AWS KMS examples using SDK for Rust (original) (raw)
The following code examples show you how to perform actions and implement common scenarios by using the AWS SDK for Rust with AWS KMS.
Actions are code excerpts from larger programs and must be run in context. While actions show you how to call individual service functions, you can see actions in context in their related scenarios.
Each example includes a link to the complete source code, where you can find instructions on how to set up and run the code in context.
Actions
The following code example shows how to use CreateKey.
SDK for Rust
async fn make_key(client: &Client) -> Result<(), Error> {
let resp = client.create_key().send().await?;
let id = resp.key_metadata.as_ref().unwrap().key_id();
println!("Key: {}", id);
Ok(())
}
- For API details, seeCreateKey in AWS SDK for Rust API reference.
The following code example shows how to use Decrypt.
SDK for Rust
async fn decrypt_key(client: &Client, key: &str, filename: &str) -> Result<(), Error> {
// Open input text file and get contents as a string
// input is a base-64 encoded string, so decode it:
let data = fs::read_to_string(filename)
.map(|input| {
base64::decode(input).expect("Input file does not contain valid base 64 characters.")
})
.map(Blob::new);
let resp = client
.decrypt()
.key_id(key)
.ciphertext_blob(data.unwrap())
.send()
.await?;
let inner = resp.plaintext.unwrap();
let bytes = inner.as_ref();
let s = String::from_utf8(bytes.to_vec()).expect("Could not convert to UTF-8");
println!();
println!("Decoded string:");
println!("{}", s);
Ok(())
}
- For API details, seeDecrypt in AWS SDK for Rust API reference.
The following code example shows how to use Encrypt.
SDK for Rust
async fn encrypt_string(
verbose: bool,
client: &Client,
text: &str,
key: &str,
out_file: &str,
) -> Result<(), Error> {
let blob = Blob::new(text.as_bytes());
let resp = client.encrypt().key_id(key).plaintext(blob).send().await?;
// Did we get an encrypted blob?
let blob = resp.ciphertext_blob.expect("Could not get encrypted text");
let bytes = blob.as_ref();
let s = base64::encode(bytes);
let mut ofile = File::create(out_file).expect("unable to create file");
ofile.write_all(s.as_bytes()).expect("unable to write");
if verbose {
println!("Wrote the following to {:?}", out_file);
println!("{}", s);
}
Ok(())
}
- For API details, seeEncrypt in AWS SDK for Rust API reference.
The following code example shows how to use GenerateDataKey.
SDK for Rust
async fn make_key(client: &Client, key: &str) -> Result<(), Error> {
let resp = client
.generate_data_key()
.key_id(key)
.key_spec(DataKeySpec::Aes256)
.send()
.await?;
// Did we get an encrypted blob?
let blob = resp.ciphertext_blob.expect("Could not get encrypted text");
let bytes = blob.as_ref();
let s = base64::encode(bytes);
println!();
println!("Data key:");
println!("{}", s);
Ok(())
}
- For API details, seeGenerateDataKey in AWS SDK for Rust API reference.
The following code example shows how to use GenerateDataKeyWithoutPlaintext.
SDK for Rust
async fn make_key(client: &Client, key: &str) -> Result<(), Error> {
let resp = client
.generate_data_key_without_plaintext()
.key_id(key)
.key_spec(DataKeySpec::Aes256)
.send()
.await?;
// Did we get an encrypted blob?
let blob = resp.ciphertext_blob.expect("Could not get encrypted text");
let bytes = blob.as_ref();
let s = base64::encode(bytes);
println!();
println!("Data key:");
println!("{}", s);
Ok(())
}
- For API details, seeGenerateDataKeyWithoutPlaintext in AWS SDK for Rust API reference.
The following code example shows how to use GenerateRandom.
SDK for Rust
async fn make_string(client: &Client, length: i32) -> Result<(), Error> {
let resp = client
.generate_random()
.number_of_bytes(length)
.send()
.await?;
// Did we get an encrypted blob?
let blob = resp.plaintext.expect("Could not get encrypted text");
let bytes = blob.as_ref();
let s = base64::encode(bytes);
println!();
println!("Data key:");
println!("{}", s);
Ok(())
}
- For API details, seeGenerateRandom in AWS SDK for Rust API reference.
The following code example shows how to use ListKeys.
SDK for Rust
async fn show_keys(client: &Client) -> Result<(), Error> {
let resp = client.list_keys().send().await?;
let keys = resp.keys.unwrap_or_default();
let len = keys.len();
for key in keys {
println!("Key ARN: {}", key.key_arn.as_deref().unwrap_or_default());
}
println!();
println!("Found {} keys", len);
Ok(())
}
- For API details, seeListKeys in AWS SDK for Rust API reference.
The following code example shows how to use ReEncrypt.
SDK for Rust
async fn reencrypt_string(
verbose: bool,
client: &Client,
input_file: &str,
output_file: &str,
first_key: &str,
new_key: &str,
) -> Result<(), Error> {
// Get blob from input file
// Open input text file and get contents as a string
// input is a base-64 encoded string, so decode it:
let data = fs::read_to_string(input_file)
.map(|input_file| base64::decode(input_file).expect("invalid base 64"))
.map(Blob::new);
let resp = client
.re_encrypt()
.ciphertext_blob(data.unwrap())
.source_key_id(first_key)
.destination_key_id(new_key)
.send()
.await?;
// Did we get an encrypted blob?
let blob = resp.ciphertext_blob.expect("Could not get encrypted text");
let bytes = blob.as_ref();
let s = base64::encode(bytes);
let o = &output_file;
let mut ofile = File::create(o).expect("unable to create file");
ofile.write_all(s.as_bytes()).expect("unable to write");
if verbose {
println!("Wrote the following to {}:", output_file);
println!("{}", s);
} else {
println!("Wrote base64-encoded output to {}", output_file);
}
Ok(())
}
- For API details, seeReEncrypt in AWS SDK for Rust API reference.
Did this page help you? - Yes
Thanks for letting us know we're doing a good job!
If you've got a moment, please tell us what we did right so we can do more of it.
Did this page help you? - No
Thanks for letting us know this page needs work. We're sorry we let you down.
If you've got a moment, please tell us how we can make the documentation better.