class Fog::AWS::KMS::Real
Public Class Methods
new(options={})
click to toggle source
Initialize connection to KMS
Notes¶ ↑
options parameter must include values for :aws_access_key_id and :aws_secret_access_key in order to create a connection
Examples¶ ↑
kms = KMS.new( :aws_access_key_id => your_aws_access_key_id, :aws_secret_access_key => your_aws_secret_access_key )
Parameters¶ ↑
-
options<~Hash> - config arguments for connection. Defaults to {}.
-
region<~String> - optional region to use. For instance, 'eu-west-1', 'us-east-1', etc.
-
Returns¶ ↑
# File lib/fog/aws/kms.rb, line 95 def initialize(options={}) @use_iam_profile = options[:use_iam_profile] @connection_options = options[:connection_options] || {} @instrumentor = options[:instrumentor] @instrumentor_name = options[:instrumentor_name] || 'fog.aws.kms' options[:region] ||= 'us-east-1' @region = options[:region] @host = options[:host] || "kms.#{@region}.amazonaws.com" @path = options[:path] || '/' @persistent = options[:persistent] || false @port = options[:port] || 443 @scheme = options[:scheme] || 'https' @connection = Fog::XML::Connection.new("#{@scheme}://#{@host}:#{@port}#{@path}", @persistent, @connection_options) setup_credentials(options) end
Public Instance Methods
create_key(*args)
click to toggle source
Create Key
Parameters¶ ↑
-
options<~Hash>:
-
'Description'<~String>:
-
'KeyUsage'<~String>:
-
'Policy'<~String>:
-
… (see docs from see also)
-
Returns¶ ↑
See Also¶ ↑
docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html
# File lib/fog/aws/requests/kms/create_key.rb, line 20 def create_key(*args) options = Fog::AWS::KMS.parse_create_key_args(args) request({ 'Action' => 'CreateKey', :parser => Fog::Parsers::AWS::KMS::DescribeKey.new }.merge!(options)) end
describe_key(identifier)
click to toggle source
# File lib/fog/aws/requests/kms/describe_key.rb, line 7 def describe_key(identifier) request( 'Action' => 'DescribeKey', 'KeyId' => identifier, :parser => Fog::Parsers::AWS::KMS::DescribeKey.new ) end
get_public_key(identifier, grant_tokens = nil)
click to toggle source
# File lib/fog/aws/requests/kms/get_public_key.rb, line 7 def get_public_key(identifier, grant_tokens = nil) request( 'Action' => 'GetPublicKey', 'GrantTokens' => grant_tokens, 'KeyId' => identifier, :parser => Fog::Parsers::AWS::KMS::GetPublicKey.new ) end
list_keys(options={})
click to toggle source
# File lib/fog/aws/requests/kms/list_keys.rb, line 7 def list_keys(options={}) params = {} if options[:marker] params['Marker'] = options[:marker] end if options[:limit] params['Limit'] = options[:limit] end request({ 'Action' => 'ListKeys', :parser => Fog::Parsers::AWS::KMS::ListKeys.new }.merge(params)) end
reload()
click to toggle source
# File lib/fog/aws/kms.rb, line 116 def reload @connection.reset end
schedule_key_deletion(identifier, pending_window_in_days)
click to toggle source
# File lib/fog/aws/requests/kms/schedule_key_deletion.rb, line 7 def schedule_key_deletion(identifier, pending_window_in_days) request( 'Action' => 'ScheduleKeyDeletion', 'KeyId' => identifier, 'PendingWindowInDays' => pending_window_in_days, :parser => Fog::Parsers::AWS::KMS::ScheduleKeyDeletion.new ) end
sign(identifier, message, algorithm, options = {})
click to toggle source
Sign
Parameters¶ ↑
-
identifier<~String>: id, arn, alias name, or alias arn for key to sign with
-
message<~String>: base64 encoded message to sign
Returns¶ ↑
-
response<~Excon::Response>:
See Also¶ ↑
docs.aws.amazon.com/kms/latest/APIReference/API_Sign.html
# File lib/fog/aws/requests/kms/sign.rb, line 19 def sign(identifier, message, algorithm, options = {}) request({ 'Action' => 'Sign', 'KeyId' => identifier, 'Message' => message, 'SigningAlgorithm' => algorithm, :parser => Fog::Parsers::AWS::KMS::Sign.new }.merge!(options)) end
Private Instance Methods
_request(body, headers, idempotent, parser)
click to toggle source
# File lib/fog/aws/kms.rb, line 159 def _request(body, headers, idempotent, parser) @connection.request({ :body => body, :expects => 200, :headers => headers, :idempotent => idempotent, :method => 'POST', :parser => parser }) rescue Excon::Errors::HTTPStatusError => error match = Fog::AWS::Errors.match_error(error) if match.empty? raise elsif Fog::AWS::KMS.const_defined?(match[:code]) raise Fog::AWS::KMS.const_get(match[:code]).slurp(error, match[:message]) else raise Fog::AWS::KMS::Error.slurp(error, "#{match[:code]} => #{match[:message]}") end end
request(params)
click to toggle source
# File lib/fog/aws/kms.rb, line 130 def request(params) refresh_credentials_if_expired idempotent = params.delete(:idempotent) parser = params.delete(:parser) body, headers = Fog::AWS.signed_params_v4( params, { 'Content-Type' => 'application/x-www-form-urlencoded' }, { :aws_session_token => @aws_session_token, :signer => @signer, :host => @host, :path => @path, :port => @port, :version => '2014-11-01', :method => 'POST' } ) if @instrumentor @instrumentor.instrument("#{@instrumentor_name}.request", params) do _request(body, headers, idempotent, parser) end else _request(body, headers, idempotent, parser) end end
setup_credentials(options={})
click to toggle source
# File lib/fog/aws/kms.rb, line 122 def setup_credentials(options={}) @aws_access_key_id = options[:aws_access_key_id] @aws_secret_access_key = options[:aws_secret_access_key] @aws_session_token = options[:aws_session_token] @signer = Fog::AWS::SignatureV4.new(@aws_access_key_id, @aws_secret_access_key, @region, 'kms') end