Ada lebih banyak AWS SDK contoh yang tersedia di GitHub repo SDKContoh AWS Dokumen
Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
AWS KMS contoh menggunakan SDK untuk Java 2.x
Contoh kode berikut menunjukkan cara melakukan tindakan dan mengimplementasikan skenario umum dengan menggunakan AWS SDK for Java 2.x with AWS KMS.
Dasar-dasar adalah contoh kode yang menunjukkan kepada Anda bagaimana melakukan operasi penting dalam suatu layanan.
Tindakan adalah kutipan kode dari program yang lebih besar dan harus dijalankan dalam konteks. Sementara tindakan menunjukkan cara memanggil fungsi layanan individual, Anda dapat melihat tindakan dalam konteks dalam skenario terkait.
Setiap contoh menyertakan tautan ke kode sumber lengkap, di mana Anda dapat menemukan instruksi tentang cara mengatur dan menjalankan kode dalam konteks.
Memulai
Contoh kode berikut menunjukkan cara untuk mulai menggunakan AWS Key Management Service.
- SDKuntuk Java 2.x
-
catatan
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS
. import software.amazon.awssdk.services.kms.KmsAsyncClient; import software.amazon.awssdk.services.kms.model.ListKeysRequest; import software.amazon.awssdk.services.kms.paginators.ListKeysPublisher; import java.util.concurrent.CompletableFuture; /** * Before running this Java V2 code example, set up your development * environment, including your credentials. * * For more information, see the following documentation topic: * * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html */ public class HelloKMS { public static void main(String[] args) { listAllKeys(); } public static void listAllKeys() { KmsAsyncClient kmsAsyncClient = KmsAsyncClient.builder() .build(); ListKeysRequest listKeysRequest = ListKeysRequest.builder() .limit(15) .build(); /* * The `subscribe` method is required when using paginator methods in the AWS SDK * because paginator methods return an instance of a `ListKeysPublisher`, which is * based on a reactive stream. This allows asynchronous retrieval of paginated * results as they become available. By subscribing to the stream, we can process * each page of results as they are emitted. */ ListKeysPublisher keysPublisher = kmsAsyncClient.listKeysPaginator(listKeysRequest); CompletableFuture<Void> future = keysPublisher .subscribe(r -> r.keys().forEach(key -> System.out.println("The key ARN is: " + key.keyArn() + ". The key Id is: " + key.keyId()))) .whenComplete((result, exception) -> { if (exception != null) { System.err.println("Error occurred: " + exception.getMessage()); } else { System.out.println("Successfully listed all keys."); } }); try { future.join(); } catch (Exception e) { System.err.println("Failed to list keys: " + e.getMessage()); } } }
-
Untuk API detailnya, lihat ListKeysdi AWS SDK for Java 2.x APIReferensi.
-
Hal-hal mendasar
Contoh kode berikut ini menunjukkan cara:
Buat kunci KMS.
Daftar KMS kunci untuk akun Anda dan dapatkan detailnya.
Aktifkan dan nonaktifkan KMS kunci.
Hasilkan kunci data simetris yang dapat digunakan untuk enkripsi sisi klien.
Hasilkan kunci asimetris yang digunakan untuk menandatangani data secara digital.
Tombol tag.
Hapus KMS kunci.
- SDKuntuk Java 2.x
-
catatan
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS
. Menjalankan skenario di prompt perintah.
import software.amazon.awssdk.core.SdkBytes; import software.amazon.awssdk.regions.Region; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import software.amazon.awssdk.services.kms.model.AlreadyExistsException; import software.amazon.awssdk.services.kms.model.DisabledException; import software.amazon.awssdk.services.kms.model.EnableKeyRotationResponse; import software.amazon.awssdk.services.kms.model.KmsException; import software.amazon.awssdk.services.kms.model.NotFoundException; import software.amazon.awssdk.services.kms.model.RevokeGrantResponse; import java.util.List; import java.util.Scanner; import java.util.concurrent.CompletableFuture; import java.util.concurrent.CompletionException; /** * Before running this Java V2 code example, set up your development * environment, including your credentials. * * For more information, see the following documentation topic: * * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html */ public class KMSScenario { public static final String DASHES = new String(new char[80]).replace("\0", "-"); private static String accountId = ""; private static final Logger logger = LoggerFactory.getLogger(KMSScenario.class); static KMSActions kmsActions = new KMSActions(); static Scanner scanner = new Scanner(System.in); static String aliasName = "alias/dev-encryption-key"; public static void main(String[] args) { final String usage = """ Usage: <granteePrincipal> Where: granteePrincipal - The principal (user, service account, or group) to whom the grant or permission is being given. """; if (args.length != 1) { logger.info(usage); return; } String granteePrincipal = args[0]; String policyName = "default"; accountId = kmsActions.getAccountId(); String keyDesc = "Created by the AWS KMS API"; logger.info(DASHES); logger.info(""" Welcome to the AWS Key Management SDK Basics scenario. This program demonstrates how to interact with AWS Key Management using the AWS SDK for Java (v2). The AWS Key Management Service (KMS) is a secure and highly available service that allows you to create and manage AWS KMS keys and control their use across a wide range of AWS services and applications. KMS provides a centralized and unified approach to managing encryption keys, making it easier to meet your data protection and regulatory compliance requirements. This Basics scenario creates two key types: - A symmetric encryption key is used to encrypt and decrypt data. - An asymmetric key used to digitally sign data. Let's get started... """); waitForInputToContinue(scanner); try { // Run the methods that belong to this scenario. String targetKeyId = runScenario(granteePrincipal, keyDesc, policyName); requestDeleteResources(aliasName, targetKeyId); } catch (Throwable rt) { Throwable cause = rt.getCause(); if (cause instanceof KmsException kmsEx) { logger.info("KMS error occurred: Error message: {}, Error code {}", kmsEx.getMessage(), kmsEx.awsErrorDetails().errorCode()); } else { logger.info("An unexpected error occurred: " + rt.getMessage()); } } } private static String runScenario(String granteePrincipal, String keyDesc, String policyName) throws Throwable { logger.info(DASHES); logger.info("1. Create a symmetric KMS key\n"); logger.info("First, the program will creates a symmetric KMS key that you can used to encrypt and decrypt data."); waitForInputToContinue(scanner); String targetKeyId; try { CompletableFuture<String> futureKeyId = kmsActions.createKeyAsync(keyDesc); targetKeyId = futureKeyId.join(); logger.info("A symmetric key was successfully created " + targetKeyId); } catch (RuntimeException rt) { Throwable cause = rt.getCause(); if (cause instanceof KmsException kmsEx) { logger.info("KMS error occurred: Error message: {}, Error code {}", kmsEx.getMessage(), kmsEx.awsErrorDetails().errorCode()); } else { logger.info("An unexpected error occurred: " + rt.getMessage()); } throw cause; } waitForInputToContinue(scanner); logger.info(DASHES); logger.info(""" 2. Enable a KMS key By default, when the SDK creates an AWS key, it is enabled. The next bit of code checks to determine if the key is enabled. """); waitForInputToContinue(scanner); boolean isEnabled; try { CompletableFuture<Boolean> futureIsKeyEnabled = kmsActions.isKeyEnabledAsync(targetKeyId); isEnabled = futureIsKeyEnabled.join(); logger.info("Is the key enabled? {}", isEnabled); } catch (RuntimeException rt) { Throwable cause = rt.getCause(); if (cause instanceof KmsException kmsEx) { logger.info("KMS error occurred: Error message: {}, Error code {}", kmsEx.getMessage(), kmsEx.awsErrorDetails().errorCode()); } else { logger.info("An unexpected error occurred: " + rt.getMessage()); } throw cause; } if (!isEnabled) try { CompletableFuture<Void> future = kmsActions.enableKeyAsync(targetKeyId); future.join(); } catch (RuntimeException rt) { Throwable cause = rt.getCause(); if (cause instanceof KmsException kmsEx) { logger.info("KMS error occurred: Error message: {}, Error code {}", kmsEx.getMessage(), kmsEx.awsErrorDetails().errorCode()); } else { logger.info("An unexpected error occurred: " + rt.getMessage()); } throw cause; } waitForInputToContinue(scanner); logger.info(DASHES); logger.info("3. Encrypt data using the symmetric KMS key"); String plaintext = "Hello, AWS KMS!"; logger.info(""" One of the main uses of symmetric keys is to encrypt and decrypt data. Next, the code encrypts the string {} with the SYMMETRIC_DEFAULT encryption algorithm. """, plaintext); waitForInputToContinue(scanner); SdkBytes encryptedData; try { CompletableFuture<SdkBytes> future = kmsActions.encryptDataAsync(targetKeyId, plaintext); encryptedData = future.join(); } catch (RuntimeException rt) { Throwable cause = rt.getCause(); if (cause instanceof DisabledException kmsDisabledEx) { logger.info("KMS error occurred due to a disabled key: Error message: {}, Error code {}", kmsDisabledEx.getMessage(), kmsDisabledEx.awsErrorDetails().errorCode()); } else { logger.info("An unexpected error occurred: " + rt.getMessage()); } deleteKey(targetKeyId); throw cause; } waitForInputToContinue(scanner); logger.info(DASHES); logger.info("4. Create an alias"); logger.info(""" The alias name should be prefixed with 'alias/'. The default, 'alias/dev-encryption-key'. """); waitForInputToContinue(scanner); try { CompletableFuture<Void> future = kmsActions.createCustomAliasAsync(targetKeyId, aliasName); future.join(); } catch (RuntimeException rt) { Throwable cause = rt.getCause(); if (cause instanceof AlreadyExistsException kmsExistsEx) { if (kmsExistsEx.getMessage().contains("already exists")) { logger.info("The alias '" + aliasName + "' already exists. Moving on..."); } } else { logger.error("An unexpected error occurred: " + rt.getMessage(), rt); deleteKey(targetKeyId); throw cause; } } waitForInputToContinue(scanner); logger.info(DASHES); logger.info("5. List all of your aliases"); waitForInputToContinue(scanner); try { CompletableFuture<Object> future = kmsActions.listAllAliasesAsync(); future.join(); } catch (RuntimeException rt) { Throwable cause = rt.getCause(); if (cause instanceof KmsException kmsEx) { logger.info("KMS error occurred: Error message: {}, Error code {}", kmsEx.getMessage(), kmsEx.awsErrorDetails().errorCode()); } else { logger.info("An unexpected error occurred: " + rt.getMessage()); } deleteAliasName(aliasName); deleteKey(targetKeyId); throw cause; } waitForInputToContinue(scanner); logger.info(DASHES); logger.info("6. Enable automatic rotation of the KMS key"); logger.info(""" By default, when the SDK enables automatic rotation of a KMS key, KMS rotates the key material of the KMS key one year (approximately 365 days) from the enable date and every year thereafter. """); waitForInputToContinue(scanner); try { CompletableFuture<EnableKeyRotationResponse> future = kmsActions.enableKeyRotationAsync(targetKeyId); future.join(); } catch (RuntimeException rt) { Throwable cause = rt.getCause(); if (cause instanceof KmsException kmsEx) { logger.info("KMS error occurred: Error message: {}, Error code {}", kmsEx.getMessage(), kmsEx.awsErrorDetails().errorCode()); } else { logger.info("An unexpected error occurred: " + rt.getMessage()); } deleteAliasName(aliasName); deleteKey(targetKeyId); throw cause; } waitForInputToContinue(scanner); logger.info(DASHES); logger.info(""" 7. Create a grant A grant is a policy instrument that allows Amazon Web Services principals to use KMS keys. It also can allow them to view a KMS key (DescribeKey) and create and manage grants. When authorizing access to a KMS key, grants are considered along with key policies and IAM policies. """); waitForInputToContinue(scanner); String grantId = null; try { CompletableFuture<String> futureGrantId = kmsActions.grantKeyAsync(targetKeyId, granteePrincipal); grantId = futureGrantId.join(); } catch (RuntimeException rt) { Throwable cause = rt.getCause(); if (cause instanceof KmsException kmsEx) { logger.info("KMS error occurred: Error message: {}, Error code {}", kmsEx.getMessage(), kmsEx.awsErrorDetails().errorCode()); } else { logger.info("An unexpected error occurred: " + rt.getMessage()); } deleteKey(targetKeyId); throw cause; } waitForInputToContinue(scanner); logger.info(DASHES); logger.info(DASHES); logger.info("8. List grants for the KMS key"); waitForInputToContinue(scanner); try { CompletableFuture<Object> future = kmsActions.displayGrantIdsAsync(targetKeyId); future.join(); } catch (RuntimeException rt) { Throwable cause = rt.getCause(); if (cause instanceof KmsException kmsEx) { logger.info("KMS error occurred: Error message: {}, Error code {}", kmsEx.getMessage(), kmsEx.awsErrorDetails().errorCode()); } else { logger.info("An unexpected error occurred: " + rt.getMessage()); } deleteAliasName(aliasName); deleteKey(targetKeyId); throw cause; } waitForInputToContinue(scanner); logger.info(DASHES); logger.info("9. Revoke the grant"); logger.info(""" The revocation of a grant immediately removes the permissions and access that the grant had provided. This means that any principal (user, role, or service) that was granted access to perform specific KMS operations on a KMS key will no longer be able to perform those operations. """); waitForInputToContinue(scanner); try { CompletableFuture<RevokeGrantResponse> future = kmsActions.revokeKeyGrantAsync(targetKeyId, grantId); future.join(); } catch (RuntimeException rt) { Throwable cause = rt.getCause(); if (cause instanceof KmsException kmsEx) { if (kmsEx.getMessage().contains("Grant does not exist")) { logger.info("The grant ID '" + grantId + "' does not exist. Moving on..."); } else { logger.info("KMS error occurred: Error message: {}, Error code {}", kmsEx.getMessage(), kmsEx.awsErrorDetails().errorCode()); throw cause; } } else { logger.info("An unexpected error occurred: " + rt.getMessage()); deleteAliasName(aliasName); deleteKey(targetKeyId); throw cause; } } waitForInputToContinue(scanner); logger.info(DASHES); logger.info("10. Decrypt the data\n"); logger.info(""" Lets decrypt the data that was encrypted in an early step. The code uses the same key to decrypt the string that we encrypted earlier in the program. """); waitForInputToContinue(scanner); String decryptedData = ""; try { CompletableFuture<String> future = kmsActions.decryptDataAsync(encryptedData, targetKeyId); decryptedData = future.join(); logger.info("Decrypted data: " + decryptedData); } catch (RuntimeException rt) { Throwable cause = rt.getCause(); if (cause instanceof KmsException kmsEx) { logger.info("KMS error occurred: Error message: {}, Error code {}", kmsEx.getMessage(), kmsEx.awsErrorDetails().errorCode()); } else { logger.info("An unexpected error occurred: " + rt.getMessage()); } deleteAliasName(aliasName); deleteKey(targetKeyId); throw cause; } logger.info("Decrypted text is: " + decryptedData); waitForInputToContinue(scanner); logger.info(DASHES); logger.info("11. Replace a key policy\n"); logger.info(""" A key policy is a resource policy for a KMS key. Key policies are the primary way to control access to KMS keys. Every KMS key must have exactly one key policy. The statements in the key policy determine who has permission to use the KMS key and how they can use it. You can also use IAM policies and grants to control access to the KMS key, but every KMS key must have a key policy. By default, when you create a key by using the SDK, a policy is created that gives the AWS account that owns the KMS key full access to the KMS key. Let's try to replace the automatically created policy with the following policy. "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::0000000000:root"}, "Action": "kms:*", "Resource": "*" }] """); waitForInputToContinue(scanner); try { CompletableFuture<Boolean> future = kmsActions.replacePolicyAsync(targetKeyId, policyName, accountId); boolean success = future.join(); if (success) { logger.info("Key policy replacement succeeded."); } else { logger.error("Key policy replacement failed."); } } catch (RuntimeException rt) { Throwable cause = rt.getCause(); if (cause instanceof KmsException kmsEx) { logger.info("KMS error occurred: Error message: {}, Error code {}", kmsEx.getMessage(), kmsEx.awsErrorDetails().errorCode()); } else { logger.info("An unexpected error occurred: " + rt.getMessage()); } deleteAliasName(aliasName); deleteKey(targetKeyId); throw cause; } waitForInputToContinue(scanner); logger.info(DASHES); logger.info("12. Get the key policy\n"); logger.info("The next bit of code that runs gets the key policy to make sure it exists."); waitForInputToContinue(scanner); try { CompletableFuture<String> future = kmsActions.getKeyPolicyAsync(targetKeyId, policyName); String policy = future.join(); if (!policy.isEmpty()) { logger.info("Retrieved policy: " + policy); } } catch (RuntimeException rt) { Throwable cause = rt.getCause(); if (cause instanceof KmsException kmsEx) { logger.info("KMS error occurred: Error message: {}, Error code {}", kmsEx.getMessage(), kmsEx.awsErrorDetails().errorCode()); } else { logger.info("An unexpected error occurred: " + rt.getMessage()); } deleteAliasName(aliasName); deleteKey(targetKeyId); throw cause; } waitForInputToContinue(scanner); logger.info(DASHES); logger.info("13. Create an asymmetric KMS key and sign your data\n"); logger.info(""" Signing your data with an AWS key can provide several benefits that make it an attractive option for your data signing needs. By using an AWS KMS key, you can leverage the security controls and compliance features provided by AWS, which can help you meet various regulatory requirements and enhance the overall security posture of your organization. """); waitForInputToContinue(scanner); try { CompletableFuture<Boolean> future = kmsActions.signVerifyDataAsync(); boolean success = future.join(); if (success) { logger.info("Sign and verify data operation succeeded."); } else { logger.error("Sign and verify data operation failed."); } } catch (RuntimeException rt) { Throwable cause = rt.getCause(); if (cause instanceof KmsException kmsEx) { logger.info("KMS error occurred: Error message: {}, Error code {}", kmsEx.getMessage(), kmsEx.awsErrorDetails().errorCode()); } else { logger.info("An unexpected error occurred: " + rt.getMessage()); } deleteAliasName(aliasName); deleteKey(targetKeyId); throw cause; } waitForInputToContinue(scanner); logger.info(DASHES); logger.info("14. Tag your symmetric KMS Key\n"); logger.info(""" By using tags, you can improve the overall management, security, and governance of your KMS keys, making it easier to organize, track, and control access to your encrypted data within your AWS environment """); waitForInputToContinue(scanner); try { CompletableFuture<Void> future = kmsActions.tagKMSKeyAsync(targetKeyId); future.join(); } catch (RuntimeException rt) { Throwable cause = rt.getCause(); if (cause instanceof KmsException kmsEx) { logger.info("KMS error occurred: Error message: {}, Error code {}", kmsEx.getMessage(), kmsEx.awsErrorDetails().errorCode()); } else { logger.info("An unexpected error occurred: " + rt.getMessage()); } deleteAliasName(aliasName); deleteKey(targetKeyId); throw cause; } waitForInputToContinue(scanner); return targetKeyId; } // Deletes KMS resources with user input. private static void requestDeleteResources(String aliasName, String targetKeyId) { logger.info(DASHES); logger.info("15. Schedule the deletion of the KMS key\n"); logger.info(""" By default, KMS applies a waiting period of 30 days, but you can specify a waiting period of 7-30 days. When this operation is successful, the key state of the KMS key changes to PendingDeletion and the key can't be used in any cryptographic operations. It remains in this state for the duration of the waiting period. Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key is deleted, all data that was encrypted under the KMS key is unrecoverable. """); logger.info("Would you like to delete the Key Management resources? (y/n)"); String delAns = scanner.nextLine().trim(); if (delAns.equalsIgnoreCase("y")) { logger.info("You selected to delete the AWS KMS resources."); waitForInputToContinue(scanner); try { CompletableFuture<Void> future = kmsActions.deleteSpecificAliasAsync(aliasName); future.join(); } catch (RuntimeException rt) { Throwable cause = rt.getCause(); if (cause instanceof KmsException kmsEx) { logger.info("KMS error occurred: Error message: {}, Error code {}", kmsEx.getMessage(), kmsEx.awsErrorDetails().errorCode()); } else { logger.info("An unexpected error occurred: " + rt.getMessage()); } } waitForInputToContinue(scanner); try { CompletableFuture<Void> future = kmsActions.disableKeyAsync(targetKeyId); future.join(); } catch (RuntimeException rt) { Throwable cause = rt.getCause(); if (cause instanceof KmsException kmsEx) { logger.info("KMS error occurred: Error message: {}, Error code {}", kmsEx.getMessage(), kmsEx.awsErrorDetails().errorCode()); } else { logger.info("An unexpected error occurred: " + rt.getMessage()); } } try { CompletableFuture<Void> future = kmsActions.deleteKeyAsync(targetKeyId); future.join(); } catch (RuntimeException rt) { Throwable cause = rt.getCause(); if (cause instanceof KmsException kmsEx) { logger.info("KMS error occurred: Error message: {}, Error code {}", kmsEx.getMessage(), kmsEx.awsErrorDetails().errorCode()); } else { logger.info("An unexpected error occurred: " + rt.getMessage()); } } } else { logger.info("The Key Management resources will not be deleted"); } logger.info(DASHES); logger.info("This concludes the AWS Key Management SDK scenario"); logger.info(DASHES); } // This method is invoked from Exceptions to clean up the resources. private static void deleteKey(String targetKeyId) { try { CompletableFuture<Void> future = kmsActions.disableKeyAsync(targetKeyId); future.join(); } catch (RuntimeException rt) { Throwable cause = rt.getCause(); if (cause instanceof KmsException kmsEx) { logger.info("KMS error occurred: Error message: {}, Error code {}", kmsEx.getMessage(), kmsEx.awsErrorDetails().errorCode()); } else { logger.info("An unexpected error occurred: " + rt.getMessage()); } } try { CompletableFuture<Void> future = kmsActions.deleteKeyAsync(targetKeyId); future.join(); } catch (RuntimeException rt) { Throwable cause = rt.getCause(); if (cause instanceof KmsException kmsEx) { logger.info("KMS error occurred: Error message: {}, Error code {}", kmsEx.getMessage(), kmsEx.awsErrorDetails().errorCode()); } else { logger.info("An unexpected error occurred: " + rt.getMessage()); } } } // This method is invoked from Exceptions to clean up the resources. private static void deleteAliasName(String aliasName) { try { CompletableFuture<Void> future = kmsActions.deleteSpecificAliasAsync(aliasName); future.join(); } catch (RuntimeException rt) { Throwable cause = rt.getCause(); if (cause instanceof KmsException kmsEx) { logger.info("KMS error occurred: Error message: {}, Error code {}", kmsEx.getMessage(), kmsEx.awsErrorDetails().errorCode()); } else { logger.info("An unexpected error occurred: " + rt.getMessage()); } } } private static void waitForInputToContinue(Scanner scanner) { while (true) { logger.info(""); logger.info("Enter 'c' followed by <ENTER> to continue:"); String input = scanner.nextLine(); if (input.trim().equalsIgnoreCase("c")) { logger.info("Continuing with the program..."); logger.info(""); break; } else { // Handle invalid input. logger.info("Invalid input. Please try again."); } } } }
Tentukan kelas yang membungkus KMS tindakan.
public class KMSActions { private static final Logger logger = LoggerFactory.getLogger(KMSActions.class); private static KmsAsyncClient kmsAsyncClient; /** * Retrieves an asynchronous AWS Key Management Service (KMS) client. * <p> * This method creates and returns a singleton instance of the KMS async client, with the following configurations: * <ul> * <li>Max concurrency: 100</li> * <li>Connection timeout: 60 seconds</li> * <li>Read timeout: 60 seconds</li> * <li>Write timeout: 60 seconds</li> * <li>API call timeout: 2 minutes</li> * <li>API call attempt timeout: 90 seconds</li> * <li>Retry policy: up to 3 retries</li> * <li>Credentials provider: environment variable credentials provider</li> * </ul> * <p> * If the client instance has already been created, it is returned instead of creating a new one. * * @return the KMS async client instance */ private static KmsAsyncClient getAsyncClient() { if (kmsAsyncClient == null) { SdkAsyncHttpClient httpClient = NettyNioAsyncHttpClient.builder() .maxConcurrency(100) .connectionTimeout(Duration.ofSeconds(60)) .readTimeout(Duration.ofSeconds(60)) .writeTimeout(Duration.ofSeconds(60)) .build(); ClientOverrideConfiguration overrideConfig = ClientOverrideConfiguration.builder() .apiCallTimeout(Duration.ofMinutes(2)) .apiCallAttemptTimeout(Duration.ofSeconds(90)) .retryPolicy(RetryPolicy.builder() .numRetries(3) .build()) .build(); kmsAsyncClient = KmsAsyncClient.builder() .httpClient(httpClient) .overrideConfiguration(overrideConfig) .credentialsProvider(EnvironmentVariableCredentialsProvider.create()) .build(); } return kmsAsyncClient; } /** * Creates a new symmetric encryption key asynchronously. * * @param keyDesc the description of the key to be created * @return a {@link CompletableFuture} that completes with the ID of the newly created key * @throws RuntimeException if an error occurs while creating the key */ public CompletableFuture<String> createKeyAsync(String keyDesc) { CreateKeyRequest keyRequest = CreateKeyRequest.builder() .description(keyDesc) .keySpec(KeySpec.SYMMETRIC_DEFAULT) .keyUsage(KeyUsageType.ENCRYPT_DECRYPT) .build(); return getAsyncClient().createKey(keyRequest) .thenApply(resp -> resp.keyMetadata().keyId()) .exceptionally(ex -> { throw new RuntimeException("An error occurred while creating the key: " + ex.getMessage(), ex); }); } /** * Asynchronously checks if a specified key is enabled. * * @param keyId the ID of the key to check * @return a {@link CompletableFuture} that, when completed, indicates whether the key is enabled or not * * @throws RuntimeException if an exception occurs while checking the key state */ public CompletableFuture<Boolean> isKeyEnabledAsync(String keyId) { DescribeKeyRequest keyRequest = DescribeKeyRequest.builder() .keyId(keyId) .build(); CompletableFuture<DescribeKeyResponse> responseFuture = getAsyncClient().describeKey(keyRequest); return responseFuture.whenComplete((resp, ex) -> { if (resp != null) { KeyState keyState = resp.keyMetadata().keyState(); if (keyState == KeyState.ENABLED) { logger.info("The key is enabled."); } else { logger.info("The key is not enabled. Key state: {}", keyState); } } else { throw new RuntimeException(ex); } }).thenApply(resp -> resp.keyMetadata().keyState() == KeyState.ENABLED); } /** * Asynchronously enables the specified key. * * @param keyId the ID of the key to enable * @return a {@link CompletableFuture} that completes when the key has been enabled */ public CompletableFuture<Void> enableKeyAsync(String keyId) { EnableKeyRequest enableKeyRequest = EnableKeyRequest.builder() .keyId(keyId) .build(); CompletableFuture<EnableKeyResponse> responseFuture = getAsyncClient().enableKey(enableKeyRequest); responseFuture.whenComplete((response, exception) -> { if (exception == null) { logger.info("Key with ID [{}] has been enabled.", keyId); } else { if (exception instanceof KmsException kmsEx) { throw new RuntimeException("KMS error occurred while enabling key: " + kmsEx.getMessage(), kmsEx); } else { throw new RuntimeException("An unexpected error occurred while enabling key: " + exception.getMessage(), exception); } } }); return responseFuture.thenApply(response -> null); } /** * Encrypts the given text asynchronously using the specified KMS client and key ID. * * @param keyId the ID of the KMS key to use for encryption * @param text the text to encrypt * @return a CompletableFuture that completes with the encrypted data as an SdkBytes object */ public CompletableFuture<SdkBytes> encryptDataAsync(String keyId, String text) { SdkBytes myBytes = SdkBytes.fromUtf8String(text); EncryptRequest encryptRequest = EncryptRequest.builder() .keyId(keyId) .plaintext(myBytes) .build(); CompletableFuture<EncryptResponse> responseFuture = getAsyncClient().encrypt(encryptRequest).toCompletableFuture(); return responseFuture.whenComplete((response, ex) -> { if (response != null) { String algorithm = response.encryptionAlgorithm().toString(); logger.info("The string was encrypted with algorithm {}.", algorithm); } else { throw new RuntimeException(ex); } }).thenApply(EncryptResponse::ciphertextBlob); } /** * Creates a custom alias for the specified target key asynchronously. * * @param targetKeyId the ID of the target key for the alias * @param aliasName the name of the alias to create * @return a {@link CompletableFuture} that completes when the alias creation operation is finished */ public CompletableFuture<Void> createCustomAliasAsync(String targetKeyId, String aliasName) { CreateAliasRequest aliasRequest = CreateAliasRequest.builder() .aliasName(aliasName) .targetKeyId(targetKeyId) .build(); CompletableFuture<CreateAliasResponse> responseFuture = getAsyncClient().createAlias(aliasRequest); responseFuture.whenComplete((response, exception) -> { if (exception == null) { logger.info("{} was successfully created.", aliasName); } else { if (exception instanceof ResourceExistsException) { logger.info("Alias [{}] already exists. Moving on...", aliasName); } else if (exception instanceof KmsException kmsEx) { throw new RuntimeException("KMS error occurred while creating alias: " + kmsEx.getMessage(), kmsEx); } else { throw new RuntimeException("An unexpected error occurred while creating alias: " + exception.getMessage(), exception); } } }); return responseFuture.thenApply(response -> null); } /** * Asynchronously lists all the aliases in the current AWS account. * * @return a {@link CompletableFuture} that completes when the list of aliases has been processed */ public CompletableFuture<Object> listAllAliasesAsync() { ListAliasesRequest aliasesRequest = ListAliasesRequest.builder() .limit(15) .build(); ListAliasesPublisher paginator = getAsyncClient().listAliasesPaginator(aliasesRequest); return paginator.subscribe(response -> { response.aliases().forEach(alias -> logger.info("The alias name is: " + alias.aliasName()) ); }) .thenApply(v -> null) .exceptionally(ex -> { if (ex.getCause() instanceof KmsException) { KmsException e = (KmsException) ex.getCause(); throw new RuntimeException("A KMS exception occurred: " + e.getMessage()); } else { throw new RuntimeException("An unexpected error occurred: " + ex.getMessage()); } }); } /** * Enables key rotation asynchronously for the specified key ID. * * @param keyId the ID of the key for which to enable key rotation * @return a CompletableFuture that represents the asynchronous operation of enabling key rotation * @throws RuntimeException if there was an error enabling key rotation, either due to a KMS exception or an unexpected error */ public CompletableFuture<EnableKeyRotationResponse> enableKeyRotationAsync(String keyId) { EnableKeyRotationRequest enableKeyRotationRequest = EnableKeyRotationRequest.builder() .keyId(keyId) .build(); CompletableFuture<EnableKeyRotationResponse> responseFuture = getAsyncClient().enableKeyRotation(enableKeyRotationRequest); responseFuture.whenComplete((response, exception) -> { if (exception == null) { logger.info("Key rotation has been enabled for key with id [{}]", keyId); } else { if (exception instanceof KmsException kmsEx) { throw new RuntimeException("Failed to enable key rotation: " + kmsEx.getMessage(), kmsEx); } else { throw new RuntimeException("An unexpected error occurred: " + exception.getMessage(), exception); } } }); return responseFuture; } /** * Grants permissions to a specified principal on a customer master key (CMK) asynchronously. * * @param keyId The unique identifier for the customer master key (CMK) that the grant applies to. * @param granteePrincipal The principal that is given permission to perform the operations that the grant permits on the CMK. * @return A {@link CompletableFuture} that, when completed, contains the ID of the created grant. * @throws RuntimeException If an error occurs during the grant creation process. */ public CompletableFuture<String> grantKeyAsync(String keyId, String granteePrincipal) { List<GrantOperation> grantPermissions = List.of( GrantOperation.ENCRYPT, GrantOperation.DECRYPT, GrantOperation.DESCRIBE_KEY ); CreateGrantRequest grantRequest = CreateGrantRequest.builder() .keyId(keyId) .name("grant1") .granteePrincipal(granteePrincipal) .operations(grantPermissions) .build(); CompletableFuture<CreateGrantResponse> responseFuture = getAsyncClient().createGrant(grantRequest); responseFuture.whenComplete((response, ex) -> { if (ex == null) { logger.info("Grant created successfully with ID: " + response.grantId()); } else { if (ex instanceof KmsException kmsEx) { throw new RuntimeException("Failed to create grant: " + kmsEx.getMessage(), kmsEx); } else { throw new RuntimeException("An unexpected error occurred: " + ex.getMessage(), ex); } } }); return responseFuture.thenApply(CreateGrantResponse::grantId); } /** * Asynchronously displays the grant IDs for the specified key ID. * * @param keyId the ID of the AWS KMS key for which to list the grants * @return a {@link CompletableFuture} that, when completed, will be null if the operation succeeded, or will throw a {@link RuntimeException} if the operation failed * @throws RuntimeException if there was an error listing the grants, either due to an {@link KmsException} or an unexpected error */ public CompletableFuture<Object> displayGrantIdsAsync(String keyId) { ListGrantsRequest grantsRequest = ListGrantsRequest.builder() .keyId(keyId) .limit(15) .build(); ListGrantsPublisher paginator = getAsyncClient().listGrantsPaginator(grantsRequest); return paginator.subscribe(response -> { response.grants().forEach(grant -> { logger.info("The grant Id is: " + grant.grantId()); }); }) .thenApply(v -> null) .exceptionally(ex -> { Throwable cause = ex.getCause(); if (cause instanceof KmsException) { throw new RuntimeException("Failed to list grants: " + cause.getMessage(), cause); } else { throw new RuntimeException("An unexpected error occurred: " + cause.getMessage(), cause); } }); } /** * Revokes a grant for the specified AWS KMS key asynchronously. * * @param keyId The ID or key ARN of the AWS KMS key. * @param grantId The identifier of the grant to be revoked. * @return A {@link CompletableFuture} representing the asynchronous operation of revoking the grant. * The {@link CompletableFuture} will complete with a {@link RevokeGrantResponse} object * if the operation is successful, or with a {@code null} value if an error occurs. */ public CompletableFuture<RevokeGrantResponse> revokeKeyGrantAsync(String keyId, String grantId) { RevokeGrantRequest grantRequest = RevokeGrantRequest.builder() .keyId(keyId) .grantId(grantId) .build(); CompletableFuture<RevokeGrantResponse> responseFuture = getAsyncClient().revokeGrant(grantRequest); responseFuture.whenComplete((response, exception) -> { if (exception == null) { logger.info("Grant ID: [" + grantId + "] was successfully revoked!"); } else { if (exception instanceof KmsException kmsEx) { if (kmsEx.getMessage().contains("Grant does not exist")) { logger.info("The grant ID '" + grantId + "' does not exist. Moving on..."); } else { throw new RuntimeException("KMS error occurred: " + kmsEx.getMessage(), kmsEx); } } else { throw new RuntimeException("An unexpected error occurred: " + exception.getMessage(), exception); } } }); return responseFuture; } /** * Asynchronously decrypts the given encrypted data using the specified key ID. * * @param encryptedData The encrypted data to be decrypted. * @param keyId The ID of the key to be used for decryption. * @return A CompletableFuture that, when completed, will contain the decrypted data as a String. * If an error occurs during the decryption process, the CompletableFuture will complete * exceptionally with the error, and the method will return an empty String. */ public CompletableFuture<String> decryptDataAsync(SdkBytes encryptedData, String keyId) { DecryptRequest decryptRequest = DecryptRequest.builder() .ciphertextBlob(encryptedData) .keyId(keyId) .build(); CompletableFuture<DecryptResponse> responseFuture = getAsyncClient().decrypt(decryptRequest); responseFuture.whenComplete((decryptResponse, exception) -> { if (exception == null) { logger.info("Data decrypted successfully for key ID: " + keyId); } else { if (exception instanceof KmsException kmsEx) { throw new RuntimeException("KMS error occurred while decrypting data: " + kmsEx.getMessage(), kmsEx); } else { throw new RuntimeException("An unexpected error occurred while decrypting data: " + exception.getMessage(), exception); } } }); return responseFuture.thenApply(decryptResponse -> decryptResponse.plaintext().asString(StandardCharsets.UTF_8)); } /** * Asynchronously replaces the policy for the specified KMS key. * * @param keyId the ID of the KMS key to replace the policy for * @param policyName the name of the policy to be replaced * @param accountId the AWS account ID to be used in the policy * @return a {@link CompletableFuture} that completes with a boolean indicating * whether the policy replacement was successful or not */ public CompletableFuture<Boolean> replacePolicyAsync(String keyId, String policyName, String accountId) { String policy = """ { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::%s:root"}, "Action": "kms:*", "Resource": "*" }] } """.formatted(accountId); PutKeyPolicyRequest keyPolicyRequest = PutKeyPolicyRequest.builder() .keyId(keyId) .policyName(policyName) .policy(policy) .build(); // First, get the current policy to check if it exists return getAsyncClient().getKeyPolicy(r -> r.keyId(keyId).policyName(policyName)) .thenCompose(response -> { logger.info("Current policy exists. Replacing it..."); return getAsyncClient().putKeyPolicy(keyPolicyRequest); }) .thenApply(putPolicyResponse -> { logger.info("The key policy has been replaced."); return true; }) .exceptionally(throwable -> { if (throwable.getCause() instanceof LimitExceededException) { logger.error("Cannot replace policy, as only one policy is allowed per key."); return false; } throw new RuntimeException("Error replacing policy", throwable); }); } /** * Asynchronously retrieves the key policy for the specified key ID and policy name. * * @param keyId the ID of the AWS KMS key for which to retrieve the policy * @param policyName the name of the key policy to retrieve * @return a {@link CompletableFuture} that, when completed, contains the key policy as a {@link String} */ public CompletableFuture<String> getKeyPolicyAsync(String keyId, String policyName) { GetKeyPolicyRequest policyRequest = GetKeyPolicyRequest.builder() .keyId(keyId) .policyName(policyName) .build(); return getAsyncClient().getKeyPolicy(policyRequest) .thenApply(response -> { String policy = response.policy(); logger.info("The response is: " + policy); return policy; }) .exceptionally(ex -> { throw new RuntimeException("Failed to get key policy", ex); }); } /** * Asynchronously signs and verifies data using AWS KMS. * * <p>The method performs the following steps: * <ol> * <li>Creates an AWS KMS key with the specified key spec, key usage, and origin.</li> * <li>Signs the provided message using the created KMS key and the RSASSA-PSS-SHA-256 algorithm.</li> * <li>Verifies the signature of the message using the created KMS key and the RSASSA-PSS-SHA-256 algorithm.</li> * </ol> * * @return a {@link CompletableFuture} that completes with the result of the signature verification, * {@code true} if the signature is valid, {@code false} otherwise. * @throws KmsException if any error occurs during the KMS operations. * @throws RuntimeException if an unexpected error occurs. */ public CompletableFuture<Boolean> signVerifyDataAsync() { String signMessage = "Here is the message that will be digitally signed"; // Create an AWS KMS key used to digitally sign data. CreateKeyRequest createKeyRequest = CreateKeyRequest.builder() .keySpec(KeySpec.RSA_2048) .keyUsage(KeyUsageType.SIGN_VERIFY) .origin(OriginType.AWS_KMS) .build(); return getAsyncClient().createKey(createKeyRequest) .thenCompose(createKeyResponse -> { String keyId = createKeyResponse.keyMetadata().keyId(); SdkBytes messageBytes = SdkBytes.fromString(signMessage, Charset.defaultCharset()); SignRequest signRequest = SignRequest.builder() .keyId(keyId) .message(messageBytes) .signingAlgorithm(SigningAlgorithmSpec.RSASSA_PSS_SHA_256) .build(); return getAsyncClient().sign(signRequest) .thenCompose(signResponse -> { byte[] signedBytes = signResponse.signature().asByteArray(); VerifyRequest verifyRequest = VerifyRequest.builder() .keyId(keyId) .message(SdkBytes.fromByteArray(signMessage.getBytes(Charset.defaultCharset()))) .signature(SdkBytes.fromByteBuffer(ByteBuffer.wrap(signedBytes))) .signingAlgorithm(SigningAlgorithmSpec.RSASSA_PSS_SHA_256) .build(); return getAsyncClient().verify(verifyRequest) .thenApply(verifyResponse -> { return (boolean) verifyResponse.signatureValid(); }); }); }) .exceptionally(throwable -> { throw new RuntimeException("Failed to sign or verify data", throwable); }); } /** * Asynchronously tags a KMS key with a specific tag. * * @param keyId the ID of the KMS key to be tagged * @return a {@link CompletableFuture} that completes when the tagging operation is finished */ public CompletableFuture<Void> tagKMSKeyAsync(String keyId) { Tag tag = Tag.builder() .tagKey("Environment") .tagValue("Production") .build(); TagResourceRequest tagResourceRequest = TagResourceRequest.builder() .keyId(keyId) .tags(tag) .build(); return getAsyncClient().tagResource(tagResourceRequest) .thenRun(() -> { logger.info("{} key was tagged", keyId); }) .exceptionally(throwable -> { throw new RuntimeException("Failed to tag the KMS key", throwable); }); } /** * Deletes a specific KMS alias asynchronously. * * @param aliasName the name of the alias to be deleted * @return a {@link CompletableFuture} representing the asynchronous operation of deleting the specified alias */ public CompletableFuture<Void> deleteSpecificAliasAsync(String aliasName) { DeleteAliasRequest deleteAliasRequest = DeleteAliasRequest.builder() .aliasName(aliasName) .build(); return getAsyncClient().deleteAlias(deleteAliasRequest) .thenRun(() -> { logger.info("Alias {} has been deleted successfully", aliasName); }) .exceptionally(throwable -> { throw new RuntimeException("Failed to delete alias: " + aliasName, throwable); }); } /** * Asynchronously disables the specified AWS Key Management Service (KMS) key. * * @param keyId the ID or Amazon Resource Name (ARN) of the KMS key to be disabled * @return a CompletableFuture that, when completed, indicates that the key has been disabled successfully */ public CompletableFuture<Void> disableKeyAsync(String keyId) { DisableKeyRequest keyRequest = DisableKeyRequest.builder() .keyId(keyId) .build(); return getAsyncClient().disableKey(keyRequest) .thenRun(() -> { logger.info("Key {} has been disabled successfully",keyId); }) .exceptionally(throwable -> { throw new RuntimeException("Failed to disable key: " + keyId, throwable); }); } /** * Deletes a KMS key asynchronously. * * <p><strong>Warning:</strong> Deleting a KMS key is a destructive and potentially dangerous operation. * When a KMS key is deleted, all data that was encrypted under the KMS key becomes unrecoverable. * This means that any files, databases, or other data that were encrypted using the deleted KMS key * will become permanently inaccessible. Exercise extreme caution when deleting KMS keys.</p> * * @param keyId the ID of the KMS key to delete * @return a {@link CompletableFuture} that completes when the key deletion is scheduled */ public CompletableFuture<Void> deleteKeyAsync(String keyId) { ScheduleKeyDeletionRequest deletionRequest = ScheduleKeyDeletionRequest.builder() .keyId(keyId) .pendingWindowInDays(7) .build(); return getAsyncClient().scheduleKeyDeletion(deletionRequest) .thenRun(() -> { logger.info("Key {} will be deleted in 7 days", keyId); }) .exceptionally(throwable -> { throw new RuntimeException("Failed to schedule key deletion for key ID: " + keyId, throwable); }); } public String getAccountId(){ try (StsClient stsClient = StsClient.create()){ GetCallerIdentityResponse callerIdentity = stsClient.getCallerIdentity(); return callerIdentity.account(); } } }
-
Untuk API detailnya, lihat topik berikut di AWS SDK for Java 2.x APIReferensi.
-
Tindakan
Contoh kode berikut menunjukkan cara menggunakanCreateAlias
.
- SDKuntuk Java 2.x
-
catatan
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS
. /** * Creates a custom alias for the specified target key asynchronously. * * @param targetKeyId the ID of the target key for the alias * @param aliasName the name of the alias to create * @return a {@link CompletableFuture} that completes when the alias creation operation is finished */ public CompletableFuture<Void> createCustomAliasAsync(String targetKeyId, String aliasName) { CreateAliasRequest aliasRequest = CreateAliasRequest.builder() .aliasName(aliasName) .targetKeyId(targetKeyId) .build(); CompletableFuture<CreateAliasResponse> responseFuture = getAsyncClient().createAlias(aliasRequest); responseFuture.whenComplete((response, exception) -> { if (exception == null) { logger.info("{} was successfully created.", aliasName); } else { if (exception instanceof ResourceExistsException) { logger.info("Alias [{}] already exists. Moving on...", aliasName); } else if (exception instanceof KmsException kmsEx) { throw new RuntimeException("KMS error occurred while creating alias: " + kmsEx.getMessage(), kmsEx); } else { throw new RuntimeException("An unexpected error occurred while creating alias: " + exception.getMessage(), exception); } } }); return responseFuture.thenApply(response -> null); }
-
Untuk API detailnya, lihat CreateAliasdi AWS SDK for Java 2.x APIReferensi.
-
Contoh kode berikut menunjukkan cara menggunakanCreateGrant
.
- SDKuntuk Java 2.x
-
catatan
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS
. /** * Grants permissions to a specified principal on a customer master key (CMK) asynchronously. * * @param keyId The unique identifier for the customer master key (CMK) that the grant applies to. * @param granteePrincipal The principal that is given permission to perform the operations that the grant permits on the CMK. * @return A {@link CompletableFuture} that, when completed, contains the ID of the created grant. * @throws RuntimeException If an error occurs during the grant creation process. */ public CompletableFuture<String> grantKeyAsync(String keyId, String granteePrincipal) { List<GrantOperation> grantPermissions = List.of( GrantOperation.ENCRYPT, GrantOperation.DECRYPT, GrantOperation.DESCRIBE_KEY ); CreateGrantRequest grantRequest = CreateGrantRequest.builder() .keyId(keyId) .name("grant1") .granteePrincipal(granteePrincipal) .operations(grantPermissions) .build(); CompletableFuture<CreateGrantResponse> responseFuture = getAsyncClient().createGrant(grantRequest); responseFuture.whenComplete((response, ex) -> { if (ex == null) { logger.info("Grant created successfully with ID: " + response.grantId()); } else { if (ex instanceof KmsException kmsEx) { throw new RuntimeException("Failed to create grant: " + kmsEx.getMessage(), kmsEx); } else { throw new RuntimeException("An unexpected error occurred: " + ex.getMessage(), ex); } } }); return responseFuture.thenApply(CreateGrantResponse::grantId); }
-
Untuk API detailnya, lihat CreateGrantdi AWS SDK for Java 2.x APIReferensi.
-
Contoh kode berikut menunjukkan cara menggunakanCreateKey
.
- SDKuntuk Java 2.x
-
catatan
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS
. /** * Creates a new symmetric encryption key asynchronously. * * @param keyDesc the description of the key to be created * @return a {@link CompletableFuture} that completes with the ID of the newly created key * @throws RuntimeException if an error occurs while creating the key */ public CompletableFuture<String> createKeyAsync(String keyDesc) { CreateKeyRequest keyRequest = CreateKeyRequest.builder() .description(keyDesc) .keySpec(KeySpec.SYMMETRIC_DEFAULT) .keyUsage(KeyUsageType.ENCRYPT_DECRYPT) .build(); return getAsyncClient().createKey(keyRequest) .thenApply(resp -> resp.keyMetadata().keyId()) .exceptionally(ex -> { throw new RuntimeException("An error occurred while creating the key: " + ex.getMessage(), ex); }); }
-
Untuk API detailnya, lihat CreateKeydi AWS SDK for Java 2.x APIReferensi.
-
Contoh kode berikut menunjukkan cara menggunakanDecrypt
.
- SDKuntuk Java 2.x
-
catatan
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS
. /** * Asynchronously decrypts the given encrypted data using the specified key ID. * * @param encryptedData The encrypted data to be decrypted. * @param keyId The ID of the key to be used for decryption. * @return A CompletableFuture that, when completed, will contain the decrypted data as a String. * If an error occurs during the decryption process, the CompletableFuture will complete * exceptionally with the error, and the method will return an empty String. */ public CompletableFuture<String> decryptDataAsync(SdkBytes encryptedData, String keyId) { DecryptRequest decryptRequest = DecryptRequest.builder() .ciphertextBlob(encryptedData) .keyId(keyId) .build(); CompletableFuture<DecryptResponse> responseFuture = getAsyncClient().decrypt(decryptRequest); responseFuture.whenComplete((decryptResponse, exception) -> { if (exception == null) { logger.info("Data decrypted successfully for key ID: " + keyId); } else { if (exception instanceof KmsException kmsEx) { throw new RuntimeException("KMS error occurred while decrypting data: " + kmsEx.getMessage(), kmsEx); } else { throw new RuntimeException("An unexpected error occurred while decrypting data: " + exception.getMessage(), exception); } } }); return responseFuture.thenApply(decryptResponse -> decryptResponse.plaintext().asString(StandardCharsets.UTF_8)); }
-
Untuk API detailnya, lihat Dekripsi di AWS SDK for Java 2.x API Referensi.
-
Contoh kode berikut menunjukkan cara menggunakanDeleteAlias
.
- SDKuntuk Java 2.x
-
catatan
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS
. /** * Deletes a specific KMS alias asynchronously. * * @param aliasName the name of the alias to be deleted * @return a {@link CompletableFuture} representing the asynchronous operation of deleting the specified alias */ public CompletableFuture<Void> deleteSpecificAliasAsync(String aliasName) { DeleteAliasRequest deleteAliasRequest = DeleteAliasRequest.builder() .aliasName(aliasName) .build(); return getAsyncClient().deleteAlias(deleteAliasRequest) .thenRun(() -> { logger.info("Alias {} has been deleted successfully", aliasName); }) .exceptionally(throwable -> { throw new RuntimeException("Failed to delete alias: " + aliasName, throwable); }); }
-
Untuk API detailnya, lihat DeleteAliasdi AWS SDK for Java 2.x APIReferensi.
-
Contoh kode berikut menunjukkan cara menggunakanDescribeKey
.
- SDKuntuk Java 2.x
-
catatan
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS
. /** * Asynchronously checks if a specified key is enabled. * * @param keyId the ID of the key to check * @return a {@link CompletableFuture} that, when completed, indicates whether the key is enabled or not * * @throws RuntimeException if an exception occurs while checking the key state */ public CompletableFuture<Boolean> isKeyEnabledAsync(String keyId) { DescribeKeyRequest keyRequest = DescribeKeyRequest.builder() .keyId(keyId) .build(); CompletableFuture<DescribeKeyResponse> responseFuture = getAsyncClient().describeKey(keyRequest); return responseFuture.whenComplete((resp, ex) -> { if (resp != null) { KeyState keyState = resp.keyMetadata().keyState(); if (keyState == KeyState.ENABLED) { logger.info("The key is enabled."); } else { logger.info("The key is not enabled. Key state: {}", keyState); } } else { throw new RuntimeException(ex); } }).thenApply(resp -> resp.keyMetadata().keyState() == KeyState.ENABLED); }
-
Untuk API detailnya, lihat DescribeKeydi AWS SDK for Java 2.x APIReferensi.
-
Contoh kode berikut menunjukkan cara menggunakanDisableKey
.
- SDKuntuk Java 2.x
-
catatan
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS
. /** * Asynchronously disables the specified AWS Key Management Service (KMS) key. * * @param keyId the ID or Amazon Resource Name (ARN) of the KMS key to be disabled * @return a CompletableFuture that, when completed, indicates that the key has been disabled successfully */ public CompletableFuture<Void> disableKeyAsync(String keyId) { DisableKeyRequest keyRequest = DisableKeyRequest.builder() .keyId(keyId) .build(); return getAsyncClient().disableKey(keyRequest) .thenRun(() -> { logger.info("Key {} has been disabled successfully",keyId); }) .exceptionally(throwable -> { throw new RuntimeException("Failed to disable key: " + keyId, throwable); }); }
-
Untuk API detailnya, lihat DisableKeydi AWS SDK for Java 2.x APIReferensi.
-
Contoh kode berikut menunjukkan cara menggunakanEnableKey
.
- SDKuntuk Java 2.x
-
catatan
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS
. /** * Asynchronously enables the specified key. * * @param keyId the ID of the key to enable * @return a {@link CompletableFuture} that completes when the key has been enabled */ public CompletableFuture<Void> enableKeyAsync(String keyId) { EnableKeyRequest enableKeyRequest = EnableKeyRequest.builder() .keyId(keyId) .build(); CompletableFuture<EnableKeyResponse> responseFuture = getAsyncClient().enableKey(enableKeyRequest); responseFuture.whenComplete((response, exception) -> { if (exception == null) { logger.info("Key with ID [{}] has been enabled.", keyId); } else { if (exception instanceof KmsException kmsEx) { throw new RuntimeException("KMS error occurred while enabling key: " + kmsEx.getMessage(), kmsEx); } else { throw new RuntimeException("An unexpected error occurred while enabling key: " + exception.getMessage(), exception); } } }); return responseFuture.thenApply(response -> null); }
-
Untuk API detailnya, lihat EnableKeydi AWS SDK for Java 2.x APIReferensi.
-
Contoh kode berikut menunjukkan cara menggunakanEncrypt
.
- SDKuntuk Java 2.x
-
catatan
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS
. /** * Encrypts the given text asynchronously using the specified KMS client and key ID. * * @param keyId the ID of the KMS key to use for encryption * @param text the text to encrypt * @return a CompletableFuture that completes with the encrypted data as an SdkBytes object */ public CompletableFuture<SdkBytes> encryptDataAsync(String keyId, String text) { SdkBytes myBytes = SdkBytes.fromUtf8String(text); EncryptRequest encryptRequest = EncryptRequest.builder() .keyId(keyId) .plaintext(myBytes) .build(); CompletableFuture<EncryptResponse> responseFuture = getAsyncClient().encrypt(encryptRequest).toCompletableFuture(); return responseFuture.whenComplete((response, ex) -> { if (response != null) { String algorithm = response.encryptionAlgorithm().toString(); logger.info("The string was encrypted with algorithm {}.", algorithm); } else { throw new RuntimeException(ex); } }).thenApply(EncryptResponse::ciphertextBlob); }
-
Untuk API detailnya, lihat Enkripsi di AWS SDK for Java 2.x APIReferensi.
-
Contoh kode berikut menunjukkan cara menggunakanListAliases
.
- SDKuntuk Java 2.x
-
catatan
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS
. /** * Asynchronously lists all the aliases in the current AWS account. * * @return a {@link CompletableFuture} that completes when the list of aliases has been processed */ public CompletableFuture<Object> listAllAliasesAsync() { ListAliasesRequest aliasesRequest = ListAliasesRequest.builder() .limit(15) .build(); ListAliasesPublisher paginator = getAsyncClient().listAliasesPaginator(aliasesRequest); return paginator.subscribe(response -> { response.aliases().forEach(alias -> logger.info("The alias name is: " + alias.aliasName()) ); }) .thenApply(v -> null) .exceptionally(ex -> { if (ex.getCause() instanceof KmsException) { KmsException e = (KmsException) ex.getCause(); throw new RuntimeException("A KMS exception occurred: " + e.getMessage()); } else { throw new RuntimeException("An unexpected error occurred: " + ex.getMessage()); } }); }
-
Untuk API detailnya, lihat ListAliasesdi AWS SDK for Java 2.x APIReferensi.
-
Contoh kode berikut menunjukkan cara menggunakanListGrants
.
- SDKuntuk Java 2.x
-
catatan
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS
. /** * Asynchronously displays the grant IDs for the specified key ID. * * @param keyId the ID of the AWS KMS key for which to list the grants * @return a {@link CompletableFuture} that, when completed, will be null if the operation succeeded, or will throw a {@link RuntimeException} if the operation failed * @throws RuntimeException if there was an error listing the grants, either due to an {@link KmsException} or an unexpected error */ public CompletableFuture<Object> displayGrantIdsAsync(String keyId) { ListGrantsRequest grantsRequest = ListGrantsRequest.builder() .keyId(keyId) .limit(15) .build(); ListGrantsPublisher paginator = getAsyncClient().listGrantsPaginator(grantsRequest); return paginator.subscribe(response -> { response.grants().forEach(grant -> { logger.info("The grant Id is: " + grant.grantId()); }); }) .thenApply(v -> null) .exceptionally(ex -> { Throwable cause = ex.getCause(); if (cause instanceof KmsException) { throw new RuntimeException("Failed to list grants: " + cause.getMessage(), cause); } else { throw new RuntimeException("An unexpected error occurred: " + cause.getMessage(), cause); } }); }
-
Untuk API detailnya, lihat ListGrantsdi AWS SDK for Java 2.x APIReferensi.
-
Contoh kode berikut menunjukkan cara menggunakanListKeyPolicies
.
- SDKuntuk Java 2.x
-
catatan
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS
. /** * Asynchronously retrieves the key policy for the specified key ID and policy name. * * @param keyId the ID of the AWS KMS key for which to retrieve the policy * @param policyName the name of the key policy to retrieve * @return a {@link CompletableFuture} that, when completed, contains the key policy as a {@link String} */ public CompletableFuture<String> getKeyPolicyAsync(String keyId, String policyName) { GetKeyPolicyRequest policyRequest = GetKeyPolicyRequest.builder() .keyId(keyId) .policyName(policyName) .build(); return getAsyncClient().getKeyPolicy(policyRequest) .thenApply(response -> { String policy = response.policy(); logger.info("The response is: " + policy); return policy; }) .exceptionally(ex -> { throw new RuntimeException("Failed to get key policy", ex); }); }
-
Untuk API detailnya, lihat ListKeyPoliciesdi AWS SDK for Java 2.x APIReferensi.
-
Contoh kode berikut menunjukkan cara menggunakanListKeys
.
- SDKuntuk Java 2.x
-
catatan
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS
. import software.amazon.awssdk.services.kms.KmsAsyncClient; import software.amazon.awssdk.services.kms.model.ListKeysRequest; import software.amazon.awssdk.services.kms.paginators.ListKeysPublisher; import java.util.concurrent.CompletableFuture; /** * Before running this Java V2 code example, set up your development * environment, including your credentials. * * For more information, see the following documentation topic: * * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html */ public class HelloKMS { public static void main(String[] args) { listAllKeys(); } public static void listAllKeys() { KmsAsyncClient kmsAsyncClient = KmsAsyncClient.builder() .build(); ListKeysRequest listKeysRequest = ListKeysRequest.builder() .limit(15) .build(); /* * The `subscribe` method is required when using paginator methods in the AWS SDK * because paginator methods return an instance of a `ListKeysPublisher`, which is * based on a reactive stream. This allows asynchronous retrieval of paginated * results as they become available. By subscribing to the stream, we can process * each page of results as they are emitted. */ ListKeysPublisher keysPublisher = kmsAsyncClient.listKeysPaginator(listKeysRequest); CompletableFuture<Void> future = keysPublisher .subscribe(r -> r.keys().forEach(key -> System.out.println("The key ARN is: " + key.keyArn() + ". The key Id is: " + key.keyId()))) .whenComplete((result, exception) -> { if (exception != null) { System.err.println("Error occurred: " + exception.getMessage()); } else { System.out.println("Successfully listed all keys."); } }); try { future.join(); } catch (Exception e) { System.err.println("Failed to list keys: " + e.getMessage()); } } }
-
Untuk API detailnya, lihat ListKeysdi AWS SDK for Java 2.x APIReferensi.
-
Contoh kode berikut menunjukkan cara menggunakanRevokeGrant
.
- SDKuntuk Java 2.x
-
catatan
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS
. /** * Revokes a grant for the specified AWS KMS key asynchronously. * * @param keyId The ID or key ARN of the AWS KMS key. * @param grantId The identifier of the grant to be revoked. * @return A {@link CompletableFuture} representing the asynchronous operation of revoking the grant. * The {@link CompletableFuture} will complete with a {@link RevokeGrantResponse} object * if the operation is successful, or with a {@code null} value if an error occurs. */ public CompletableFuture<RevokeGrantResponse> revokeKeyGrantAsync(String keyId, String grantId) { RevokeGrantRequest grantRequest = RevokeGrantRequest.builder() .keyId(keyId) .grantId(grantId) .build(); CompletableFuture<RevokeGrantResponse> responseFuture = getAsyncClient().revokeGrant(grantRequest); responseFuture.whenComplete((response, exception) -> { if (exception == null) { logger.info("Grant ID: [" + grantId + "] was successfully revoked!"); } else { if (exception instanceof KmsException kmsEx) { if (kmsEx.getMessage().contains("Grant does not exist")) { logger.info("The grant ID '" + grantId + "' does not exist. Moving on..."); } else { throw new RuntimeException("KMS error occurred: " + kmsEx.getMessage(), kmsEx); } } else { throw new RuntimeException("An unexpected error occurred: " + exception.getMessage(), exception); } } }); return responseFuture; }
-
Untuk API detailnya, lihat RevokeGrantdi AWS SDK for Java 2.x APIReferensi.
-
Contoh kode berikut menunjukkan cara menggunakanScheduleKeyDeletion
.
- SDKuntuk Java 2.x
-
catatan
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS
. /** * Deletes a KMS key asynchronously. * * <p><strong>Warning:</strong> Deleting a KMS key is a destructive and potentially dangerous operation. * When a KMS key is deleted, all data that was encrypted under the KMS key becomes unrecoverable. * This means that any files, databases, or other data that were encrypted using the deleted KMS key * will become permanently inaccessible. Exercise extreme caution when deleting KMS keys.</p> * * @param keyId the ID of the KMS key to delete * @return a {@link CompletableFuture} that completes when the key deletion is scheduled */ public CompletableFuture<Void> deleteKeyAsync(String keyId) { ScheduleKeyDeletionRequest deletionRequest = ScheduleKeyDeletionRequest.builder() .keyId(keyId) .pendingWindowInDays(7) .build(); return getAsyncClient().scheduleKeyDeletion(deletionRequest) .thenRun(() -> { logger.info("Key {} will be deleted in 7 days", keyId); }) .exceptionally(throwable -> { throw new RuntimeException("Failed to schedule key deletion for key ID: " + keyId, throwable); }); }
-
Untuk API detailnya, lihat ScheduleKeyDeletiondi AWS SDK for Java 2.x APIReferensi.
-
Contoh kode berikut menunjukkan cara menggunakanSign
.
- SDKuntuk Java 2.x
-
catatan
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS
. /** * Asynchronously signs and verifies data using AWS KMS. * * <p>The method performs the following steps: * <ol> * <li>Creates an AWS KMS key with the specified key spec, key usage, and origin.</li> * <li>Signs the provided message using the created KMS key and the RSASSA-PSS-SHA-256 algorithm.</li> * <li>Verifies the signature of the message using the created KMS key and the RSASSA-PSS-SHA-256 algorithm.</li> * </ol> * * @return a {@link CompletableFuture} that completes with the result of the signature verification, * {@code true} if the signature is valid, {@code false} otherwise. * @throws KmsException if any error occurs during the KMS operations. * @throws RuntimeException if an unexpected error occurs. */ public CompletableFuture<Boolean> signVerifyDataAsync() { String signMessage = "Here is the message that will be digitally signed"; // Create an AWS KMS key used to digitally sign data. CreateKeyRequest createKeyRequest = CreateKeyRequest.builder() .keySpec(KeySpec.RSA_2048) .keyUsage(KeyUsageType.SIGN_VERIFY) .origin(OriginType.AWS_KMS) .build(); return getAsyncClient().createKey(createKeyRequest) .thenCompose(createKeyResponse -> { String keyId = createKeyResponse.keyMetadata().keyId(); SdkBytes messageBytes = SdkBytes.fromString(signMessage, Charset.defaultCharset()); SignRequest signRequest = SignRequest.builder() .keyId(keyId) .message(messageBytes) .signingAlgorithm(SigningAlgorithmSpec.RSASSA_PSS_SHA_256) .build(); return getAsyncClient().sign(signRequest) .thenCompose(signResponse -> { byte[] signedBytes = signResponse.signature().asByteArray(); VerifyRequest verifyRequest = VerifyRequest.builder() .keyId(keyId) .message(SdkBytes.fromByteArray(signMessage.getBytes(Charset.defaultCharset()))) .signature(SdkBytes.fromByteBuffer(ByteBuffer.wrap(signedBytes))) .signingAlgorithm(SigningAlgorithmSpec.RSASSA_PSS_SHA_256) .build(); return getAsyncClient().verify(verifyRequest) .thenApply(verifyResponse -> { return (boolean) verifyResponse.signatureValid(); }); }); }) .exceptionally(throwable -> { throw new RuntimeException("Failed to sign or verify data", throwable); }); }
-
Untuk API detailnya, lihat AWS SDK for Java 2.x APIReferensi Masuk.
-
Contoh kode berikut menunjukkan cara menggunakanTagResource
.
- SDKuntuk Java 2.x
-
catatan
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS
. /** * Asynchronously tags a KMS key with a specific tag. * * @param keyId the ID of the KMS key to be tagged * @return a {@link CompletableFuture} that completes when the tagging operation is finished */ public CompletableFuture<Void> tagKMSKeyAsync(String keyId) { Tag tag = Tag.builder() .tagKey("Environment") .tagValue("Production") .build(); TagResourceRequest tagResourceRequest = TagResourceRequest.builder() .keyId(keyId) .tags(tag) .build(); return getAsyncClient().tagResource(tagResourceRequest) .thenRun(() -> { logger.info("{} key was tagged", keyId); }) .exceptionally(throwable -> { throw new RuntimeException("Failed to tag the KMS key", throwable); }); }
-
Untuk API detailnya, lihat TagResourcedi AWS SDK for Java 2.x APIReferensi.
-