AWS KMS examples using SDK for Kotlin - AWS SDK Code Examples

There are more AWS SDK examples available in the AWS Doc SDK Examples GitHub repo.

AWS KMS examples using SDK for Kotlin

The following code examples show you how to perform actions and implement common scenarios by using the AWS SDK for Kotlin with AWS KMS.

Actions are code excerpts from larger programs and must be run in context. While actions show you how to call individual service functions, you can see actions in context in their related scenarios.

Each example includes a link to the complete source code, where you can find instructions on how to set up and run the code in context.

Topics

Actions

The following code example shows how to use CreateAlias.

SDK for Kotlin
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

suspend fun createCustomAlias( targetKeyIdVal: String?, aliasNameVal: String?, ) { val request = CreateAliasRequest { aliasName = aliasNameVal targetKeyId = targetKeyIdVal } KmsClient { region = "us-west-2" }.use { kmsClient -> kmsClient.createAlias(request) println("$aliasNameVal was successfully created") } }
  • For API details, see CreateAlias in AWS SDK for Kotlin API reference.

The following code example shows how to use CreateGrant.

SDK for Kotlin
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

suspend fun createNewGrant( keyIdVal: String?, granteePrincipalVal: String?, operation: String, ): String? { val operationOb = GrantOperation.fromValue(operation) val grantOperationList = ArrayList<GrantOperation>() grantOperationList.add(operationOb) val request = CreateGrantRequest { keyId = keyIdVal granteePrincipal = granteePrincipalVal operations = grantOperationList } KmsClient { region = "us-west-2" }.use { kmsClient -> val response = kmsClient.createGrant(request) return response.grantId } }
  • For API details, see CreateGrant in AWS SDK for Kotlin API reference.

The following code example shows how to use CreateKey.

SDK for Kotlin
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

suspend fun createKey(keyDesc: String?): String? { val request = CreateKeyRequest { description = keyDesc customerMasterKeySpec = CustomerMasterKeySpec.SymmetricDefault keyUsage = KeyUsageType.fromValue("ENCRYPT_DECRYPT") } KmsClient { region = "us-west-2" }.use { kmsClient -> val result = kmsClient.createKey(request) println("Created a customer key with id " + result.keyMetadata?.arn) return result.keyMetadata?.keyId } }
  • For API details, see CreateKey in AWS SDK for Kotlin API reference.

The following code example shows how to use Decrypt.

SDK for Kotlin
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

suspend fun encryptData(keyIdValue: String): ByteArray? { val text = "This is the text to encrypt by using the AWS KMS Service" val myBytes: ByteArray = text.toByteArray() val encryptRequest = EncryptRequest { keyId = keyIdValue plaintext = myBytes } KmsClient { region = "us-west-2" }.use { kmsClient -> val response = kmsClient.encrypt(encryptRequest) val algorithm: String = response.encryptionAlgorithm.toString() println("The encryption algorithm is $algorithm") // Return the encrypted data. return response.ciphertextBlob } } suspend fun decryptData( encryptedDataVal: ByteArray?, keyIdVal: String?, path: String, ) { val decryptRequest = DecryptRequest { ciphertextBlob = encryptedDataVal keyId = keyIdVal } KmsClient { region = "us-west-2" }.use { kmsClient -> val decryptResponse = kmsClient.decrypt(decryptRequest) val myVal = decryptResponse.plaintext // Write the decrypted data to a file. if (myVal != null) { File(path).writeBytes(myVal) } } }
  • For API details, see Decrypt in AWS SDK for Kotlin API reference.

The following code example shows how to use DescribeKey.

SDK for Kotlin
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

suspend fun describeSpecifcKey(keyIdVal: String?) { val request = DescribeKeyRequest { keyId = keyIdVal } KmsClient { region = "us-west-2" }.use { kmsClient -> val response = kmsClient.describeKey(request) println("The key description is ${response.keyMetadata?.description}") println("The key ARN is ${response.keyMetadata?.arn}") } }
  • For API details, see DescribeKey in AWS SDK for Kotlin API reference.

The following code example shows how to use DisableKey.

SDK for Kotlin
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

suspend fun disableKey(keyIdVal: String?) { val request = DisableKeyRequest { keyId = keyIdVal } KmsClient { region = "us-west-2" }.use { kmsClient -> kmsClient.disableKey(request) println("$keyIdVal was successfully disabled") } }
  • For API details, see DisableKey in AWS SDK for Kotlin API reference.

The following code example shows how to use EnableKey.

SDK for Kotlin
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

suspend fun enableKey(keyIdVal: String?) { val request = EnableKeyRequest { keyId = keyIdVal } KmsClient { region = "us-west-2" }.use { kmsClient -> kmsClient.enableKey(request) println("$keyIdVal was successfully enabled.") } }
  • For API details, see EnableKey in AWS SDK for Kotlin API reference.

The following code example shows how to use Encrypt.

SDK for Kotlin
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

suspend fun encryptData(keyIdValue: String): ByteArray? { val text = "This is the text to encrypt by using the AWS KMS Service" val myBytes: ByteArray = text.toByteArray() val encryptRequest = EncryptRequest { keyId = keyIdValue plaintext = myBytes } KmsClient { region = "us-west-2" }.use { kmsClient -> val response = kmsClient.encrypt(encryptRequest) val algorithm: String = response.encryptionAlgorithm.toString() println("The encryption algorithm is $algorithm") // Return the encrypted data. return response.ciphertextBlob } } suspend fun decryptData( encryptedDataVal: ByteArray?, keyIdVal: String?, path: String, ) { val decryptRequest = DecryptRequest { ciphertextBlob = encryptedDataVal keyId = keyIdVal } KmsClient { region = "us-west-2" }.use { kmsClient -> val decryptResponse = kmsClient.decrypt(decryptRequest) val myVal = decryptResponse.plaintext // Write the decrypted data to a file. if (myVal != null) { File(path).writeBytes(myVal) } } }
  • For API details, see Encrypt in AWS SDK for Kotlin API reference.

The following code example shows how to use ListAliases.

SDK for Kotlin
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

suspend fun listAllAliases() { val request = ListAliasesRequest { limit = 15 } KmsClient { region = "us-west-2" }.use { kmsClient -> val response = kmsClient.listAliases(request) response.aliases?.forEach { alias -> println("The alias name is ${alias.aliasName}") } } }
  • For API details, see ListAliases in AWS SDK for Kotlin API reference.

The following code example shows how to use ListGrants.

SDK for Kotlin
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

suspend fun displayGrantIds(keyIdVal: String?) { val request = ListGrantsRequest { keyId = keyIdVal limit = 15 } KmsClient { region = "us-west-2" }.use { kmsClient -> val response = kmsClient.listGrants(request) response.grants?.forEach { grant -> println("The grant Id is ${grant.grantId}") } } }
  • For API details, see ListGrants in AWS SDK for Kotlin API reference.

The following code example shows how to use ListKeys.

SDK for Kotlin
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

suspend fun listAllKeys() { val request = ListKeysRequest { limit = 15 } KmsClient { region = "us-west-2" }.use { kmsClient -> val response = kmsClient.listKeys(request) response.keys?.forEach { key -> println("The key ARN is ${key.keyArn}") println("The key Id is ${key.keyId}") } } }
  • For API details, see ListKeys in AWS SDK for Kotlin API reference.