AWS 文档 AWS SDK示例 GitHub 存储库中还有更多SDK示例
本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AWS KMS 使用 for SDK 的示例 PHP
以下代码示例向您展示了如何使用with来执行操作和实现常见场景 AWS KMS。 AWS SDK for PHP
基础知识是向您展示如何在服务中执行基本操作的代码示例。
操作是大型程序的代码摘录,必须在上下文中运行。您可以通过操作了解如何调用单个服务函数,还可以通过函数相关场景的上下文查看操作。
每个示例都包含一个指向完整源代码的链接,您可以在其中找到有关如何在上下文中设置和运行代码的说明。
开始使用
以下代码示例展示了如何开始使用 AWS Key Management Service。
- SDK for PHP
-
注意
还有更多相关信息 GitHub。查找完整示例,学习如何在 AWS 代码示例存储库
中进行设置和运行。 include "vendor/autoload.php"; use Aws\Kms\KmsClient; echo "This file shows how to connect to the KmsClient, uses a paginator to get the keys for the account, and lists the KeyIds for up to 10 keys.\n"; $client = new KmsClient([]); $pageLength = 10; // Change this value to change the number of records shown, or to break up the result into pages. $keys = []; $keysPaginator = $client->getPaginator("ListKeys", ['Limit' => $pageLength]); foreach($keysPaginator as $page){ foreach($page['Keys'] as $index => $key){ echo "The $index index Key's ID is: {$key['KeyId']}\n"; } echo "End of page one of results. Alter the \$pageLength variable to see more results.\n"; break; }-
有关API详细信息,请参阅 “AWS SDK for PHP API参考 ListKeys” 中的。
-
基础知识
以下代码示例展示了如何:
创建密KMS钥。
列出您账户的KMS密钥并获取有关密钥的详细信息。
启用和禁用KMS密钥。
生成可用于客户端加密的对称数据密钥。
生成用于对数据进行数字签名的非对称密钥。
标签键。
删除KMS密钥。
- SDK for PHP
-
注意
还有更多相关信息 GitHub。查找完整示例,学习如何在 AWS 代码示例存储库
中进行设置和运行。 echo "\n"; echo "--------------------------------------\n"; echo <<<WELCOME Welcome to the AWS Key Management Service SDK Basics scenario. This program demonstrates how to interact with AWS Key Management Service using the AWS SDK for PHP (v3). The AWS Key Management Service (KMS) is a secure and highly available service that allows you to create and manage AWS KMS keys and control their use across a wide range of AWS services and applications. KMS provides a centralized and unified approach to managing encryption keys, making it easier to meet your data protection and regulatory compliance requirements. This KMS Basics scenario creates two key types: - A symmetric encryption key is used to encrypt and decrypt data. - An asymmetric key used to digitally sign data. Let's get started...\n WELCOME; echo "--------------------------------------\n"; $this->pressEnter(); $this->kmsClient = new KmsClient([]); // Initialize the KmsService class with the client. This allows you to override any defaults in the client before giving it to the service class. $this->kmsService = new KmsService($this->kmsClient); // 1. Create a symmetric KMS key. echo "\n"; echo "1. Create a symmetric KMS key.\n"; echo "First, we will create a symmetric KMS key that is used to encrypt and decrypt data by invoking createKey().\n"; $this->pressEnter(); $key = $this->kmsService->createKey(); $this->resources['symmetricKey'] = $key['KeyId']; echo "Created a customer key with ARN {$key['Arn']}.\n"; $this->pressEnter(); // 2. Enable a KMS key. echo "\n"; echo "2. Enable a KMS key.\n"; echo "By default when you create an AWS key, it is enabled. The code checks to determine if the key is enabled. If it is not enabled, the code enables it.\n"; $this->pressEnter(); $keyInfo = $this->kmsService->describeKey($key['KeyId']); if(!$keyInfo['Enabled']){ echo "The key was not enabled, so we will enable it.\n"; $this->pressEnter(); $this->kmsService->enableKey($key['KeyId']); echo "The key was successfully enabled.\n"; }else{ echo "The key was already enabled, so there was no need to enable it.\n"; } $this->pressEnter(); // 3. Encrypt data using the symmetric KMS key. echo "\n"; echo "3. Encrypt data using the symmetric KMS key.\n"; echo "One of the main uses of symmetric keys is to encrypt and decrypt data.\n"; echo "Next, we'll encrypt the string 'Hello, AWS KMS!' with the SYMMETRIC_DEFAULT encryption algorithm.\n"; $this->pressEnter(); $text = "Hello, AWS KMS!"; $encryption = $this->kmsService->encrypt($key['KeyId'], $text); echo "The plaintext data was successfully encrypted with the algorithm: {$encryption['EncryptionAlgorithm']}.\n"; $this->pressEnter(); // 4. Create an alias. echo "\n"; echo "4. Create an alias.\n"; $aliasInput = testable_readline("Please enter an alias prefixed with \"alias/\" or press enter to use a default value: "); if($aliasInput == ""){ $aliasInput = "alias/dev-encryption-key"; } $this->kmsService->createAlias($key['KeyId'], $aliasInput); $this->resources['alias'] = $aliasInput; echo "The alias \"$aliasInput\" was successfully created.\n"; $this->pressEnter(); // 5. List all of your aliases. $aliasPageSize = 10; echo "\n"; echo "5. List all of your aliases, up to $aliasPageSize.\n"; $this->pressEnter(); $aliasPaginator = $this->kmsService->listAliases(); foreach($aliasPaginator as $pages){ foreach($pages['Aliases'] as $alias){ echo $alias['AliasName'] . "\n"; } break; } $this->pressEnter(); // 6. Enable automatic rotation of the KMS key. echo "\n"; echo "6. Enable automatic rotation of the KMS key.\n"; echo "By default, when the SDK enables automatic rotation of a KMS key, KMS rotates the key material of the KMS key one year (approximately 365 days) from the enable date and every year thereafter."; $this->pressEnter(); $this->kmsService->enableKeyRotation($key['KeyId']); echo "The key's rotation was successfully set for key: {$key['KeyId']}\n"; $this->pressEnter(); // 7. Create a grant. echo "7. Create a grant.\n"; echo "\n"; echo "A grant is a policy instrument that allows Amazon Web Services principals to use KMS keys. It also can allow them to view a KMS key (DescribeKey) and create and manage grants. When authorizing access to a KMS key, grants are considered along with key policies and IAM policies.\n"; $granteeARN = testable_readline("Please enter the Amazon Resource Name (ARN) of an Amazon Web Services principal. Valid principals include Amazon Web Services accounts, IAM users, IAM roles, federated users, and assumed role users. For help with the ARN syntax for a principal, see IAM ARNs in the Identity and Access Management User Guide. \nTo skip this step, press enter without any other values: "); if($granteeARN){ $operations = [ "ENCRYPT", "DECRYPT", "DESCRIBE_KEY", ]; $grant = $this->kmsService->createGrant($key['KeyId'], $granteeARN, $operations); echo "The grant Id is: {$grant['GrantId']}\n"; }else{ echo "Steps 7, 8, and 9 will be skipped.\n"; } $this->pressEnter(); // 8. List grants for the KMS key. if($granteeARN){ echo "8. List grants for the KMS key.\n\n"; $grantsPaginator = $this->kmsService->listGrants($key['KeyId']); foreach($grantsPaginator as $page){ foreach($page['Grants'] as $grant){ echo $grant['GrantId'] . "\n"; } } }else{ echo "Skipping step 8...\n"; } $this->pressEnter(); // 9. Revoke the grant. if($granteeARN) { echo "\n"; echo "9. Revoke the grant.\n"; $this->pressEnter(); $this->kmsService->revokeGrant($grant['GrantId'], $keyInfo['KeyId']); echo "{$grant['GrantId']} was successfully revoked!\n"; }else{ echo "Skipping step 9...\n"; } $this->pressEnter(); // 10. Decrypt the data. echo "\n"; echo "10. Decrypt the data.\n"; echo "Let's decrypt the data that was encrypted before.\n"; echo "We'll use the same key to decrypt the string that we encrypted earlier in the program.\n"; $this->pressEnter(); $decryption = $this->kmsService->decrypt($keyInfo['KeyId'], $encryption['CiphertextBlob'], $encryption['EncryptionAlgorithm']); echo "The decrypted text is: {$decryption['Plaintext']}\n"; $this->pressEnter(); // 11. Replace a Key Policy. echo "\n"; echo "11. Replace a Key Policy.\n"; echo "A key policy is a resource policy for a KMS key. Key policies are the primary way to control access to KMS keys.\n"; echo "Every KMS key must have exactly one key policy. The statements in the key policy determine who has permission to use the KMS key and how they can use it.\n"; echo " You can also use IAM policies and grants to control access to the KMS key, but every KMS key must have a key policy.\n"; echo "We will replace the key's policy with a new one:\n"; $stsClient = new StsClient([]); $result = $stsClient->getCallerIdentity(); $accountId = $result['Account']; $keyPolicy = <<< KEYPOLICY { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::$accountId:root"}, "Action": "kms:*", "Resource": "*" }] } KEYPOLICY; echo $keyPolicy; $this->pressEnter(); $this->kmsService->putKeyPolicy($keyInfo['KeyId'], $keyPolicy); echo "The Key Policy was successfully replaced!\n"; $this->pressEnter(); // 12. Retrieve the key policy. echo "\n"; echo "12. Retrieve the key policy.\n"; echo "Let's get some information about the new policy and print it to the screen.\n"; $this->pressEnter(); $policyInfo = $this->kmsService->getKeyPolicy($keyInfo['KeyId']); echo "We got the info! Here is the policy: \n"; echo $policyInfo['Policy'] . "\n"; $this->pressEnter(); // 13. Create an asymmetric KMS key and sign data. echo "\n"; echo "13. Create an asymmetric KMS key and sign data.\n"; echo "Signing your data with an AWS key can provide several benefits that make it an attractive option for your data signing needs.\n"; echo "By using an AWS KMS key, you can leverage the security controls and compliance features provided by AWS, which can help you meet various regulatory requirements and enhance the overall security posture of your organization.\n"; echo "First we'll create the asymmetric key.\n"; $this->pressEnter(); $keySpec = "RSA_2048"; $keyUsage = "SIGN_VERIFY"; $asymmetricKey = $this->kmsService->createKey($keySpec, $keyUsage); $this->resources['asymmetricKey'] = $asymmetricKey['KeyId']; echo "Created the key with ID: {$asymmetricKey['KeyId']}\n"; echo "Next, we'll sign the data.\n"; $this->pressEnter(); $algorithm = "RSASSA_PSS_SHA_256"; $sign = $this->kmsService->sign($asymmetricKey['KeyId'], $text, $algorithm); $verify = $this->kmsService->verify($asymmetricKey['KeyId'], $text, $sign['Signature'], $algorithm); echo "Signature verification result: {$sign['signature']}\n"; $this->pressEnter(); // 14. Tag the symmetric KMS key. echo "\n"; echo "14. Tag the symmetric KMS key.\n"; echo "By using tags, you can improve the overall management, security, and governance of your KMS keys, making it easier to organize, track, and control access to your encrypted data within your AWS environment.\n"; echo "Let's tag our symmetric key as Environment->Production\n"; $this->pressEnter(); $this->kmsService->tagResource($key['KeyId'], [ [ 'TagKey' => "Environment", 'TagValue' => "Production", ], ]); echo "The key was successfully tagged!\n"; $this->pressEnter(); // 15. Schedule the deletion of the KMS key echo "\n"; echo "15. Schedule the deletion of the KMS key.\n"; echo "By default, KMS applies a waiting period of 30 days, but you can specify a waiting period of 7-30 days.\n"; echo "When this operation is successful, the key state of the KMS key changes to PendingDeletion and the key can't be used in any cryptographic operations.\n"; echo "It remains in this state for the duration of the waiting period.\n\n"; echo "Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key is deleted, all data that was encrypted under the KMS key is unrecoverable.\n\n"; $cleanUp = testable_readline("Would you like to delete the resources created during this scenario, including the keys? (y/n): "); if($cleanUp == "Y" || $cleanUp == "y"){ $this->cleanUp(); } echo "--------------------------------------------------------------------------------\n"; echo "This concludes the AWS Key Management SDK Basics scenario\n"; echo "--------------------------------------------------------------------------------\n"; namespace Kms; use Aws\Kms\Exception\KmsException; use Aws\Kms\KmsClient; use Aws\Result; use Aws\ResultPaginator; use AwsUtilities\AWSServiceClass; class KmsService extends AWSServiceClass { protected KmsClient $client; protected bool $verbose; /*** * @param KmsClient|null $client * @param bool $verbose */ public function __construct(KmsClient $client = null, bool $verbose = false) { $this->verbose = $verbose; if($client){ $this->client = $client; return; } $this->client = new KmsClient([]); } /*** * @param string $keySpec * @param string $keyUsage * @param string $description * @return array */ public function createKey(string $keySpec = "", string $keyUsage = "", string $description = "Created by the SDK for PHP") { $parameters = ['Description' => $description]; if($keySpec && $keyUsage){ $parameters['KeySpec'] = $keySpec; $parameters['KeyUsage'] = $keyUsage; } try { $result = $this->client->createKey($parameters); return $result['KeyMetadata']; }catch(KmsException $caught){ // Check for error specific to createKey operations if ($caught->getAwsErrorMessage() == "LimitExceededException"){ echo "The request was rejected because a quota was exceeded. For more information, see Quotas in the Key Management Service Developer Guide."; } throw $caught; } } /*** * @param string $keyId * @param string $ciphertext * @param string $algorithm * @return Result */ public function decrypt(string $keyId, string $ciphertext, string $algorithm = "SYMMETRIC_DEFAULT") { try{ return $this->client->decrypt([ 'CiphertextBlob' => $ciphertext, 'EncryptionAlgorithm' => $algorithm, 'KeyId' => $keyId, ]); }catch(KmsException $caught){ echo "There was a problem decrypting the data: {$caught->getAwsErrorMessage()}\n"; throw $caught; } } /*** * @param string $keyId * @param string $text * @return Result */ public function encrypt(string $keyId, string $text) { try { return $this->client->encrypt([ 'KeyId' => $keyId, 'Plaintext' => $text, ]); }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "DisabledException"){ echo "The request was rejected because the specified KMS key is not enabled.\n"; } throw $caught; } } /*** * @param string $keyId * @param int $limit * @return ResultPaginator */ public function listAliases(string $keyId = "", int $limit = 0) { $args = []; if($keyId){ $args['KeyId'] = $keyId; } if($limit){ $args['Limit'] = $limit; } try{ return $this->client->getPaginator("ListAliases", $args); }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "InvalidMarkerException"){ echo "The request was rejected because the marker that specifies where pagination should next begin is not valid.\n"; } throw $caught; } } /*** * @param string $keyId * @param string $alias * @return void */ public function createAlias(string $keyId, string $alias) { try{ $this->client->createAlias([ 'TargetKeyId' => $keyId, 'AliasName' => $alias, ]); }catch (KmsException $caught){ if($caught->getAwsErrorMessage() == "InvalidAliasNameException"){ echo "The request was rejected because the specified alias name is not valid."; } throw $caught; } } /*** * @param string $keyId * @param string $granteePrincipal * @param array $operations * @param array $grantTokens * @return Result */ public function createGrant(string $keyId, string $granteePrincipal, array $operations, array $grantTokens = []) { $args = [ 'KeyId' => $keyId, 'GranteePrincipal' => $granteePrincipal, 'Operations' => $operations, ]; if($grantTokens){ $args['GrantTokens'] = $grantTokens; } try{ return $this->client->createGrant($args); }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "InvalidGrantTokenException"){ echo "The request was rejected because the specified grant token is not valid.\n"; } throw $caught; } } /*** * @param string $keyId * @return array */ public function describeKey(string $keyId) { try { $result = $this->client->describeKey([ "KeyId" => $keyId, ]); return $result['KeyMetadata']; }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "NotFoundException"){ echo "The request was rejected because the specified entity or resource could not be found.\n"; } throw $caught; } } /*** * @param string $keyId * @return void */ public function disableKey(string $keyId) { try { $this->client->disableKey([ 'KeyId' => $keyId, ]); }catch(KmsException $caught){ echo "There was a problem disabling the key: {$caught->getAwsErrorMessage()}\n"; throw $caught; } } /*** * @param string $keyId * @return void */ public function enableKey(string $keyId) { try { $this->client->enableKey([ 'KeyId' => $keyId, ]); }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "NotFoundException"){ echo "The request was rejected because the specified entity or resource could not be found.\n"; } throw $caught; } } /*** * @return array */ public function listKeys() { try { $contents = []; $paginator = $this->client->getPaginator("ListKeys"); foreach($paginator as $result){ foreach ($result['Content'] as $object) { $contents[] = $object; } } return $contents; }catch(KmsException $caught){ echo "There was a problem listing the keys: {$caught->getAwsErrorMessage()}\n"; throw $caught; } } /*** * @param string $keyId * @return Result */ public function listGrants(string $keyId) { try{ return $this->client->listGrants([ 'KeyId' => $keyId, ]); }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "NotFoundException"){ echo " The request was rejected because the specified entity or resource could not be found.\n"; } throw $caught; } } /*** * @param string $keyId * @return Result */ public function getKeyPolicy(string $keyId) { try { return $this->client->getKeyPolicy([ 'KeyId' => $keyId, ]); }catch(KmsException $caught){ echo "There was a problem getting the key policy: {$caught->getAwsErrorMessage()}\n"; throw $caught; } } /*** * @param string $grantId * @param string $keyId * @return void */ public function revokeGrant(string $grantId, string $keyId) { try{ $this->client->revokeGrant([ 'GrantId' => $grantId, 'KeyId' => $keyId, ]); }catch(KmsException $caught){ echo "There was a problem with revoking the grant: {$caught->getAwsErrorMessage()}.\n"; throw $caught; } } /*** * @param string $keyId * @param int $pendingWindowInDays * @return void */ public function scheduleKeyDeletion(string $keyId, int $pendingWindowInDays = 7) { try { $this->client->scheduleKeyDeletion([ 'KeyId' => $keyId, 'PendingWindowInDays' => $pendingWindowInDays, ]); }catch(KmsException $caught){ echo "There was a problem scheduling the key deletion: {$caught->getAwsErrorMessage()}\n"; throw $caught; } } /*** * @param string $keyId * @param array $tags * @return void */ public function tagResource(string $keyId, array $tags) { try { $this->client->tagResource([ 'KeyId' => $keyId, 'Tags' => $tags, ]); }catch(KmsException $caught){ echo "There was a problem applying the tag(s): {$caught->getAwsErrorMessage()}\n"; throw $caught; } } /*** * @param string $keyId * @param string $message * @param string $algorithm * @return Result */ public function sign(string $keyId, string $message, string $algorithm) { try { return $this->client->sign([ 'KeyId' => $keyId, 'Message' => $message, 'SigningAlgorithm' => $algorithm, ]); }catch(KmsException $caught){ echo "There was a problem signing the data: {$caught->getAwsErrorMessage()}\n"; throw $caught; } } /*** * @param string $keyId * @param int $rotationPeriodInDays * @return void */ public function enableKeyRotation(string $keyId, int $rotationPeriodInDays = 365) { try{ $this->client->enableKeyRotation([ 'KeyId' => $keyId, 'RotationPeriodInDays' => $rotationPeriodInDays, ]); }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "NotFoundException"){ echo "The request was rejected because the specified entity or resource could not be found.\n"; } throw $caught; } } /*** * @param string $keyId * @param string $policy * @return void */ public function putKeyPolicy(string $keyId, string $policy) { try { $this->client->putKeyPolicy([ 'KeyId' => $keyId, 'Policy' => $policy, ]); }catch(KmsException $caught){ echo "There was a problem replacing the key policy: {$caught->getAwsErrorMessage()}\n"; throw $caught; } } /*** * @param string $aliasName * @return void */ public function deleteAlias(string $aliasName) { try { $this->client->deleteAlias([ 'AliasName' => $aliasName, ]); }catch(KmsException $caught){ echo "There was a problem deleting the alias: {$caught->getAwsErrorMessage()}\n"; throw $caught; } } /*** * @param string $keyId * @param string $message * @param string $signature * @param string $signingAlgorithm * @return bool */ public function verify(string $keyId, string $message, string $signature, string $signingAlgorithm) { try { $result = $this->client->verify([ 'KeyId' => $keyId, 'Message' => $message, 'Signature' => $signature, 'SigningAlgorithm' => $signingAlgorithm, ]); return $result['SignatureValid']; }catch(KmsException $caught){ echo "There was a problem verifying the signature: {$caught->getAwsErrorMessage()}\n"; throw $caught; } } }-
有关API详细信息,请参阅 “参AWS SDK for PHP API考” 中的以下主题。
-
操作
以下代码示例演示如何使用 CreateAlias。
- SDK for PHP
-
注意
还有更多相关信息 GitHub。查找完整示例,学习如何在 AWS 代码示例存储库
中进行设置和运行。 /*** * @param string $keyId * @param string $alias * @return void */ public function createAlias(string $keyId, string $alias) { try{ $this->client->createAlias([ 'TargetKeyId' => $keyId, 'AliasName' => $alias, ]); }catch (KmsException $caught){ if($caught->getAwsErrorMessage() == "InvalidAliasNameException"){ echo "The request was rejected because the specified alias name is not valid."; } throw $caught; } }-
有关API详细信息,请参阅 “AWS SDK for PHP API参考 CreateAlias” 中的。
-
以下代码示例演示如何使用 CreateGrant。
- SDK for PHP
-
注意
还有更多相关信息 GitHub。查找完整示例,学习如何在 AWS 代码示例存储库
中进行设置和运行。 /*** * @param string $keyId * @param string $granteePrincipal * @param array $operations * @param array $grantTokens * @return Result */ public function createGrant(string $keyId, string $granteePrincipal, array $operations, array $grantTokens = []) { $args = [ 'KeyId' => $keyId, 'GranteePrincipal' => $granteePrincipal, 'Operations' => $operations, ]; if($grantTokens){ $args['GrantTokens'] = $grantTokens; } try{ return $this->client->createGrant($args); }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "InvalidGrantTokenException"){ echo "The request was rejected because the specified grant token is not valid.\n"; } throw $caught; } }-
有关API详细信息,请参阅 “AWS SDK for PHP API参考 CreateGrant” 中的。
-
以下代码示例演示如何使用 CreateKey。
- SDK for PHP
-
注意
还有更多相关信息 GitHub。查找完整示例,学习如何在 AWS 代码示例存储库
中进行设置和运行。 /*** * @param string $keySpec * @param string $keyUsage * @param string $description * @return array */ public function createKey(string $keySpec = "", string $keyUsage = "", string $description = "Created by the SDK for PHP") { $parameters = ['Description' => $description]; if($keySpec && $keyUsage){ $parameters['KeySpec'] = $keySpec; $parameters['KeyUsage'] = $keyUsage; } try { $result = $this->client->createKey($parameters); return $result['KeyMetadata']; }catch(KmsException $caught){ // Check for error specific to createKey operations if ($caught->getAwsErrorMessage() == "LimitExceededException"){ echo "The request was rejected because a quota was exceeded. For more information, see Quotas in the Key Management Service Developer Guide."; } throw $caught; } }-
有关API详细信息,请参阅 “AWS SDK for PHP API参考 CreateKey” 中的。
-
以下代码示例演示如何使用 Decrypt。
- SDK for PHP
-
注意
还有更多相关信息 GitHub。查找完整示例,学习如何在 AWS 代码示例存储库
中进行设置和运行。 /*** * @param string $keyId * @param string $ciphertext * @param string $algorithm * @return Result */ public function decrypt(string $keyId, string $ciphertext, string $algorithm = "SYMMETRIC_DEFAULT") { try{ return $this->client->decrypt([ 'CiphertextBlob' => $ciphertext, 'EncryptionAlgorithm' => $algorithm, 'KeyId' => $keyId, ]); }catch(KmsException $caught){ echo "There was a problem decrypting the data: {$caught->getAwsErrorMessage()}\n"; throw $caught; } }-
有关API详细信息,请参阅《参考资料》中的 “解密”。AWS SDK for PHP API
-
以下代码示例演示如何使用 DeleteAlias。
- SDK for PHP
-
注意
还有更多相关信息 GitHub。查找完整示例,学习如何在 AWS 代码示例存储库
中进行设置和运行。 /*** * @param string $aliasName * @return void */ public function deleteAlias(string $aliasName) { try { $this->client->deleteAlias([ 'AliasName' => $aliasName, ]); }catch(KmsException $caught){ echo "There was a problem deleting the alias: {$caught->getAwsErrorMessage()}\n"; throw $caught; } }-
有关API详细信息,请参阅 “AWS SDK for PHP API参考 DeleteAlias” 中的。
-
以下代码示例演示如何使用 DescribeKey。
- SDK for PHP
-
注意
还有更多相关信息 GitHub。查找完整示例,学习如何在 AWS 代码示例存储库
中进行设置和运行。 /*** * @param string $keyId * @return array */ public function describeKey(string $keyId) { try { $result = $this->client->describeKey([ "KeyId" => $keyId, ]); return $result['KeyMetadata']; }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "NotFoundException"){ echo "The request was rejected because the specified entity or resource could not be found.\n"; } throw $caught; } }-
有关API详细信息,请参阅 “AWS SDK for PHP API参考 DescribeKey” 中的。
-
以下代码示例演示如何使用 DisableKey。
- SDK for PHP
-
注意
还有更多相关信息 GitHub。查找完整示例,学习如何在 AWS 代码示例存储库
中进行设置和运行。 /*** * @param string $keyId * @return void */ public function disableKey(string $keyId) { try { $this->client->disableKey([ 'KeyId' => $keyId, ]); }catch(KmsException $caught){ echo "There was a problem disabling the key: {$caught->getAwsErrorMessage()}\n"; throw $caught; } }-
有关API详细信息,请参阅 “AWS SDK for PHP API参考 DisableKey” 中的。
-
以下代码示例演示如何使用 EnableKey。
- SDK for PHP
-
注意
还有更多相关信息 GitHub。查找完整示例,学习如何在 AWS 代码示例存储库
中进行设置和运行。 /*** * @param string $keyId * @return void */ public function enableKey(string $keyId) { try { $this->client->enableKey([ 'KeyId' => $keyId, ]); }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "NotFoundException"){ echo "The request was rejected because the specified entity or resource could not be found.\n"; } throw $caught; } }-
有关API详细信息,请参阅 “AWS SDK for PHP API参考 EnableKey” 中的。
-
以下代码示例演示如何使用 Encrypt。
- SDK for PHP
-
注意
还有更多相关信息 GitHub。查找完整示例,学习如何在 AWS 代码示例存储库
中进行设置和运行。 /*** * @param string $keyId * @param string $text * @return Result */ public function encrypt(string $keyId, string $text) { try { return $this->client->encrypt([ 'KeyId' => $keyId, 'Plaintext' => $text, ]); }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "DisabledException"){ echo "The request was rejected because the specified KMS key is not enabled.\n"; } throw $caught; } }-
有关API详细信息,请参阅AWS SDK for PHP API参考中的加密。
-
以下代码示例演示如何使用 ListAliases。
- SDK for PHP
-
注意
还有更多相关信息 GitHub。查找完整示例,学习如何在 AWS 代码示例存储库
中进行设置和运行。 /*** * @param string $keyId * @param int $limit * @return ResultPaginator */ public function listAliases(string $keyId = "", int $limit = 0) { $args = []; if($keyId){ $args['KeyId'] = $keyId; } if($limit){ $args['Limit'] = $limit; } try{ return $this->client->getPaginator("ListAliases", $args); }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "InvalidMarkerException"){ echo "The request was rejected because the marker that specifies where pagination should next begin is not valid.\n"; } throw $caught; } }-
有关API详细信息,请参阅 “AWS SDK for PHP API参考 ListAliases” 中的。
-
以下代码示例演示如何使用 ListGrants。
- SDK for PHP
-
注意
还有更多相关信息 GitHub。查找完整示例,学习如何在 AWS 代码示例存储库
中进行设置和运行。 /*** * @param string $keyId * @return Result */ public function listGrants(string $keyId) { try{ return $this->client->listGrants([ 'KeyId' => $keyId, ]); }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "NotFoundException"){ echo " The request was rejected because the specified entity or resource could not be found.\n"; } throw $caught; } }-
有关API详细信息,请参阅 “AWS SDK for PHP API参考 ListGrants” 中的。
-
以下代码示例演示如何使用 ListKeys。
- SDK for PHP
-
注意
还有更多相关信息 GitHub。查找完整示例,学习如何在 AWS 代码示例存储库
中进行设置和运行。 /*** * @return array */ public function listKeys() { try { $contents = []; $paginator = $this->client->getPaginator("ListKeys"); foreach($paginator as $result){ foreach ($result['Content'] as $object) { $contents[] = $object; } } return $contents; }catch(KmsException $caught){ echo "There was a problem listing the keys: {$caught->getAwsErrorMessage()}\n"; throw $caught; } }-
有关API详细信息,请参阅 “AWS SDK for PHP API参考 ListKeys” 中的。
-
以下代码示例演示如何使用 PutKeyPolicy。
- SDK for PHP
-
注意
还有更多相关信息 GitHub。查找完整示例,学习如何在 AWS 代码示例存储库
中进行设置和运行。 /*** * @param string $keyId * @param string $policy * @return void */ public function putKeyPolicy(string $keyId, string $policy) { try { $this->client->putKeyPolicy([ 'KeyId' => $keyId, 'Policy' => $policy, ]); }catch(KmsException $caught){ echo "There was a problem replacing the key policy: {$caught->getAwsErrorMessage()}\n"; throw $caught; } }-
有关API详细信息,请参阅 “AWS SDK for PHP API参考 PutKeyPolicy” 中的。
-
以下代码示例演示如何使用 RevokeGrant。
- SDK for PHP
-
注意
还有更多相关信息 GitHub。查找完整示例,学习如何在 AWS 代码示例存储库
中进行设置和运行。 /*** * @param string $grantId * @param string $keyId * @return void */ public function revokeGrant(string $grantId, string $keyId) { try{ $this->client->revokeGrant([ 'GrantId' => $grantId, 'KeyId' => $keyId, ]); }catch(KmsException $caught){ echo "There was a problem with revoking the grant: {$caught->getAwsErrorMessage()}.\n"; throw $caught; } }-
有关API详细信息,请参阅 “AWS SDK for PHP API参考 RevokeGrant” 中的。
-
以下代码示例演示如何使用 ScheduleKeyDeletion。
- SDK for PHP
-
注意
还有更多相关信息 GitHub。查找完整示例,学习如何在 AWS 代码示例存储库
中进行设置和运行。 /*** * @param string $keyId * @param int $pendingWindowInDays * @return void */ public function scheduleKeyDeletion(string $keyId, int $pendingWindowInDays = 7) { try { $this->client->scheduleKeyDeletion([ 'KeyId' => $keyId, 'PendingWindowInDays' => $pendingWindowInDays, ]); }catch(KmsException $caught){ echo "There was a problem scheduling the key deletion: {$caught->getAwsErrorMessage()}\n"; throw $caught; } }-
有关API详细信息,请参阅 “AWS SDK for PHP API参考 ScheduleKeyDeletion” 中的。
-
以下代码示例演示如何使用 Sign。
- SDK for PHP
-
注意
还有更多相关信息 GitHub。查找完整示例,学习如何在 AWS 代码示例存储库
中进行设置和运行。 /*** * @param string $keyId * @param string $message * @param string $algorithm * @return Result */ public function sign(string $keyId, string $message, string $algorithm) { try { return $this->client->sign([ 'KeyId' => $keyId, 'Message' => $message, 'SigningAlgorithm' => $algorithm, ]); }catch(KmsException $caught){ echo "There was a problem signing the data: {$caught->getAwsErrorMessage()}\n"; throw $caught; } }-
有关API详细信息,请参阅登录AWS SDK for PHPAPI参考。
-
以下代码示例演示如何使用 TagResource。
- SDK for PHP
-
注意
还有更多相关信息 GitHub。查找完整示例,学习如何在 AWS 代码示例存储库
中进行设置和运行。 /*** * @param string $keyId * @param array $tags * @return void */ public function tagResource(string $keyId, array $tags) { try { $this->client->tagResource([ 'KeyId' => $keyId, 'Tags' => $tags, ]); }catch(KmsException $caught){ echo "There was a problem applying the tag(s): {$caught->getAwsErrorMessage()}\n"; throw $caught; } }-
有关API详细信息,请参阅 “AWS SDK for PHP API参考 TagResource” 中的。
-
