Skip to content

Commit 8ba5763

Browse files
kdailykdaily
authored
Merge pull request #7254 from kdaily/kdaily-kms-gdk
Add examples for GenerateDataKey* operations
2 parents 4960c0c + 1725c29 commit 8ba5763

File tree

7 files changed

+344
-207
lines changed

7 files changed

+344
-207
lines changed

awscli/examples/kms/create-key.rst

Lines changed: 124 additions & 124 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
**To create a customer managed KMS key in AWS KMS**
1+
**Example 1: To create a customer managed KMS key in AWS KMS**
22

33
The following ``create-key`` example creates a symmetric encryption KMS key.
44

@@ -30,10 +30,10 @@ Output::
3030
"CreationDate": 1502910355.475,
3131
"Arn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
3232
"AWSAccountId": "111122223333",
33-
"MultiRegion": false
33+
"MultiRegion": false,
3434
"EncryptionAlgorithms": [
3535
"SYMMETRIC_DEFAULT"
36-
],
36+
]
3737
}
3838
}
3939

@@ -52,25 +52,25 @@ The following ``create-key`` example creates a KMS key that contains an asymmetr
5252
Output::
5353

5454
{
55-
"KeyMetadata": {
56-
"Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
57-
"AWSAccountId": "111122223333",
58-
"CreationDate": "2021-04-05T14:04:55-07:00",
59-
"CustomerMasterKeySpec": "RSA_4096",
60-
"Description": "",
61-
"Enabled": true,
62-
"EncryptionAlgorithms": [
63-
"RSAES_OAEP_SHA_1",
64-
"RSAES_OAEP_SHA_256"
65-
],
66-
"KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
67-
"KeyManager": "CUSTOMER",
68-
"KeySpec": "RSA_4096",
69-
"KeyState": "Enabled",
70-
"KeyUsage": "ENCRYPT_DECRYPT",
71-
"MultiRegion": false,
72-
"Origin": "AWS_KMS"
73-
}
55+
"KeyMetadata": {
56+
"Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
57+
"AWSAccountId": "111122223333",
58+
"CreationDate": "2021-04-05T14:04:55-07:00",
59+
"CustomerMasterKeySpec": "RSA_4096",
60+
"Description": "",
61+
"Enabled": true,
62+
"EncryptionAlgorithms": [
63+
"RSAES_OAEP_SHA_1",
64+
"RSAES_OAEP_SHA_256"
65+
],
66+
"KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
67+
"KeyManager": "CUSTOMER",
68+
"KeySpec": "RSA_4096",
69+
"KeyState": "Enabled",
70+
"KeyUsage": "ENCRYPT_DECRYPT",
71+
"MultiRegion": false,
72+
"Origin": "AWS_KMS"
73+
}
7474
}
7575

7676
For more information, see `Asymmetric keys in AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html>`__ in the *AWS Key Management Service Developer Guide*.
@@ -85,26 +85,26 @@ To create an HMAC KMS key that contains an asymmetric elliptic curve (ECC) key p
8585

8686
Output::
8787

88-
{
89-
"KeyMetadata": {
90-
"Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
91-
"AWSAccountId": "111122223333",
92-
"CreationDate": "2019-12-02T07:48:55-07:00",
93-
"CustomerMasterKeySpec": "ECC_NIST_P521",
94-
"Description": "",
95-
"Enabled": true,
96-
"KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
97-
"KeyManager": "CUSTOMER",
98-
"KeySpec": "ECC_NIST_P521",
99-
"KeyState": "Enabled",
100-
"KeyUsage": "SIGN_VERIFY",
101-
"MultiRegion": false,
102-
"Origin": "AWS_KMS",
103-
"SigningAlgorithms": [
104-
"ECDSA_SHA_512"
105-
]
106-
}
107-
}
88+
{
89+
"KeyMetadata": {
90+
"Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
91+
"AWSAccountId": "111122223333",
92+
"CreationDate": "2019-12-02T07:48:55-07:00",
93+
"CustomerMasterKeySpec": "ECC_NIST_P521",
94+
"Description": "",
95+
"Enabled": true,
96+
"KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
97+
"KeyManager": "CUSTOMER",
98+
"KeySpec": "ECC_NIST_P521",
99+
"KeyState": "Enabled",
100+
"KeyUsage": "SIGN_VERIFY",
101+
"MultiRegion": false,
102+
"Origin": "AWS_KMS",
103+
"SigningAlgorithms": [
104+
"ECDSA_SHA_512"
105+
]
106+
}
107+
}
108108

109109
**Example 4: To create an HMAC KMS key**
110110

@@ -117,24 +117,24 @@ The following ``create-key`` example creates a 384-bit symmetric HMAC KMS key. T
117117
Output::
118118

119119
{
120-
"KeyMetadata": {
121-
"Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
122-
"AWSAccountId": "111122223333",
123-
"CreationDate": "2022-04-05T14:04:55-07:00",
124-
"CustomerMasterKeySpec": "HMAC_384",
125-
"Description": "",
126-
"Enabled": true,
127-
"KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
128-
"KeyManager": "CUSTOMER",
129-
"KeySpec": "HMAC_384",
130-
"KeyState": "Enabled",
131-
"KeyUsage": "GENERATE_VERIFY_MAC",
132-
"MacAlgorithms": [
133-
"HMAC_SHA_384"
134-
],
135-
"MultiRegion": false,
136-
"Origin": "AWS_KMS"
137-
}
120+
"KeyMetadata": {
121+
"Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
122+
"AWSAccountId": "111122223333",
123+
"CreationDate": "2022-04-05T14:04:55-07:00",
124+
"CustomerMasterKeySpec": "HMAC_384",
125+
"Description": "",
126+
"Enabled": true,
127+
"KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
128+
"KeyManager": "CUSTOMER",
129+
"KeySpec": "HMAC_384",
130+
"KeyState": "Enabled",
131+
"KeyUsage": "GENERATE_VERIFY_MAC",
132+
"MacAlgorithms": [
133+
"HMAC_SHA_384"
134+
],
135+
"MultiRegion": false,
136+
"Origin": "AWS_KMS"
137+
}
138138
}
139139

140140
**Example 4: To create a multi-Region primary KMS key**
@@ -147,32 +147,32 @@ The following ``create-key`` example creates a multi-Region primary symmetric en
147147
Output::
148148

149149
{
150-
"KeyMetadata": {
151-
"Arn": "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef12345678990ab",
152-
"AWSAccountId": "111122223333",
153-
"CreationDate": "2021-09-02T016:15:21-09:00",
154-
"CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
155-
"Description": "",
156-
"Enabled": true,
157-
"EncryptionAlgorithms": [
158-
"SYMMETRIC_DEFAULT"
159-
],
160-
"KeyId": "mrk-1234abcd12ab34cd56ef12345678990ab",
161-
"KeyManager": "CUSTOMER",
162-
"KeySpec": "SYMMETRIC_DEFAULT",
163-
"KeyState": "Enabled",
164-
"KeyUsage": "ENCRYPT_DECRYPT",
165-
"MultiRegion": true,
166-
"MultiRegionConfiguration": {
167-
"MultiRegionKeyType": "PRIMARY",
168-
"PrimaryKey": {
150+
"KeyMetadata": {
169151
"Arn": "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef12345678990ab",
170-
"Region": "us-west-2"
171-
},
172-
"ReplicaKeys": []
173-
},
174-
"Origin": "AWS_KMS"
175-
}
152+
"AWSAccountId": "111122223333",
153+
"CreationDate": "2021-09-02T016:15:21-09:00",
154+
"CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
155+
"Description": "",
156+
"Enabled": true,
157+
"EncryptionAlgorithms": [
158+
"SYMMETRIC_DEFAULT"
159+
],
160+
"KeyId": "mrk-1234abcd12ab34cd56ef12345678990ab",
161+
"KeyManager": "CUSTOMER",
162+
"KeySpec": "SYMMETRIC_DEFAULT",
163+
"KeyState": "Enabled",
164+
"KeyUsage": "ENCRYPT_DECRYPT",
165+
"MultiRegion": true,
166+
"MultiRegionConfiguration": {
167+
"MultiRegionKeyType": "PRIMARY",
168+
"PrimaryKey": {
169+
"Arn": "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef12345678990ab",
170+
"Region": "us-west-2"
171+
},
172+
"ReplicaKeys": []
173+
},
174+
"Origin": "AWS_KMS"
175+
}
176176
}
177177

178178
**Example 5: To create a KMS key for imported key material**
@@ -184,25 +184,25 @@ The following ``create-key`` example creates a creates a KMS key with no key mat
184184

185185
Output::
186186

187-
{
188-
"KeyMetadata": {
189-
"Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
190-
"AWSAccountId": "111122223333",
191-
"CreationDate": "2019-12-02T07:48:55-07:00",
192-
"CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
193-
"Description": "",
194-
"Enabled": false,
195-
"EncryptionAlgorithms": [
196-
"SYMMETRIC_DEFAULT"
197-
],
198-
"KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
199-
"KeyManager": "CUSTOMER",
200-
"KeySpec": "SYMMETRIC_DEFAULT",
201-
"KeyState": "PendingImport",
202-
"KeyUsage": "ENCRYPT_DECRYPT",
203-
"MultiRegion": false,
204-
"Origin": "EXTERNAL"
205-
}
187+
{
188+
"KeyMetadata": {
189+
"Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
190+
"AWSAccountId": "111122223333",
191+
"CreationDate": "2019-12-02T07:48:55-07:00",
192+
"CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
193+
"Description": "",
194+
"Enabled": false,
195+
"EncryptionAlgorithms": [
196+
"SYMMETRIC_DEFAULT"
197+
],
198+
"KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
199+
"KeyManager": "CUSTOMER",
200+
"KeySpec": "SYMMETRIC_DEFAULT",
201+
"KeyState": "PendingImport",
202+
"KeyUsage": "ENCRYPT_DECRYPT",
203+
"MultiRegion": false,
204+
"Origin": "EXTERNAL"
205+
}
206206
}
207207

208208

@@ -217,24 +217,24 @@ The following ``create-key`` example creates a creates a KMS key in the specifie
217217
Output::
218218

219219
{
220-
"KeyMetadata": {
221-
"Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
222-
"AWSAccountId": "111122223333",
223-
"CloudHsmClusterId": "cluster-1a23b4cdefg",
224-
"CreationDate": "2019-12-02T07:48:55-07:00",
225-
"CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
226-
"CustomKeyStoreId": "cks-1234567890abcdef0",
227-
"Description": "",
228-
"Enabled": true,
229-
"EncryptionAlgorithms": [
230-
"SYMMETRIC_DEFAULT"
231-
],
232-
"KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
233-
"KeyManager": "CUSTOMER",
234-
"KeySpec": "SYMMETRIC_DEFAULT",
235-
"KeyState": "Enabled",
236-
"KeyUsage": "ENCRYPT_DECRYPT",
237-
"MultiRegion": false,
238-
"Origin": "AWS_CLOUDHSM"
239-
}
220+
"KeyMetadata": {
221+
"Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
222+
"AWSAccountId": "111122223333",
223+
"CloudHsmClusterId": "cluster-1a23b4cdefg",
224+
"CreationDate": "2019-12-02T07:48:55-07:00",
225+
"CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
226+
"CustomKeyStoreId": "cks-1234567890abcdef0",
227+
"Description": "",
228+
"Enabled": true,
229+
"EncryptionAlgorithms": [
230+
"SYMMETRIC_DEFAULT"
231+
],
232+
"KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
233+
"KeyManager": "CUSTOMER",
234+
"KeySpec": "SYMMETRIC_DEFAULT",
235+
"KeyState": "Enabled",
236+
"KeyUsage": "ENCRYPT_DECRYPT",
237+
"MultiRegion": false,
238+
"Origin": "AWS_CLOUDHSM"
239+
}
240240
}

0 commit comments

Comments
 (0)