使用 AWS SDK for .NET 的 AWS KMS 示例 - AWS SDK for .NET


使用 AWS SDK for .NET 的 AWS KMS 示例

以下代码示例演示了如何将AWS SDK for .NET 与 AWS KMS 结合使用,以执行操作和实现常见场景。



每个示例都包含一个指向的链接 GitHub,您可以在其中找到有关如何在上下文中设置和运行代码的说明。



以下代码示例演示如何为 KMS 密钥创建授权。


还有更多相关信息 GitHub。在 AWS 代码示例存储库中查找完整示例,了解如何进行设置和运行。

public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); // The identity that is given permission to perform the operations // specified in the grant. var grantee = "arn:aws:iam::111122223333:role/ExampleRole"; // The identifier of the AWS KMS key to which the grant applies. You // can use the key ID or the Amazon Resource Name (ARN) of the KMS key. var keyId = "7c9eccc2-38cb-4c4f-9db3-766ee8dd3ad4"; var request = new CreateGrantRequest { GranteePrincipal = grantee, KeyId = keyId, // A list of operations that the grant allows. Operations = new List<string> { "Encrypt", "Decrypt", }, }; var response = await client.CreateGrantAsync(request); string grantId = response.GrantId; // The unique identifier of the grant. string grantToken = response.GrantToken; // The grant token. Console.WriteLine($"Id: {grantId}, Token: {grantToken}"); } }
  • 有关 API 的详细信息,请参阅 AWS SDK for .NETAPI 参考CreateGrant中的。

以下代码示例演示如何创建 AWS KMS key。


还有更多相关信息 GitHub。在 AWS 代码示例存储库中查找完整示例,了解如何进行设置和运行。

using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; /// <summary> /// Shows how to create a new AWS Key Management Service (AWS KMS) /// key. /// </summary> public class CreateKey { public static async Task Main() { // Note that if you need to create a Key in an AWS Region // other than the Region defined for the default user, you need to // pass the Region to the client constructor. var client = new AmazonKeyManagementServiceClient(); // The call to CreateKeyAsync will create a symmetrical AWS KMS // key. For more information about symmetrical and asymmetrical // keys, see: // // https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html var response = await client.CreateKeyAsync(new CreateKeyRequest()); // The KeyMetadata object contains information about the new AWS KMS key. KeyMetadata keyMetadata = response.KeyMetadata; if (keyMetadata is not null) { Console.WriteLine($"KMS Key: {keyMetadata.KeyId} was successfully created."); } else { Console.WriteLine("Could not create KMS Key."); } } }
  • 有关 API 的详细信息,请参阅 AWS SDK for .NETAPI 参考CreateKey中的。

以下代码示例演示如何为 KMS 密钥创建别名。


还有更多相关信息 GitHub。在 AWS 代码示例存储库中查找完整示例,了解如何进行设置和运行。

using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; /// <summary> /// Creates an alias for an AWS Key Management Service (AWS KMS) key. /// </summary> public class CreateAlias { public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); // The alias name must start with alias/ and can be // up to 256 alphanumeric characters long. var aliasName = "alias/ExampleAlias"; // The value supplied as the TargetKeyId can be either // the key ID or key Amazon Resource Name (ARN) of the // AWS KMS key. var keyId = "1234abcd-12ab-34cd-56ef-1234567890ab"; var request = new CreateAliasRequest { AliasName = aliasName, TargetKeyId = keyId, }; var response = await client.CreateAliasAsync(request); if (response.HttpStatusCode == System.Net.HttpStatusCode.OK) { Console.WriteLine($"Alias, {aliasName}, successfully created."); } else { Console.WriteLine($"Could not create alias."); } } }
  • 有关 API 的详细信息,请参阅 AWS SDK for .NETAPI 参考CreateAlias中的。

以下代码示例演示如何描述 KMS 密钥。


还有更多相关信息 GitHub。在 AWS 代码示例存储库中查找完整示例,了解如何进行设置和运行。

using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; /// <summary> /// Retrieve information about an AWS Key Management Service (AWS KMS) key. /// You can supply either the key Id or the key Amazon Resource Name (ARN) /// to the DescribeKeyRequest KeyId property. /// </summary> public class DescribeKey { public static async Task Main() { var keyId = "7c9eccc2-38cb-4c4f-9db3-766ee8dd3ad4"; var request = new DescribeKeyRequest { KeyId = keyId, }; var client = new AmazonKeyManagementServiceClient(); var response = await client.DescribeKeyAsync(request); var metadata = response.KeyMetadata; Console.WriteLine($"{metadata.KeyId} created on: {metadata.CreationDate}"); Console.WriteLine($"State: {metadata.KeyState}"); Console.WriteLine($"{metadata.Description}"); } }
  • 有关 API 的详细信息,请参阅 AWS SDK for .NETAPI 参考DescribeKey中的。

以下代码示例演示如何禁用 KMS 密钥。


还有更多相关信息 GitHub。在 AWS 代码示例存储库中查找完整示例,了解如何进行设置和运行。

using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; /// <summary> /// Disable an AWS Key Management Service (AWS KMS) key and then retrieve /// the key's status to show that it has been disabled. /// </summary> public class DisableKey { public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); // The identifier of the AWS KMS key to disable. You can use the // key Id or the Amazon Resource Name (ARN) of the AWS KMS key. var keyId = "1234abcd-12ab-34cd-56ef-1234567890ab"; var request = new DisableKeyRequest { KeyId = keyId, }; var response = await client.DisableKeyAsync(request); if (response.HttpStatusCode == System.Net.HttpStatusCode.OK) { // Retrieve information about the key to show that it has now // been disabled. var describeResponse = await client.DescribeKeyAsync(new DescribeKeyRequest { KeyId = keyId, }); Console.WriteLine($"{describeResponse.KeyMetadata.KeyId} - state: {describeResponse.KeyMetadata.KeyState}"); } } }
  • 有关 API 的详细信息,请参阅 AWS SDK for .NETAPI 参考DisableKey中的。

以下示例代码显示如何启用 KMS 密钥。


还有更多相关信息 GitHub。在 AWS 代码示例存储库中查找完整示例,了解如何进行设置和运行。

using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; /// <summary> /// Enable an AWS Key Management Service (AWS KMS) key. /// </summary> public class EnableKey { public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); // The identifier of the AWS KMS key to enable. You can use the // key Id or the Amazon Resource Name (ARN) of the AWS KMS key. var keyId = "1234abcd-12ab-34cd-56ef-1234567890ab"; var request = new EnableKeyRequest { KeyId = keyId, }; var response = await client.EnableKeyAsync(request); if (response.HttpStatusCode == System.Net.HttpStatusCode.OK) { // Retrieve information about the key to show that it has now // been enabled. var describeResponse = await client.DescribeKeyAsync(new DescribeKeyRequest { KeyId = keyId, }); Console.WriteLine($"{describeResponse.KeyMetadata.KeyId} - state: {describeResponse.KeyMetadata.KeyState}"); } } }
  • 有关 API 的详细信息,请参阅 AWS SDK for .NETAPI 参考EnableKey中的。

以下代码示例演示如何列出 KMS 密钥的别名。


还有更多相关信息 GitHub。在 AWS 代码示例存储库中查找完整示例,了解如何进行设置和运行。

using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; /// <summary> /// List the AWS Key Management Service (AWS KMS) aliases that have been defined for /// the keys in the same AWS Region as the default user. If you want to list /// the aliases in a different Region, pass the Region to the client /// constructor. /// </summary> public class ListAliases { public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); var request = new ListAliasesRequest(); var response = new ListAliasesResponse(); do { response = await client.ListAliasesAsync(request); response.Aliases.ForEach(alias => { Console.WriteLine($"Created: {alias.CreationDate} Last Update: {alias.LastUpdatedDate} Name: {alias.AliasName}"); }); request.Marker = response.NextMarker; } while (response.Truncated); } }
  • 有关 API 的详细信息,请参阅 AWS SDK for .NETAPI 参考ListAliases中的。

以下代码示例演示如何列出 KMS 密钥的授权。


还有更多相关信息 GitHub。在 AWS 代码示例存储库中查找完整示例,了解如何进行设置和运行。

using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; /// <summary> /// List the AWS Key Management Service (AWS KMS) grants that are associated with /// a specific key. /// </summary> public class ListGrants { public static async Task Main() { // The identifier of the AWS KMS key to disable. You can use the // key Id or the Amazon Resource Name (ARN) of the AWS KMS key. var keyId = "1234abcd-12ab-34cd-56ef-1234567890ab"; var client = new AmazonKeyManagementServiceClient(); var request = new ListGrantsRequest { KeyId = keyId, }; var response = new ListGrantsResponse(); do { response = await client.ListGrantsAsync(request); response.Grants.ForEach(grant => { Console.WriteLine($"{grant.GrantId}"); }); request.Marker = response.NextMarker; } while (response.Truncated); } }
  • 有关 API 的详细信息,请参阅 AWS SDK for .NETAPI 参考ListGrants中的。

以下代码示例演示如何列出 KMS 密钥。


还有更多相关信息 GitHub。在 AWS 代码示例存储库中查找完整示例,了解如何进行设置和运行。

using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; /// <summary> /// List the AWS Key Managements Service (AWS KMS) keys for the AWS Region /// of the default user. To list keys in another AWS Region, supply the Region /// as a parameter to the client constructor. /// </summary> public class ListKeys { public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); var request = new ListKeysRequest(); var response = new ListKeysResponse(); do { response = await client.ListKeysAsync(request); response.Keys.ForEach(key => { Console.WriteLine($"ID: {key.KeyId}, {key.KeyArn}"); }); // Set the Marker property when response.Truncated is true // in order to get the next keys. request.Marker = response.NextMarker; } while (response.Truncated); } }
  • 有关 API 的详细信息,请参阅 AWS SDK for .NETAPI 参考ListKeys中的。