Doc AWS SDK ExamplesWord リポジトリには、さらに多くの GitHub の例があります。 AWS SDK
翻訳は機械翻訳により提供されています。提供された翻訳内容と英語版の間で齟齬、不一致または矛盾がある場合、英語版が優先します。
AWS KMS SDK for PHP を使用する例
次のコード例は、 AWS SDK for PHP を使用してアクションを実行し、一般的なシナリオを実装する方法を示しています AWS KMS。
「基本」は、重要なオペレーションをサービス内で実行する方法を示すコード例です。
アクションはより大きなプログラムからのコードの抜粋であり、コンテキスト内で実行する必要があります。アクションは個々のサービス機能を呼び出す方法を示していますが、コンテキスト内のアクションは、関連するシナリオで確認できます。
各例には、完全なソースコードへのリンクが含まれています。このリンクでは、コンテキストでコードを設定および実行する手順を確認できます。
開始方法
次のコード例は、 AWS Key Management Serviceの使用を開始する方法を示しています。
- PHP に関する SDK
-
注記
GitHub には他にもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 include "vendor/autoload.php"; use Aws\Kms\KmsClient; echo "This file shows how to connect to the KmsClient, uses a paginator to get the keys for the account, and lists the KeyIds for up to 10 keys.\n"; $client = new KmsClient([]); $pageLength = 10; // Change this value to change the number of records shown, or to break up the result into pages. $keys = []; $keysPaginator = $client->getPaginator("ListKeys", ['Limit' => $pageLength]); foreach($keysPaginator as $page){ foreach($page['Keys'] as $index => $key){ echo "The $index index Key's ID is: {$key['KeyId']}\n"; } echo "End of page one of results. Alter the \$pageLength variable to see more results.\n"; break; }-
API の詳細については、ListKeys AWS SDK for PHP リファレンスの API を参照してください。
-
基本
次のコードサンプルは、以下の操作方法を示しています。
KMS キーを作成します。
アカウントの KMS キーを一覧表示し、詳細を取得します。
KMS キーを有効または無効にします。
クライアント側の暗号化に使用できる対称データキーを生成します。
データのデジタル署名に使用する非対称キーを生成します。
キーをダグ付けします。
KMS キーを削除します。
- PHP に関する SDK
-
注記
GitHub には他にもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 echo "\n"; echo "--------------------------------------\n"; echo <<<WELCOME Welcome to the AWS Key Management Service SDK Basics scenario. This program demonstrates how to interact with AWS Key Management Service using the AWS SDK for PHP (v3). The AWS Key Management Service (KMS) is a secure and highly available service that allows you to create and manage AWS KMS keys and control their use across a wide range of AWS services and applications. KMS provides a centralized and unified approach to managing encryption keys, making it easier to meet your data protection and regulatory compliance requirements. This KMS Basics scenario creates two key types: - A symmetric encryption key is used to encrypt and decrypt data. - An asymmetric key used to digitally sign data. Let's get started...\n WELCOME; echo "--------------------------------------\n"; $this->pressEnter(); $this->kmsClient = new KmsClient([]); // Initialize the KmsService class with the client. This allows you to override any defaults in the client before giving it to the service class. $this->kmsService = new KmsService($this->kmsClient); // 1. Create a symmetric KMS key. echo "\n"; echo "1. Create a symmetric KMS key.\n"; echo "First, we will create a symmetric KMS key that is used to encrypt and decrypt data by invoking createKey().\n"; $this->pressEnter(); $key = $this->kmsService->createKey(); $this->resources['symmetricKey'] = $key['KeyId']; echo "Created a customer key with ARN {$key['Arn']}.\n"; $this->pressEnter(); // 2. Enable a KMS key. echo "\n"; echo "2. Enable a KMS key.\n"; echo "By default when you create an AWS key, it is enabled. The code checks to determine if the key is enabled. If it is not enabled, the code enables it.\n"; $this->pressEnter(); $keyInfo = $this->kmsService->describeKey($key['KeyId']); if(!$keyInfo['Enabled']){ echo "The key was not enabled, so we will enable it.\n"; $this->pressEnter(); $this->kmsService->enableKey($key['KeyId']); echo "The key was successfully enabled.\n"; }else{ echo "The key was already enabled, so there was no need to enable it.\n"; } $this->pressEnter(); // 3. Encrypt data using the symmetric KMS key. echo "\n"; echo "3. Encrypt data using the symmetric KMS key.\n"; echo "One of the main uses of symmetric keys is to encrypt and decrypt data.\n"; echo "Next, we'll encrypt the string 'Hello, AWS KMS!' with the SYMMETRIC_DEFAULT encryption algorithm.\n"; $this->pressEnter(); $text = "Hello, AWS KMS!"; $encryption = $this->kmsService->encrypt($key['KeyId'], $text); echo "The plaintext data was successfully encrypted with the algorithm: {$encryption['EncryptionAlgorithm']}.\n"; $this->pressEnter(); // 4. Create an alias. echo "\n"; echo "4. Create an alias.\n"; $aliasInput = testable_readline("Please enter an alias prefixed with \"alias/\" or press enter to use a default value: "); if($aliasInput == ""){ $aliasInput = "alias/dev-encryption-key"; } $this->kmsService->createAlias($key['KeyId'], $aliasInput); $this->resources['alias'] = $aliasInput; echo "The alias \"$aliasInput\" was successfully created.\n"; $this->pressEnter(); // 5. List all of your aliases. $aliasPageSize = 10; echo "\n"; echo "5. List all of your aliases, up to $aliasPageSize.\n"; $this->pressEnter(); $aliasPaginator = $this->kmsService->listAliases(); foreach($aliasPaginator as $pages){ foreach($pages['Aliases'] as $alias){ echo $alias['AliasName'] . "\n"; } break; } $this->pressEnter(); // 6. Enable automatic rotation of the KMS key. echo "\n"; echo "6. Enable automatic rotation of the KMS key.\n"; echo "By default, when the SDK enables automatic rotation of a KMS key, KMS rotates the key material of the KMS key one year (approximately 365 days) from the enable date and every year thereafter."; $this->pressEnter(); $this->kmsService->enableKeyRotation($key['KeyId']); echo "The key's rotation was successfully set for key: {$key['KeyId']}\n"; $this->pressEnter(); // 7. Create a grant. echo "7. Create a grant.\n"; echo "\n"; echo "A grant is a policy instrument that allows Amazon Web Services principals to use KMS keys. It also can allow them to view a KMS key (DescribeKey) and create and manage grants. When authorizing access to a KMS key, grants are considered along with key policies and IAM policies.\n"; $granteeARN = testable_readline("Please enter the Amazon Resource Name (ARN) of an Amazon Web Services principal. Valid principals include Amazon Web Services accounts, IAM users, IAM roles, federated users, and assumed role users. For help with the ARN syntax for a principal, see IAM ARNs in the Identity and Access Management User Guide. \nTo skip this step, press enter without any other values: "); if($granteeARN){ $operations = [ "ENCRYPT", "DECRYPT", "DESCRIBE_KEY", ]; $grant = $this->kmsService->createGrant($key['KeyId'], $granteeARN, $operations); echo "The grant Id is: {$grant['GrantId']}\n"; }else{ echo "Steps 7, 8, and 9 will be skipped.\n"; } $this->pressEnter(); // 8. List grants for the KMS key. if($granteeARN){ echo "8. List grants for the KMS key.\n\n"; $grantsPaginator = $this->kmsService->listGrants($key['KeyId']); foreach($grantsPaginator as $page){ foreach($page['Grants'] as $grant){ echo $grant['GrantId'] . "\n"; } } }else{ echo "Skipping step 8...\n"; } $this->pressEnter(); // 9. Revoke the grant. if($granteeARN) { echo "\n"; echo "9. Revoke the grant.\n"; $this->pressEnter(); $this->kmsService->revokeGrant($grant['GrantId'], $keyInfo['KeyId']); echo "{$grant['GrantId']} was successfully revoked!\n"; }else{ echo "Skipping step 9...\n"; } $this->pressEnter(); // 10. Decrypt the data. echo "\n"; echo "10. Decrypt the data.\n"; echo "Let's decrypt the data that was encrypted before.\n"; echo "We'll use the same key to decrypt the string that we encrypted earlier in the program.\n"; $this->pressEnter(); $decryption = $this->kmsService->decrypt($keyInfo['KeyId'], $encryption['CiphertextBlob'], $encryption['EncryptionAlgorithm']); echo "The decrypted text is: {$decryption['Plaintext']}\n"; $this->pressEnter(); // 11. Replace a Key Policy. echo "\n"; echo "11. Replace a Key Policy.\n"; echo "A key policy is a resource policy for a KMS key. Key policies are the primary way to control access to KMS keys.\n"; echo "Every KMS key must have exactly one key policy. The statements in the key policy determine who has permission to use the KMS key and how they can use it.\n"; echo " You can also use IAM policies and grants to control access to the KMS key, but every KMS key must have a key policy.\n"; echo "We will replace the key's policy with a new one:\n"; $stsClient = new StsClient([]); $result = $stsClient->getCallerIdentity(); $accountId = $result['Account']; $keyPolicy = <<< KEYPOLICY { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::$accountId:root"}, "Action": "kms:*", "Resource": "*" }] } KEYPOLICY; echo $keyPolicy; $this->pressEnter(); $this->kmsService->putKeyPolicy($keyInfo['KeyId'], $keyPolicy); echo "The Key Policy was successfully replaced!\n"; $this->pressEnter(); // 12. Retrieve the key policy. echo "\n"; echo "12. Retrieve the key policy.\n"; echo "Let's get some information about the new policy and print it to the screen.\n"; $this->pressEnter(); $policyInfo = $this->kmsService->getKeyPolicy($keyInfo['KeyId']); echo "We got the info! Here is the policy: \n"; echo $policyInfo['Policy'] . "\n"; $this->pressEnter(); // 13. Create an asymmetric KMS key and sign data. echo "\n"; echo "13. Create an asymmetric KMS key and sign data.\n"; echo "Signing your data with an AWS key can provide several benefits that make it an attractive option for your data signing needs.\n"; echo "By using an AWS KMS key, you can leverage the security controls and compliance features provided by AWS, which can help you meet various regulatory requirements and enhance the overall security posture of your organization.\n"; echo "First we'll create the asymmetric key.\n"; $this->pressEnter(); $keySpec = "RSA_2048"; $keyUsage = "SIGN_VERIFY"; $asymmetricKey = $this->kmsService->createKey($keySpec, $keyUsage); $this->resources['asymmetricKey'] = $asymmetricKey['KeyId']; echo "Created the key with ID: {$asymmetricKey['KeyId']}\n"; echo "Next, we'll sign the data.\n"; $this->pressEnter(); $algorithm = "RSASSA_PSS_SHA_256"; $sign = $this->kmsService->sign($asymmetricKey['KeyId'], $text, $algorithm); $verify = $this->kmsService->verify($asymmetricKey['KeyId'], $text, $sign['Signature'], $algorithm); echo "Signature verification result: {$sign['signature']}\n"; $this->pressEnter(); // 14. Tag the symmetric KMS key. echo "\n"; echo "14. Tag the symmetric KMS key.\n"; echo "By using tags, you can improve the overall management, security, and governance of your KMS keys, making it easier to organize, track, and control access to your encrypted data within your AWS environment.\n"; echo "Let's tag our symmetric key as Environment->Production\n"; $this->pressEnter(); $this->kmsService->tagResource($key['KeyId'], [ [ 'TagKey' => "Environment", 'TagValue' => "Production", ], ]); echo "The key was successfully tagged!\n"; $this->pressEnter(); // 15. Schedule the deletion of the KMS key echo "\n"; echo "15. Schedule the deletion of the KMS key.\n"; echo "By default, KMS applies a waiting period of 30 days, but you can specify a waiting period of 7-30 days.\n"; echo "When this operation is successful, the key state of the KMS key changes to PendingDeletion and the key can't be used in any cryptographic operations.\n"; echo "It remains in this state for the duration of the waiting period.\n\n"; echo "Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key is deleted, all data that was encrypted under the KMS key is unrecoverable.\n\n"; $cleanUp = testable_readline("Would you like to delete the resources created during this scenario, including the keys? (y/n): "); if($cleanUp == "Y" || $cleanUp == "y"){ $this->cleanUp(); } echo "--------------------------------------------------------------------------------\n"; echo "This concludes the AWS Key Management SDK Basics scenario\n"; echo "--------------------------------------------------------------------------------\n"; namespace Kms; use Aws\Kms\Exception\KmsException; use Aws\Kms\KmsClient; use Aws\Result; use Aws\ResultPaginator; use AwsUtilities\AWSServiceClass; class KmsService extends AWSServiceClass { protected KmsClient $client; protected bool $verbose; /*** * @param KmsClient|null $client * @param bool $verbose */ public function __construct(KmsClient $client = null, bool $verbose = false) { $this->verbose = $verbose; if($client){ $this->client = $client; return; } $this->client = new KmsClient([]); } /*** * @param string $keySpec * @param string $keyUsage * @param string $description * @return array */ public function createKey(string $keySpec = "", string $keyUsage = "", string $description = "Created by the SDK for PHP") { $parameters = ['Description' => $description]; if($keySpec && $keyUsage){ $parameters['KeySpec'] = $keySpec; $parameters['KeyUsage'] = $keyUsage; } try { $result = $this->client->createKey($parameters); return $result['KeyMetadata']; }catch(KmsException $caught){ // Check for error specific to createKey operations if ($caught->getAwsErrorMessage() == "LimitExceededException"){ echo "The request was rejected because a quota was exceeded. For more information, see Quotas in the Key Management Service Developer Guide."; } throw $caught; } } /*** * @param string $keyId * @param string $ciphertext * @param string $algorithm * @return Result */ public function decrypt(string $keyId, string $ciphertext, string $algorithm = "SYMMETRIC_DEFAULT") { try{ return $this->client->decrypt([ 'CiphertextBlob' => $ciphertext, 'EncryptionAlgorithm' => $algorithm, 'KeyId' => $keyId, ]); }catch(KmsException $caught){ echo "There was a problem decrypting the data: {$caught->getAwsErrorMessage()}\n"; throw $caught; } } /*** * @param string $keyId * @param string $text * @return Result */ public function encrypt(string $keyId, string $text) { try { return $this->client->encrypt([ 'KeyId' => $keyId, 'Plaintext' => $text, ]); }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "DisabledException"){ echo "The request was rejected because the specified KMS key is not enabled.\n"; } throw $caught; } } /*** * @param string $keyId * @param int $limit * @return ResultPaginator */ public function listAliases(string $keyId = "", int $limit = 0) { $args = []; if($keyId){ $args['KeyId'] = $keyId; } if($limit){ $args['Limit'] = $limit; } try{ return $this->client->getPaginator("ListAliases", $args); }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "InvalidMarkerException"){ echo "The request was rejected because the marker that specifies where pagination should next begin is not valid.\n"; } throw $caught; } } /*** * @param string $keyId * @param string $alias * @return void */ public function createAlias(string $keyId, string $alias) { try{ $this->client->createAlias([ 'TargetKeyId' => $keyId, 'AliasName' => $alias, ]); }catch (KmsException $caught){ if($caught->getAwsErrorMessage() == "InvalidAliasNameException"){ echo "The request was rejected because the specified alias name is not valid."; } throw $caught; } } /*** * @param string $keyId * @param string $granteePrincipal * @param array $operations * @param array $grantTokens * @return Result */ public function createGrant(string $keyId, string $granteePrincipal, array $operations, array $grantTokens = []) { $args = [ 'KeyId' => $keyId, 'GranteePrincipal' => $granteePrincipal, 'Operations' => $operations, ]; if($grantTokens){ $args['GrantTokens'] = $grantTokens; } try{ return $this->client->createGrant($args); }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "InvalidGrantTokenException"){ echo "The request was rejected because the specified grant token is not valid.\n"; } throw $caught; } } /*** * @param string $keyId * @return array */ public function describeKey(string $keyId) { try { $result = $this->client->describeKey([ "KeyId" => $keyId, ]); return $result['KeyMetadata']; }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "NotFoundException"){ echo "The request was rejected because the specified entity or resource could not be found.\n"; } throw $caught; } } /*** * @param string $keyId * @return void */ public function disableKey(string $keyId) { try { $this->client->disableKey([ 'KeyId' => $keyId, ]); }catch(KmsException $caught){ echo "There was a problem disabling the key: {$caught->getAwsErrorMessage()}\n"; throw $caught; } } /*** * @param string $keyId * @return void */ public function enableKey(string $keyId) { try { $this->client->enableKey([ 'KeyId' => $keyId, ]); }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "NotFoundException"){ echo "The request was rejected because the specified entity or resource could not be found.\n"; } throw $caught; } } /*** * @return array */ public function listKeys() { try { $contents = []; $paginator = $this->client->getPaginator("ListKeys"); foreach($paginator as $result){ foreach ($result['Content'] as $object) { $contents[] = $object; } } return $contents; }catch(KmsException $caught){ echo "There was a problem listing the keys: {$caught->getAwsErrorMessage()}\n"; throw $caught; } } /*** * @param string $keyId * @return Result */ public function listGrants(string $keyId) { try{ return $this->client->listGrants([ 'KeyId' => $keyId, ]); }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "NotFoundException"){ echo " The request was rejected because the specified entity or resource could not be found.\n"; } throw $caught; } } /*** * @param string $keyId * @return Result */ public function getKeyPolicy(string $keyId) { try { return $this->client->getKeyPolicy([ 'KeyId' => $keyId, ]); }catch(KmsException $caught){ echo "There was a problem getting the key policy: {$caught->getAwsErrorMessage()}\n"; throw $caught; } } /*** * @param string $grantId * @param string $keyId * @return void */ public function revokeGrant(string $grantId, string $keyId) { try{ $this->client->revokeGrant([ 'GrantId' => $grantId, 'KeyId' => $keyId, ]); }catch(KmsException $caught){ echo "There was a problem with revoking the grant: {$caught->getAwsErrorMessage()}.\n"; throw $caught; } } /*** * @param string $keyId * @param int $pendingWindowInDays * @return void */ public function scheduleKeyDeletion(string $keyId, int $pendingWindowInDays = 7) { try { $this->client->scheduleKeyDeletion([ 'KeyId' => $keyId, 'PendingWindowInDays' => $pendingWindowInDays, ]); }catch(KmsException $caught){ echo "There was a problem scheduling the key deletion: {$caught->getAwsErrorMessage()}\n"; throw $caught; } } /*** * @param string $keyId * @param array $tags * @return void */ public function tagResource(string $keyId, array $tags) { try { $this->client->tagResource([ 'KeyId' => $keyId, 'Tags' => $tags, ]); }catch(KmsException $caught){ echo "There was a problem applying the tag(s): {$caught->getAwsErrorMessage()}\n"; throw $caught; } } /*** * @param string $keyId * @param string $message * @param string $algorithm * @return Result */ public function sign(string $keyId, string $message, string $algorithm) { try { return $this->client->sign([ 'KeyId' => $keyId, 'Message' => $message, 'SigningAlgorithm' => $algorithm, ]); }catch(KmsException $caught){ echo "There was a problem signing the data: {$caught->getAwsErrorMessage()}\n"; throw $caught; } } /*** * @param string $keyId * @param int $rotationPeriodInDays * @return void */ public function enableKeyRotation(string $keyId, int $rotationPeriodInDays = 365) { try{ $this->client->enableKeyRotation([ 'KeyId' => $keyId, 'RotationPeriodInDays' => $rotationPeriodInDays, ]); }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "NotFoundException"){ echo "The request was rejected because the specified entity or resource could not be found.\n"; } throw $caught; } } /*** * @param string $keyId * @param string $policy * @return void */ public function putKeyPolicy(string $keyId, string $policy) { try { $this->client->putKeyPolicy([ 'KeyId' => $keyId, 'Policy' => $policy, ]); }catch(KmsException $caught){ echo "There was a problem replacing the key policy: {$caught->getAwsErrorMessage()}\n"; throw $caught; } } /*** * @param string $aliasName * @return void */ public function deleteAlias(string $aliasName) { try { $this->client->deleteAlias([ 'AliasName' => $aliasName, ]); }catch(KmsException $caught){ echo "There was a problem deleting the alias: {$caught->getAwsErrorMessage()}\n"; throw $caught; } } /*** * @param string $keyId * @param string $message * @param string $signature * @param string $signingAlgorithm * @return bool */ public function verify(string $keyId, string $message, string $signature, string $signingAlgorithm) { try { $result = $this->client->verify([ 'KeyId' => $keyId, 'Message' => $message, 'Signature' => $signature, 'SigningAlgorithm' => $signingAlgorithm, ]); return $result['SignatureValid']; }catch(KmsException $caught){ echo "There was a problem verifying the signature: {$caught->getAwsErrorMessage()}\n"; throw $caught; } } }-
API の詳細については、AWS SDK for PHP API リファレンスの以下のトピックを参照してください。
-
アクション
次のコード例は、CreateAlias を使用する方法を示しています。
- PHP に関する SDK
-
注記
GitHub には他にもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 /*** * @param string $keyId * @param string $alias * @return void */ public function createAlias(string $keyId, string $alias) { try{ $this->client->createAlias([ 'TargetKeyId' => $keyId, 'AliasName' => $alias, ]); }catch (KmsException $caught){ if($caught->getAwsErrorMessage() == "InvalidAliasNameException"){ echo "The request was rejected because the specified alias name is not valid."; } throw $caught; } }-
API の詳細については、CreateAlias AWS SDK for PHP リファレンスの API を参照してください。
-
次の例は、CreateGrant を使用する方法を説明しています。
- PHP に関する SDK
-
注記
GitHub には他にもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 /*** * @param string $keyId * @param string $granteePrincipal * @param array $operations * @param array $grantTokens * @return Result */ public function createGrant(string $keyId, string $granteePrincipal, array $operations, array $grantTokens = []) { $args = [ 'KeyId' => $keyId, 'GranteePrincipal' => $granteePrincipal, 'Operations' => $operations, ]; if($grantTokens){ $args['GrantTokens'] = $grantTokens; } try{ return $this->client->createGrant($args); }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "InvalidGrantTokenException"){ echo "The request was rejected because the specified grant token is not valid.\n"; } throw $caught; } }-
API の詳細については、CreateGrant AWS SDK for PHP リファレンスの API を参照してください。
-
次のコード例は、CreateKey を使用する方法を示しています。
- PHP に関する SDK
-
注記
GitHub には他にもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 /*** * @param string $keySpec * @param string $keyUsage * @param string $description * @return array */ public function createKey(string $keySpec = "", string $keyUsage = "", string $description = "Created by the SDK for PHP") { $parameters = ['Description' => $description]; if($keySpec && $keyUsage){ $parameters['KeySpec'] = $keySpec; $parameters['KeyUsage'] = $keyUsage; } try { $result = $this->client->createKey($parameters); return $result['KeyMetadata']; }catch(KmsException $caught){ // Check for error specific to createKey operations if ($caught->getAwsErrorMessage() == "LimitExceededException"){ echo "The request was rejected because a quota was exceeded. For more information, see Quotas in the Key Management Service Developer Guide."; } throw $caught; } }-
API の詳細については、CreateKey AWS SDK for PHP リファレンスのAPI」を参照してください。
-
次のコード例は、Decrypt を使用する方法を示しています。
- PHP に関する SDK
-
注記
GitHub には他にもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 /*** * @param string $keyId * @param string $ciphertext * @param string $algorithm * @return Result */ public function decrypt(string $keyId, string $ciphertext, string $algorithm = "SYMMETRIC_DEFAULT") { try{ return $this->client->decrypt([ 'CiphertextBlob' => $ciphertext, 'EncryptionAlgorithm' => $algorithm, 'KeyId' => $keyId, ]); }catch(KmsException $caught){ echo "There was a problem decrypting the data: {$caught->getAwsErrorMessage()}\n"; throw $caught; } }-
API の詳細については、AWS SDK for PHP API リファレンスの復号を参照してください。
-
次のコード例は、DeleteAlias を使用する方法を示しています。
- PHP に関する SDK
-
注記
GitHub には他にもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 /*** * @param string $aliasName * @return void */ public function deleteAlias(string $aliasName) { try { $this->client->deleteAlias([ 'AliasName' => $aliasName, ]); }catch(KmsException $caught){ echo "There was a problem deleting the alias: {$caught->getAwsErrorMessage()}\n"; throw $caught; } }-
API の詳細については、DeleteAlias AWS SDK for PHP リファレンスの API を参照してください。
-
次のコード例は、DescribeKey を使用する方法を示しています。
- PHP に関する SDK
-
注記
GitHub には他にもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 /*** * @param string $keyId * @return array */ public function describeKey(string $keyId) { try { $result = $this->client->describeKey([ "KeyId" => $keyId, ]); return $result['KeyMetadata']; }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "NotFoundException"){ echo "The request was rejected because the specified entity or resource could not be found.\n"; } throw $caught; } }-
API の詳細については、DescribeKey AWS SDK for PHP リファレンスの API を参照してください。
-
次の例は、DisableKey を使用する方法を説明しています。
- PHP に関する SDK
-
注記
GitHub には他にもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 /*** * @param string $keyId * @return void */ public function disableKey(string $keyId) { try { $this->client->disableKey([ 'KeyId' => $keyId, ]); }catch(KmsException $caught){ echo "There was a problem disabling the key: {$caught->getAwsErrorMessage()}\n"; throw $caught; } }-
API の詳細については、DisableKey AWS SDK for PHP リファレンスのAPI」を参照してください。
-
次の例は、EnableKey を使用する方法を説明しています。
- PHP に関する SDK
-
注記
GitHub には他にもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 /*** * @param string $keyId * @return void */ public function enableKey(string $keyId) { try { $this->client->enableKey([ 'KeyId' => $keyId, ]); }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "NotFoundException"){ echo "The request was rejected because the specified entity or resource could not be found.\n"; } throw $caught; } }-
API の詳細については、EnableKey AWS SDK for PHP リファレンスの API を参照してください。
-
次のコード例は、Encrypt を使用する方法を示しています。
- PHP に関する SDK
-
注記
GitHub には他にもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 /*** * @param string $keyId * @param string $text * @return Result */ public function encrypt(string $keyId, string $text) { try { return $this->client->encrypt([ 'KeyId' => $keyId, 'Plaintext' => $text, ]); }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "DisabledException"){ echo "The request was rejected because the specified KMS key is not enabled.\n"; } throw $caught; } }-
API の詳細については、AWS SDK for PHP API リファレンスの「暗号化」を参照してください。
-
次のコード例は、ListAliases を使用する方法を示しています。
- PHP に関する SDK
-
注記
GitHub には他にもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 /*** * @param string $keyId * @param int $limit * @return ResultPaginator */ public function listAliases(string $keyId = "", int $limit = 0) { $args = []; if($keyId){ $args['KeyId'] = $keyId; } if($limit){ $args['Limit'] = $limit; } try{ return $this->client->getPaginator("ListAliases", $args); }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "InvalidMarkerException"){ echo "The request was rejected because the marker that specifies where pagination should next begin is not valid.\n"; } throw $caught; } }-
API の詳細については、ListAliases AWS SDK for PHP リファレンスの API を参照してください。
-
次の例は、ListGrants を使用する方法を説明しています。
- PHP に関する SDK
-
注記
GitHub には他にもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 /*** * @param string $keyId * @return Result */ public function listGrants(string $keyId) { try{ return $this->client->listGrants([ 'KeyId' => $keyId, ]); }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "NotFoundException"){ echo " The request was rejected because the specified entity or resource could not be found.\n"; } throw $caught; } }-
API の詳細については、ListGrants AWS SDK for PHP リファレンスの API を参照してください。
-
次の例は、ListKeys を使用する方法を説明しています。
- PHP に関する SDK
-
注記
GitHub には他にもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 /*** * @return array */ public function listKeys() { try { $contents = []; $paginator = $this->client->getPaginator("ListKeys"); foreach($paginator as $result){ foreach ($result['Content'] as $object) { $contents[] = $object; } } return $contents; }catch(KmsException $caught){ echo "There was a problem listing the keys: {$caught->getAwsErrorMessage()}\n"; throw $caught; } }-
API の詳細については、ListKeys AWS SDK for PHP リファレンスの API を参照してください。
-
次のコード例は、PutKeyPolicy を使用する方法を示しています。
- PHP に関する SDK
-
注記
GitHub には他にもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 /*** * @param string $keyId * @param string $policy * @return void */ public function putKeyPolicy(string $keyId, string $policy) { try { $this->client->putKeyPolicy([ 'KeyId' => $keyId, 'Policy' => $policy, ]); }catch(KmsException $caught){ echo "There was a problem replacing the key policy: {$caught->getAwsErrorMessage()}\n"; throw $caught; } }-
API の詳細については、PutKeyPolicy AWS SDK for PHP リファレンスの API を参照してください。
-
次の例は、RevokeGrant を使用する方法を説明しています。
- PHP に関する SDK
-
注記
GitHub には他にもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 /*** * @param string $grantId * @param string $keyId * @return void */ public function revokeGrant(string $grantId, string $keyId) { try{ $this->client->revokeGrant([ 'GrantId' => $grantId, 'KeyId' => $keyId, ]); }catch(KmsException $caught){ echo "There was a problem with revoking the grant: {$caught->getAwsErrorMessage()}.\n"; throw $caught; } }-
API の詳細については、RevokeGrant AWS SDK for PHP リファレンスのAPI」を参照してください。
-
次の例は、ScheduleKeyDeletion を使用する方法を説明しています。
- PHP に関する SDK
-
注記
GitHub には他にもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 /*** * @param string $keyId * @param int $pendingWindowInDays * @return void */ public function scheduleKeyDeletion(string $keyId, int $pendingWindowInDays = 7) { try { $this->client->scheduleKeyDeletion([ 'KeyId' => $keyId, 'PendingWindowInDays' => $pendingWindowInDays, ]); }catch(KmsException $caught){ echo "There was a problem scheduling the key deletion: {$caught->getAwsErrorMessage()}\n"; throw $caught; } }-
API の詳細については、ScheduleKeyDeletion AWS SDK for PHP リファレンスの API を参照してください。
-
次のコード例は、Sign を使用する方法を示しています。
- PHP に関する SDK
-
注記
GitHub には他にもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 /*** * @param string $keyId * @param string $message * @param string $algorithm * @return Result */ public function sign(string $keyId, string $message, string $algorithm) { try { return $this->client->sign([ 'KeyId' => $keyId, 'Message' => $message, 'SigningAlgorithm' => $algorithm, ]); }catch(KmsException $caught){ echo "There was a problem signing the data: {$caught->getAwsErrorMessage()}\n"; throw $caught; } }-
API の詳細については、「Sign in AWS SDK for PHP API Reference」を参照してください。
-
次の例は、TagResource を使用する方法を説明しています。
- PHP に関する SDK
-
注記
GitHub には他にもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 /*** * @param string $keyId * @param array $tags * @return void */ public function tagResource(string $keyId, array $tags) { try { $this->client->tagResource([ 'KeyId' => $keyId, 'Tags' => $tags, ]); }catch(KmsException $caught){ echo "There was a problem applying the tag(s): {$caught->getAwsErrorMessage()}\n"; throw $caught; } }-
API の詳細については、TagResource AWS SDK for PHP リファレンスの API を参照してください。
-
