本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# `DescribeKey`与 AWS SDK 或 CLI 配合使用
以下代码示例演示如何使用 `DescribeKey`。
操作示例是大型程序的代码摘录,必须在上下文中运行。在以下代码示例中,您可以查看此操作的上下文:
+ [了解基本功能](example_kms_Scenario_Basics_section.md)
------
#### [ .NET ]
**适用于 .NET 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/KMS#code-examples)中查找完整示例,了解如何进行设置和运行。
```
using System;
using System.Threading.Tasks;
using Amazon.KeyManagementService;
using Amazon.KeyManagementService.Model;
///
/// Retrieve information about an AWS Key Management Service (AWS KMS) key.
/// You can supply either the key Id or the key Amazon Resource Name (ARN)
/// to the DescribeKeyRequest KeyId property.
///
public class DescribeKey
{
public static async Task Main()
{
var keyId = "7c9eccc2-38cb-4c4f-9db3-766ee8dd3ad4";
var request = new DescribeKeyRequest
{
KeyId = keyId,
};
var client = new AmazonKeyManagementServiceClient();
var response = await client.DescribeKeyAsync(request);
var metadata = response.KeyMetadata;
Console.WriteLine($"{metadata.KeyId} created on: {metadata.CreationDate}");
Console.WriteLine($"State: {metadata.KeyState}");
Console.WriteLine($"{metadata.Description}");
}
}
```
+ 有关 API 的详细信息,请参阅 *适用于 .NET 的 AWS SDK API 参考[DescribeKey](https://docs.aws.amazon.com/goto/DotNetSDKV3/kms-2014-11-01/DescribeKey)*中的。
------
#### [ CLI ]
**AWS CLI**
**示例 1:查找有关 KMS 密钥的详细信息**
以下`describe-key`示例在示例账户和区域中获取有关 Amazon S3 AWS 托管密钥的详细信息。您可以使用此命令来查找有关 AWS 托管密钥和客户托管密钥的详细信息。
要指定 KMS 密钥,请使用 `key-id` 参数。此示例使用别名名称值,但您可以在此命令中使用密钥 ID、密钥 ARN、别名名称或别名 ARN。
```
aws kms describe-key \
--key-id alias/aws/s3
```
输出:
```
{
"KeyMetadata": {
"AWSAccountId": "846764612917",
"KeyId": "b8a9477d-836c-491f-857e-07937918959b",
"Arn": "arn:aws:kms:us-west-2:846764612917:key/b8a9477d-836c-491f-857e-07937918959b",
"CurrentKeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6",
"CreationDate": 2017-06-30T21:44:32.140000+00:00,
"Enabled": true,
"Description": "Default KMS key that protects my S3 objects when no other key is defined",
"KeyUsage": "ENCRYPT_DECRYPT",
"KeyState": "Enabled",
"Origin": "AWS_KMS",
"KeyManager": "AWS",
"CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
"EncryptionAlgorithms": [
"SYMMETRIC_DEFAULT"
]
}
}
```
有关更多信息,请参阅《AWS 密钥管理服务开发人员指南》**中的[查看密钥](https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html)。
**示例 2:获取有关 RSA 非对称 KMS 密钥的详细信息**
以下 `describe-key` 示例获取有关用于签名和验证的非对称 RSA KMS 密钥的详细信息。
```
aws kms describe-key \
--key-id 1234abcd-12ab-34cd-56ef-1234567890ab
```
输出:
```
{
"KeyMetadata": {
"AWSAccountId": "111122223333",
"KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
"Arn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
"CreationDate": "2019-12-02T19:47:14.861000+00:00",
"CustomerMasterKeySpec": "RSA_2048",
"Enabled": false,
"Description": "",
"KeyState": "Disabled",
"Origin": "AWS_KMS",
"MultiRegion": false,
"KeyManager": "CUSTOMER",
"KeySpec": "RSA_2048",
"KeyUsage": "SIGN_VERIFY",
"SigningAlgorithms": [
"RSASSA_PKCS1_V1_5_SHA_256",
"RSASSA_PKCS1_V1_5_SHA_384",
"RSASSA_PKCS1_V1_5_SHA_512",
"RSASSA_PSS_SHA_256",
"RSASSA_PSS_SHA_384",
"RSASSA_PSS_SHA_512"
]
}
}
```
**示例 3:获取有关多区域副本密钥的详细信息**
以下 `describe-key` 示例获取多区域副本密钥的元数据。此多区域密钥是对称加密密钥。任何多区域密钥的 `describe-key` 命令输出都会返回有关主密钥及其所有副本的信息。
```
aws kms describe-key \
--key-id arn:aws:kms:ap-northeast-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab
```
输出:
```
{
"KeyMetadata": {
"MultiRegion": true,
"AWSAccountId": "111122223333",
"Arn": "arn:aws:kms:ap-northeast-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab",
"CreationDate": "2021-06-28T21:09:16.114000+00:00",
"CurrentKeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6",
"Description": "",
"Enabled": true,
"KeyId": "mrk-1234abcd12ab34cd56ef1234567890ab",
"KeyManager": "CUSTOMER",
"KeyState": "Enabled",
"KeyUsage": "ENCRYPT_DECRYPT",
"Origin": "AWS_KMS",
"CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
"EncryptionAlgorithms": [
"SYMMETRIC_DEFAULT"
],
"MultiRegionConfiguration": {
"MultiRegionKeyType": "PRIMARY",
"PrimaryKey": {
"Arn": "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab",
"Region": "us-west-2"
},
"ReplicaKeys": [
{
"Arn": "arn:aws:kms:eu-west-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab",
"Region": "eu-west-1"
},
{
"Arn": "arn:aws:kms:ap-northeast-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab",
"Region": "ap-northeast-1"
},
{
"Arn": "arn:aws:kms:sa-east-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab",
"Region": "sa-east-1"
}
]
}
}
}
```
**示例 4:获取有关 HMAC KMS 密钥的详细信息**
以下 `describe-key` 示例获取有关 HMAC KMS 密钥的详细信息。
```
aws kms describe-key \
--key-id 1234abcd-12ab-34cd-56ef-1234567890ab
```
输出:
```
{
"KeyMetadata": {
"AWSAccountId": "123456789012",
"KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
"Arn": "arn:aws:kms:us-west-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab",
"CreationDate": "2022-04-03T22:23:10.194000+00:00",
"Enabled": true,
"Description": "Test key",
"KeyUsage": "GENERATE_VERIFY_MAC",
"KeyState": "Enabled",
"Origin": "AWS_KMS",
"KeyManager": "CUSTOMER",
"CustomerMasterKeySpec": "HMAC_256",
"MacAlgorithms": [
"HMAC_SHA_256"
],
"MultiRegion": false
}
}
```
+ 有关 API 的详细信息,请参阅*AWS CLI 命令参考[DescribeKey](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/kms/describe-key.html)*中的。
------
#### [ Java ]
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/kms#code-examples)中查找完整示例,了解如何进行设置和运行。
```
/**
* Asynchronously checks if a specified key is enabled.
*
* @param keyId the ID of the key to check
* @return a {@link CompletableFuture} that, when completed, indicates whether the key is enabled or not
*
* @throws RuntimeException if an exception occurs while checking the key state
*/
public CompletableFuture isKeyEnabledAsync(String keyId) {
DescribeKeyRequest keyRequest = DescribeKeyRequest.builder()
.keyId(keyId)
.build();
CompletableFuture responseFuture = getAsyncClient().describeKey(keyRequest);
return responseFuture.whenComplete((resp, ex) -> {
if (resp != null) {
KeyState keyState = resp.keyMetadata().keyState();
if (keyState == KeyState.ENABLED) {
logger.info("The key is enabled.");
} else {
logger.info("The key is not enabled. Key state: {}", keyState);
}
} else {
throw new RuntimeException(ex);
}
}).thenApply(resp -> resp.keyMetadata().keyState() == KeyState.ENABLED);
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[DescribeKey](https://docs.aws.amazon.com/goto/SdkForJavaV2/kms-2014-11-01/DescribeKey)*中的。
------
#### [ Kotlin ]
**适用于 Kotlin 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/kms#code-examples)中查找完整示例,了解如何进行设置和运行。
```
suspend fun describeSpecifcKey(keyIdVal: String?) {
val request =
DescribeKeyRequest {
keyId = keyIdVal
}
KmsClient.fromEnvironment { region = "us-west-2" }.use { kmsClient ->
val response = kmsClient.describeKey(request)
println("The key description is ${response.keyMetadata?.description}")
println("The key ARN is ${response.keyMetadata?.arn}")
}
}
```
+ 有关 API 的详细信息,请参阅适用[DescribeKey](https://sdk.amazonaws.com/kotlin/api/latest/index.html)于 K *otlin 的AWS SDK API 参考*。
------
#### [ PHP ]
**适用于 PHP 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/php/example_code/kms#code-examples)中查找完整示例,了解如何进行设置和运行。
```
/***
* @param string $keyId
* @return array
*/
public function describeKey(string $keyId)
{
try {
$result = $this->client->describeKey([
"KeyId" => $keyId,
]);
return $result['KeyMetadata'];
}catch(KmsException $caught){
if($caught->getAwsErrorMessage() == "NotFoundException"){
echo "The request was rejected because the specified entity or resource could not be found.\n";
}
throw $caught;
}
}
```
+ 有关 API 的详细信息,请参阅 *适用于 PHP 的 AWS SDK API 参考[DescribeKey](https://docs.aws.amazon.com/goto/SdkForPHPV3/kms-2014-11-01/DescribeKey)*中的。
------
#### [ Python ]
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/kms#code-examples)中查找完整示例,了解如何进行设置和运行。
```
class KeyManager:
def __init__(self, kms_client):
self.kms_client = kms_client
self.created_keys = []
@classmethod
def from_client(cls) -> "KeyManager":
"""
Creates a KeyManager instance with a default KMS client.
:return: An instance of KeyManager initialized with the default KMS client.
"""
kms_client = boto3.client("kms")
return cls(kms_client)
def describe_key(self, key_id: str) -> dict[str, any]:
"""
Describes a key.
:param key_id: The ARN or ID of the key to describe.
:return: Information about the key.
"""
try:
key = self.kms_client.describe_key(KeyId=key_id)["KeyMetadata"]
return key
except ClientError as err:
logging.error(
"Couldn't get key '%s'. Here's why: %s",
key_id,
err.response["Error"]["Message"],
)
raise
```
+ 有关 API 的详细信息,请参阅适用[DescribeKey](https://docs.aws.amazon.com/goto/boto3/kms-2014-11-01/DescribeKey)于 *Python 的AWS SDK (Boto3) API 参考*。
------
#### [ SAP ABAP ]
**适用于 SAP ABAP 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/kms#code-examples)中查找完整示例,了解如何进行设置和运行。
```
TRY.
" iv_key_id = 'arn:aws:kms:us-east-1:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab'
oo_result = lo_kms->describekey( iv_keyid = iv_key_id ).
DATA(lo_key) = oo_result->get_keymetadata( ).
MESSAGE 'Retrieved key information successfully.' TYPE 'I'.
CATCH /aws1/cx_kmsnotfoundexception.
MESSAGE 'Key not found.' TYPE 'E'.
CATCH /aws1/cx_kmskmsinternalex.
MESSAGE 'An internal error occurred.' TYPE 'E'.
ENDTRY.
```
+ 有关 API 的详细信息,请参阅适用[DescribeKey](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)于 S *AP 的AWS SDK ABAP API 参考*。
------
有关 S AWS DK 开发者指南和代码示例的完整列表,请参阅[将此服务与 AWS SDK 配合使用](sdk-general-information-section.md)。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。