class Fog::AWS::KMS::Real

Public Class Methods

new(options={}) click to toggle source

Initialize connection to KMS

Notes

options parameter must include values for :aws_access_key_id and :aws_secret_access_key in order to create a connection

Examples

kms = KMS.new(
 :aws_access_key_id     => your_aws_access_key_id,
 :aws_secret_access_key => your_aws_secret_access_key
)

Parameters

  • options<~Hash> - config arguments for connection. Defaults to {}.

    • region<~String> - optional region to use. For instance, 'eu-west-1', 'us-east-1', etc.

Returns

  • KMS object with connection to AWS.

# File lib/fog/aws/kms.rb, line 95
def initialize(options={})

  @use_iam_profile    = options[:use_iam_profile]
  @connection_options = options[:connection_options] || {}
  @instrumentor       = options[:instrumentor]
  @instrumentor_name  = options[:instrumentor_name] || 'fog.aws.kms'

  options[:region] ||= 'us-east-1'

  @region     = options[:region]
  @host       = options[:host]       || "kms.#{@region}.amazonaws.com"
  @path       = options[:path]       || '/'
  @persistent = options[:persistent] || false
  @port       = options[:port]       || 443
  @scheme     = options[:scheme]     || 'https'

  @connection = Fog::XML::Connection.new("#{@scheme}://#{@host}:#{@port}#{@path}", @persistent, @connection_options)

  setup_credentials(options)
end

Public Instance Methods

create_key(*args) click to toggle source

Create Key

Parameters

  • options<~Hash>:

    • 'Description'<~String>:

    • 'KeyUsage'<~String>:

    • 'Policy'<~String>:

    • … (see docs from see also)

Returns

See Also

docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html

# File lib/fog/aws/requests/kms/create_key.rb, line 20
def create_key(*args)
  options = Fog::AWS::KMS.parse_create_key_args(args)
  request({
    'Action' => 'CreateKey',
    :parser => Fog::Parsers::AWS::KMS::DescribeKey.new
  }.merge!(options))
end
describe_key(identifier) click to toggle source
# File lib/fog/aws/requests/kms/describe_key.rb, line 7
def describe_key(identifier)
  request(
    'Action' => 'DescribeKey',
    'KeyId'  => identifier,
    :parser  => Fog::Parsers::AWS::KMS::DescribeKey.new
  )
end
get_public_key(identifier, grant_tokens = nil) click to toggle source
# File lib/fog/aws/requests/kms/get_public_key.rb, line 7
def get_public_key(identifier, grant_tokens = nil)
  request(
    'Action' => 'GetPublicKey',
    'GrantTokens' => grant_tokens,
    'KeyId' => identifier,
    :parser => Fog::Parsers::AWS::KMS::GetPublicKey.new
  )
end
list_keys(options={}) click to toggle source
# File lib/fog/aws/requests/kms/list_keys.rb, line 7
def list_keys(options={})
  params = {}

  if options[:marker]
    params['Marker'] = options[:marker]
  end

  if options[:limit]
    params['Limit'] = options[:limit]
  end

  request({
    'Action' => 'ListKeys',
    :parser  => Fog::Parsers::AWS::KMS::ListKeys.new
  }.merge(params))
end
reload() click to toggle source
# File lib/fog/aws/kms.rb, line 116
def reload
  @connection.reset
end
schedule_key_deletion(identifier, pending_window_in_days) click to toggle source
# File lib/fog/aws/requests/kms/schedule_key_deletion.rb, line 7
def schedule_key_deletion(identifier, pending_window_in_days)
  request(
    'Action' => 'ScheduleKeyDeletion',
    'KeyId' => identifier,
    'PendingWindowInDays' => pending_window_in_days,
    :parser => Fog::Parsers::AWS::KMS::ScheduleKeyDeletion.new
  )
end
sign(identifier, message, algorithm, options = {}) click to toggle source

Sign

Parameters

  • identifier<~String>: id, arn, alias name, or alias arn for key to sign with

  • message<~String>: base64 encoded message to sign

Returns

  • response<~Excon::Response>:

See Also

docs.aws.amazon.com/kms/latest/APIReference/API_Sign.html

# File lib/fog/aws/requests/kms/sign.rb, line 19
def sign(identifier, message, algorithm, options = {})
  request({
    'Action' => 'Sign',
    'KeyId' => identifier,
    'Message' => message,
    'SigningAlgorithm' => algorithm,
    :parser => Fog::Parsers::AWS::KMS::Sign.new
  }.merge!(options))
end

Private Instance Methods

_request(body, headers, idempotent, parser) click to toggle source
# File lib/fog/aws/kms.rb, line 159
def _request(body, headers, idempotent, parser)
  @connection.request({
    :body       => body,
    :expects    => 200,
    :headers    => headers,
    :idempotent => idempotent,
    :method     => 'POST',
    :parser     => parser
  })
rescue Excon::Errors::HTTPStatusError => error
  match = Fog::AWS::Errors.match_error(error)

  if match.empty?
    raise
  elsif Fog::AWS::KMS.const_defined?(match[:code])
    raise Fog::AWS::KMS.const_get(match[:code]).slurp(error, match[:message])
  else
    raise Fog::AWS::KMS::Error.slurp(error, "#{match[:code]} => #{match[:message]}")
  end
end
request(params) click to toggle source
# File lib/fog/aws/kms.rb, line 130
def request(params)
  refresh_credentials_if_expired

  idempotent  = params.delete(:idempotent)
  parser      = params.delete(:parser)

  body, headers = Fog::AWS.signed_params_v4(
    params,
    { 'Content-Type' => 'application/x-www-form-urlencoded' },
    {
      :aws_session_token  => @aws_session_token,
      :signer             => @signer,
      :host               => @host,
      :path               => @path,
      :port               => @port,
      :version            => '2014-11-01',
      :method             => 'POST'
    }
  )

  if @instrumentor
    @instrumentor.instrument("#{@instrumentor_name}.request", params) do
      _request(body, headers, idempotent, parser)
    end
  else
    _request(body, headers, idempotent, parser)
  end
end
setup_credentials(options={}) click to toggle source
# File lib/fog/aws/kms.rb, line 122
def setup_credentials(options={})
  @aws_access_key_id         = options[:aws_access_key_id]
  @aws_secret_access_key     = options[:aws_secret_access_key]
  @aws_session_token         = options[:aws_session_token]

  @signer = Fog::AWS::SignatureV4.new(@aws_access_key_id, @aws_secret_access_key, @region, 'kms')
end