Class: Fog::AWS::KMS::Real

Inherits:

Object

• Object
• Fog::AWS::KMS::Real

Includes:

CredentialFetcher::ConnectionMethods

Defined in:

lib/fog/aws/kms.rb,
lib/fog/aws/requests/kms/sign.rb,
lib/fog/aws/requests/kms/list_keys.rb,
lib/fog/aws/requests/kms/create_key.rb,
lib/fog/aws/requests/kms/describe_key.rb,
lib/fog/aws/requests/kms/get_public_key.rb,
lib/fog/aws/requests/kms/schedule_key_deletion.rb

Instance Method Summary

• #create_key(*args) ⇒ Object

  Create Key.

• #describe_key(identifier) ⇒ Object
• #get_public_key(identifier, grant_tokens = nil) ⇒ Object
• #initialize(options = {}) ⇒ Real constructor

  Initialize connection to KMS.

• #list_keys(options = {}) ⇒ Object
• #reload ⇒ Object
• #schedule_key_deletion(identifier, pending_window_in_days) ⇒ Object
• #sign(identifier, message, algorithm, options = {}) ⇒ Object

  Sign.

Methods included from CredentialFetcher::ConnectionMethods

#refresh_credentials_if_expired

Constructor Details

#initialize(options = {}) ⇒ Real

Initialize connection to KMS

Notes

options parameter must include values for :aws_access_key_id and :aws_secret_access_key in order to create a connection

Examples

kms = KMS.new(
 :aws_access_key_id     => your_aws_access_key_id,
 :aws_secret_access_key => your_aws_secret_access_key
)

Parameters

• options<~Hash> - config arguments for connection. Defaults to {}.

  • region<~String> - optional region to use. For instance, ‘eu-west-1’, ‘us-east-1’, etc.

Returns

• KMS object with connection to AWS.

# File 'lib/fog/aws/kms.rb', line 95

def initialize(options={})

  @use_iam_profile    = options[:use_iam_profile]
  @connection_options = options[:connection_options] || {}
  @instrumentor       = options[:instrumentor]
  @instrumentor_name  = options[:instrumentor_name] || 'fog.aws.kms'

  options[:region] ||= 'us-east-1'

  @region     = options[:region]
  @host       = options[:host]       || "kms.#{@region}.amazonaws.com"
  @path       = options[:path]       || '/'
  @persistent = options[:persistent] || false
  @port       = options[:port]       || 443
  @scheme     = options[:scheme]     || 'https'

  @connection = Fog::XML::Connection.new("#{@scheme}://#{@host}:#{@port}#{@path}", @persistent, @connection_options)

  setup_credentials(options)
end

Instance Method Details

#create_key(*args) ⇒ Object

Create Key

Parameters

• options<~Hash>:

  • ‘Description’<~String>:

  • ‘KeyUsage’<~String>:

  • ‘Policy’<~String>:

  • … (see docs from see also)

Returns

See Also

docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html

# File 'lib/fog/aws/requests/kms/create_key.rb', line 20

def create_key(*args)
  options = Fog::AWS::KMS.parse_create_key_args(args)
  request({
    'Action' => 'CreateKey',
    :parser => Fog::Parsers::AWS::KMS::DescribeKey.new
  }.merge!(options))
end

#describe_key(identifier) ⇒ Object

# File 'lib/fog/aws/requests/kms/describe_key.rb', line 7

def describe_key(identifier)
  request(
    'Action' => 'DescribeKey',
    'KeyId'  => identifier,
    :parser  => Fog::Parsers::AWS::KMS::DescribeKey.new
  )
end

#get_public_key(identifier, grant_tokens = nil) ⇒ Object

# File 'lib/fog/aws/requests/kms/get_public_key.rb', line 7

def get_public_key(identifier, grant_tokens = nil)
  request(
    'Action' => 'GetPublicKey',
    'GrantTokens' => grant_tokens,
    'KeyId' => identifier,
    :parser => Fog::Parsers::AWS::KMS::GetPublicKey.new
  )
end

#list_keys(options = {}) ⇒ Object

# File 'lib/fog/aws/requests/kms/list_keys.rb', line 7

def list_keys(options={})
  params = {}

  if options[:marker]
    params['Marker'] = options[:marker]
  end

  if options[:limit]
    params['Limit'] = options[:limit]
  end

  request({
    'Action' => 'ListKeys',
    :parser  => Fog::Parsers::AWS::KMS::ListKeys.new
  }.merge(params))
end

#reload ⇒ Object

# File 'lib/fog/aws/kms.rb', line 116

def reload
  @connection.reset
end

#schedule_key_deletion(identifier, pending_window_in_days) ⇒ Object

# File 'lib/fog/aws/requests/kms/schedule_key_deletion.rb', line 7

def schedule_key_deletion(identifier, pending_window_in_days)
  request(
    'Action' => 'ScheduleKeyDeletion',
    'KeyId' => identifier,
    'PendingWindowInDays' => pending_window_in_days,
    :parser => Fog::Parsers::AWS::KMS::ScheduleKeyDeletion.new
  )
end

#sign(identifier, message, algorithm, options = {}) ⇒ Object

Sign

Parameters

• identifier<~String>: id, arn, alias name, or alias arn for key to sign with

• message<~String>: base64 encoded message to sign

Returns

• response<~Excon::Response>:

See Also

docs.aws.amazon.com/kms/latest/APIReference/API_Sign.html

# File 'lib/fog/aws/requests/kms/sign.rb', line 19

def sign(identifier, message, algorithm, options = {})
  request({
    'Action' => 'Sign',
    'KeyId' => identifier,
    'Message' => message,
    'SigningAlgorithm' => algorithm,
    :parser => Fog::Parsers::AWS::KMS::Sign.new
  }.merge!(options))
end