequest(); var response = new ListAliasesResponse(); do { response = await client.ListAliasesAsync(request); response.Aliases.ForEach(alias => { Console.WriteLine($"Created: {alias.CreationDate} Last Update: {alias.LastUpdatedDate} Name: {alias.AliasName}"); }); request.Marker = response.NextMarker; } while (response.Truncated); } }
  • 有关详细信息,请参阅。ListAliasesAmazon SDK for .NETAPI 参考.

以下代码示例显示如何列出 KMS 密钥的授权。

Amazon SDK for .NET
提示

要了解如何设置和运行此示例,请参阅GitHub.

using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; public class ListGrants { public static async Task Main() { // The identifier of the AWS KMS key to disable. You can use the // key Id or the Amazon Resource Name (ARN) of the AWS KMS key. var keyId = "1234abcd-12ab-34cd-56ef-1234567890ab"; var client = new AmazonKeyManagementServiceClient(); var request = new ListGrantsRequest { KeyId = keyId, }; var response = new ListGrantsResponse(); do { response = await client.ListGrantsAsync(request); response.Grants.ForEach(grant => { Console.WriteLine($"{grant.GrantId}"); }); request.Marker = response.NextMarker; } while (response.Truncated); } }
  • 有关详细信息,请参阅。ListGrantsAmazon SDK for .NETAPI 参考.

以下代码示例显示如何列出 KMS 密钥。

Amazon SDK for .NET
提示

要了解如何设置和运行此示例,请参阅GitHub.

using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; public class ListKeys { public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); var request = new ListKeysRequest(); var response = new ListKeysResponse(); do { response = await client.ListKeysAsync(request); response.Keys.ForEach(key => { Console.WriteLine($"ID: {key.KeyId}, {key.KeyArn}"); }); // Set the Marker property when response.Truncated is true // in order to get the next keys. request.Marker = response.NextMarker; } while (response.Truncated); } }
  • 有关详细信息,请参阅。ListKeysAmazon SDK for .NETAPI 参考.