Giters

oobujieshi / alibabacloud-dkms-transfer-go-sdk

Alibaba Cloud Dedicated KMS Transfer SDK for Go can help Go developers to migrate from the KMS keys to the Dedicated KMS keys.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

English | 简体中文

Alibaba Cloud Dedicated KMS Transfer SDK for Go

Alibaba Cloud Dedicated KMS Transfer SDK for Go can help Golang developers to migrate from the KMS keys to the Dedicated KMS keys.

Features

  • Dedicated KMS provides a tenant-specific instance that is deployed in the VPC of a tenant to allow access over an internal network.
  • Dedicated KMS uses a tenant-specific cryptographic resource pool to implement resource isolation and cryptographic isolation. This improves security.
  • Dedicated KMS simplifies the management of HSMs. You can use the stable, easy-to-use upper-layer key management features and cryptographic operations provided by Dedicated KMS to manage your HSMs.
  • Dedicated KMS allows you to integrate your HSMs with Alibaba Cloud services in a seamless manner. This delivers secure and controllable encryption capabilities for Alibaba Cloud services. For more information, see Alibaba Cloud services that can be integrated with KMS.
  • Reduce the cost of migrating the Shared KMS keys to Dedicated KMS keys.

Requirements

  • Golang 1.12 or later.

Installation

If you use go mod to manage your dependence, You can declare the dependency on AlibabaCloud DKMS SDK for Go in the go.mod file:

require (
	github.com/aliyun/alibabacloud-dkms-transfer-go-sdk v0.1.8
)

Or, Run the following command to get the remote code package:

$ go get -u github.com/aliyun/alibabacloud-dkms-transfer-go-sdk

Client Mechanism

Alibaba Cloud Dedicated KMS Transfer SDK for Go transfers the the following method of request to dedicated KMS vpc gateway by default.

  • Encrypt
  • Decrypt
  • GenerateDataKey
  • GenerateDataKeyWithoutPlaintext
  • GetPublicKey
  • AsymmetricEncrypt
  • AsymmetricDecrypt
  • AsymmetricSign
  • AsymmetricVerify
  • GetSecretValue

Quick Examples

package example

import (
	"fmt"
	"github.com/alibabacloud-go/tea/tea"
	"github.com/aliyun/alibaba-cloud-sdk-go/services/kms"
	dedicatedkmsopenapi "github.com/aliyun/alibabacloud-dkms-gcs-go-sdk/openapi"
	"github.com/aliyun/alibabacloud-dkms-transfer-go-sdk/sdk"
	"io/ioutil"
)

func main() {
	config := &dedicatedkmsopenapi.Config{
		Protocol:         tea.String("https"),
		ClientKeyContent: tea.String("<your client key content>"),
		Password:         tea.String("<your client key password>"),
		Endpoint:         tea.String("<your dkms instance service endpoint>"),
	}
	client, err := sdk.NewClientWithAccessKey("<your region id>", "<your access key id>", "<your access key secret>", config)
	if err != nil {
		panic(err)
	}
	
	// verify CA cert
	ca, err := ioutil.ReadFile("path/to/caCert.pem")
	if err != nil {
		panic(err)
	}
	client.SetVerify(string(ca))
	// or, ignore CA cert
	//client.SetHTTPSInsecure(true)

	request := kms.CreateEncryptRequest()
	request.KeyId = "<your key id>"
	request.Plaintext = "<your plaintext>"

	result, err := client.Encrypt(request)
	if err != nil {
		panic(err)
	}
	fmt.Println(result)
}

License

Apache-2.0

Copyright (c) 2009-present, Alibaba Cloud All rights reserved.

About

Alibaba Cloud Dedicated KMS Transfer SDK for Go can help Go developers to migrate from the KMS keys to the Dedicated KMS keys.

License:Apache License 2.0

Languages

Language:Go 100.0%