AWS 文档 AWS SDK示例 GitHub 存储库中还有更多SDK示例
本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
与 AWS SDK或DescribeKey一起使用 CLI
以下代码示例演示如何使用 DescribeKey。
操作示例是大型程序的代码摘录,必须在上下文中运行。您可以在以下代码示例中查看此操作的上下文:
- .NET
-
- AWS SDK for .NET
-
注意
还有更多相关信息 GitHub。在 AWS 代码示例存储库
中查找完整实例,了解如何进行设置和运行。 using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; /// <summary> /// Retrieve information about an AWS Key Management Service (AWS KMS) key. /// You can supply either the key Id or the key Amazon Resource Name (ARN) /// to the DescribeKeyRequest KeyId property. /// </summary> public class DescribeKey { public static async Task Main() { var keyId = "7c9eccc2-38cb-4c4f-9db3-766ee8dd3ad4"; var request = new DescribeKeyRequest { KeyId = keyId, }; var client = new AmazonKeyManagementServiceClient(); var response = await client.DescribeKeyAsync(request); var metadata = response.KeyMetadata; Console.WriteLine($"{metadata.KeyId} created on: {metadata.CreationDate}"); Console.WriteLine($"State: {metadata.KeyState}"); Console.WriteLine($"{metadata.Description}"); } }-
有关API详细信息,请参阅 “AWS SDK for .NET API参考 DescribeKey” 中的。
-
- CLI
-
- AWS CLI
-
示例 1:查找有关KMS密钥的详细信息
以下
describe-key示例在示例账户和区域中获取有关 Amazon S3 AWS 托管密钥的详细信息。您可以使用此命令来查找有关 AWS 托管密钥和客户托管密钥的详细信息。要指定KMS密钥,请使用
key-id参数。此示例使用别名值,但您可以在此命令ARN中使用密钥 ID ARN、密钥、别名或别名。aws kms describe-key \ --key-idalias/aws/s3输出:
{ "KeyMetadata": { "AWSAccountId": "846764612917", "KeyId": "b8a9477d-836c-491f-857e-07937918959b", "Arn": "arn:aws:kms:us-west-2:846764612917:key/b8a9477d-836c-491f-857e-07937918959b", "CreationDate": 2017-06-30T21:44:32.140000+00:00, "Enabled": true, "Description": "Default KMS key that protects my S3 objects when no other key is defined", "KeyUsage": "ENCRYPT_DECRYPT", "KeyState": "Enabled", "Origin": "AWS_KMS", "KeyManager": "AWS", "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT", "EncryptionAlgorithms": [ "SYMMETRIC_DEFAULT" ] } }有关更多信息,请参阅《AWS Key Management Service 开发人员指南》中的查看密钥。
示例 2:获取有关RSA非对称KMS密钥的详细信息
以下
describe-key示例获取有关用于签名和验证的非对称RSAKMS密钥的详细信息。aws kms describe-key \ --key-id1234abcd-12ab-34cd-56ef-1234567890ab输出:
{ "KeyMetadata": { "AWSAccountId": "111122223333", "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", "Arn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "CreationDate": "2019-12-02T19:47:14.861000+00:00", "CustomerMasterKeySpec": "RSA_2048", "Enabled": false, "Description": "", "KeyState": "Disabled", "Origin": "AWS_KMS", "MultiRegion": false, "KeyManager": "CUSTOMER", "KeySpec": "RSA_2048", "KeyUsage": "SIGN_VERIFY", "SigningAlgorithms": [ "RSASSA_PKCS1_V1_5_SHA_256", "RSASSA_PKCS1_V1_5_SHA_384", "RSASSA_PKCS1_V1_5_SHA_512", "RSASSA_PSS_SHA_256", "RSASSA_PSS_SHA_384", "RSASSA_PSS_SHA_512" ] } }示例 3:获取有关多区域副本密钥的详细信息
以下
describe-key示例获取多区域副本密钥的元数据。此多区域密钥是对称加密密钥。任何多区域密钥的describe-key命令输出都会返回有关主密钥及其所有副本的信息。aws kms describe-key \ --key-idarn:aws:kms:ap-northeast-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab输出:
{ "KeyMetadata": { "MultiRegion": true, "AWSAccountId": "111122223333", "Arn": "arn:aws:kms:ap-northeast-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab", "CreationDate": "2021-06-28T21:09:16.114000+00:00", "Description": "", "Enabled": true, "KeyId": "mrk-1234abcd12ab34cd56ef1234567890ab", "KeyManager": "CUSTOMER", "KeyState": "Enabled", "KeyUsage": "ENCRYPT_DECRYPT", "Origin": "AWS_KMS", "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT", "EncryptionAlgorithms": [ "SYMMETRIC_DEFAULT" ], "MultiRegionConfiguration": { "MultiRegionKeyType": "PRIMARY", "PrimaryKey": { "Arn": "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab", "Region": "us-west-2" }, "ReplicaKeys": [ { "Arn": "arn:aws:kms:eu-west-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab", "Region": "eu-west-1" }, { "Arn": "arn:aws:kms:ap-northeast-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab", "Region": "ap-northeast-1" }, { "Arn": "arn:aws:kms:sa-east-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab", "Region": "sa-east-1" } ] } } }示例 4:获取有关HMACKMS密钥的详细信息
以下
describe-key示例获取有关HMACKMS密钥的详细信息。aws kms describe-key \ --key-id1234abcd-12ab-34cd-56ef-1234567890ab输出:
{ "KeyMetadata": { "AWSAccountId": "123456789012", "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", "Arn": "arn:aws:kms:us-west-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab", "CreationDate": "2022-04-03T22:23:10.194000+00:00", "Enabled": true, "Description": "Test key", "KeyUsage": "GENERATE_VERIFY_MAC", "KeyState": "Enabled", "Origin": "AWS_KMS", "KeyManager": "CUSTOMER", "CustomerMasterKeySpec": "HMAC_256", "MacAlgorithms": [ "HMAC_SHA_256" ], "MultiRegion": false } }-
有关API详细信息,请参阅 “DescribeKey AWS CLI
命令参考”。
-
- Java
-
- SDK适用于 Java 2.x
-
注意
还有更多相关信息 GitHub。在 AWS 代码示例存储库
中查找完整实例,了解如何进行设置和运行。 public static boolean isKeyEnabled(KmsClient kmsClient, String keyId) { try { DescribeKeyRequest keyRequest = DescribeKeyRequest.builder() .keyId(keyId) .build(); DescribeKeyResponse response = kmsClient.describeKey(keyRequest); KeyState keyState = response.keyMetadata().keyState(); if (keyState == KeyState.ENABLED) { System.out.println("The key is enabled."); return true; } else { System.out.println("The key is not enabled. Key state: " + keyState); } } catch (KmsException e) { System.err.println(e.getMessage()); System.exit(1); } return false; }-
有关API详细信息,请参阅 “AWS SDK for Java 2.x API参考 DescribeKey” 中的。
-
- Kotlin
-
- SDK对于 Kotlin 来说
-
注意
还有更多相关信息 GitHub。在 AWS 代码示例存储库
中查找完整实例,了解如何进行设置和运行。 suspend fun describeSpecifcKey(keyIdVal: String?) { val request = DescribeKeyRequest { keyId = keyIdVal } KmsClient { region = "us-west-2" }.use { kmsClient -> val response = kmsClient.describeKey(request) println("The key description is ${response.keyMetadata?.description}") println("The key ARN is ${response.keyMetadata?.arn}") } }-
有关API详细信息,请参阅DescribeKey
中的 Kotlin AWS SDK API 参考。
-
- Python
-
- SDK适用于 Python (Boto3)
-
注意
还有更多相关信息 GitHub。在 AWS 代码示例存储库
中查找完整实例,了解如何进行设置和运行。 class KeyManager: def __init__(self, kms_client): self.kms_client = kms_client self.created_keys = [] def describe_key(self): """ Describes a key. """ key_id = input("Enter a key ID or ARN here to get information about the key: ") if key_id: try: key = self.kms_client.describe_key(KeyId=key_id)["KeyMetadata"] except ClientError as err: logging.error( "Couldn't get key '%s'. Here's why: %s", key_id, err.response["Error"]["Message"], ) else: print(f"Got key {key_id}:") pprint(key) return key_id-
有关API详细信息,请参阅DescribeKey中的 AWS SDKPython (Boto3) API 参考。
-
DeleteAlias
DisableKey