当前位置:theitroad>java 使用自定义 KMS 密钥访问 AWS 参数存储值

java 使用自定义 KMS 密钥访问 AWS 参数存储值

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/43211121/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-11-03 07:11:52  来源:igfitidea点击:

Accessing AWS parameter store values with custom KMS key

javaamazon-web-servicesamazon-ec2

提问by Java Programmer

I am trying to read AWS parameters from the parameter store using java, i have created the parameters using a custom encryption key. I dont see a sample code in the internet where its using a custom KMS key , the below is the code i currently have which is working (here we are usingthe default KMS key).

我正在尝试使用 java 从参数存储中读取 AWS 参数,我使用自定义加密密钥创建了参数。我在互联网上没有看到使用自定义 KMS 密钥的示例代码,以下是我目前正在使用的代码(这里我们使用默认的 KMS 密钥)。

AWSSimpleSystemsManagement client= AWSSimpleSystemsManagementClientBuilder.defaultClient();
    GetParametersRequest request= new GetParametersRequest();
    request.withNames("test.username","test.password")
           .setWithDecryption(true);

This will give the results with default KMS key Does anyone know how to handle this if we have a custom KMS key

这将给出默认 KMS 密钥的结果 如果我们有自定义 KMS 密钥,有人知道如何处理吗

采纳答案by Cooper.Wu

For GetParametersAPI, there's no difference between use default KMS key or custom KMS key. It always works like your code. Just make sure the permission for the credential includes the custom key.

对于GetParametersAPI,使用默认 KMS 密钥和自定义 KMS 密钥没有区别。它总是像您的代码一样工作。只需确保凭据的权限包括自定义密钥。

The difference only at PutParameterAPI, when using a default KMS key, you don't need to specify it, when using a custom KMS key, you set its KeyId to the custom key. The KeyId can be one of following examples:

区别仅在PutParameterAPI,使用默认KMS密钥时不需要指定,使用自定义KMS密钥时,将其KeyId设置为自定义密钥。KeyId 可以是以下示例之一:

  • Key ARN Example arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
  • Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
  • Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
  • Alias Name Example - alias/MyAliasName
  • 关键 ARN 示例 arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
  • 别名 ARN 示例 - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
  • 全局唯一密钥 ID 示例 - 12345678-1234-1234-1234-123456789012
  • 别名示例 - 别名/MyAliasName

回答by Extreme

just in case, if somebody looking for this (with Default encryption Key)

以防万一,如果有人在寻找这个(使用默认加密密钥)

protected Parameter getParameterFromSSMByName(String parameterKey)
  {
    AWSCredentialsProvider credentials = InstanceProfileCredentialsProvider.getInstance();
    AWSSimpleSystemsManagement simpleSystemsManagementClient = (AWSSimpleSystemsManagement)((AWSSimpleSystemsManagementClientBuilder)((AWSSimpleSystemsManagementClientBuilder)AWSSimpleSystemsManagementClientBuilder.standard().withCredentials(credentials)).withRegion("us-east-1")).build();
    GetParameterRequest parameterRequest = new GetParameterRequest();
    parameterRequest.withName(parameterKey).setWithDecryption(Boolean.valueOf(true));
    GetParameterResult parameterResult = simpleSystemsManagementClient.getParameter(parameterRequest);
    return parameterResult.getParameter();
  }

回答by Derrick Petzold

Here is @Extreme's answer as a class with imports and a bit of cleanup:

这是@Extreme 的答案,作为一个带有导入和一些清理的类:

import com.amazonaws.auth.AWSCredentialsProvider;                                                                   
import com.amazonaws.auth.InstanceProfileCredentialsProvider;
import com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagement;
import com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagementClientBuilder;

import com.amazonaws.services.simplesystemsmanagement.model.GetParameterRequest;
import com.amazonaws.services.simplesystemsmanagement.model.GetParameterResult;

public class AWSSsmHelper
{
    private AWSCredentialsProvider credentials = InstanceProfileCredentialsProvider.getInstance();
    private AWSSimpleSystemsManagement simpleSystemsManagementClient =
        AWSSimpleSystemsManagementClientBuilder.standard().withCredentials(credentials)).withRegion("us-east-1")).build();                    

    public String getParameterFromSSMByName(String parameterKey) {
        GetParameterRequest parameterRequest = new GetParameterRequest();
        parameterRequest.withName(parameterKey).setWithDecryption(Boolean.valueOf(true));
        GetParameterResult parameterResult = simpleSystemsManagementClient.getParameter(parameterRequest);
        return parameterResult.getParameter().getValue();
    }
}

相关推荐

java 什么是类型和类型令牌?

java 什么是类型和类型令牌?

在 Java 8 中删除流的第一个元素

在 Java 8 中删除流的第一个元素

java 无法执行目标 org.apache.maven.plugins:maven-javadoc-plugin

java 无法执行目标 org.apache.maven.plugins:maven-javadoc-plugin

java 从 Web 应用程序以 PDF 格式部署 jasperreport 时字体不起作用

java 从 Web 应用程序以 PDF 格式部署 jasperreport 时字体不起作用

相关推荐
最近更新
标签