KMS client

This page contains examples with the KMS client. See the client introduction for a more detailed description how to use a client. You may also want to consider the authentication documentation to understand the many ways you can authenticate with AWS.

The KMS package could be installed with Composer.

composer require async-aws/kms

A new client object may be instantiated by:

use AsyncAws\KMS\KMSClient; $kMS = new KMSClient();

The authentication parameters is read from the environment by default. You can also specify a AWS access id and secret:

use AsyncAws\KMS\KMSClient; $kMS = new KMSClient([ 'accessKeyId' => 'my_access_key', 'accessKeySecret' => 'my_access_secret', 'region' => 'eu-central-1', ]);

For all available options, see the configuration reference.


Encrypt plaintext

use AsyncAws\Kms\Enum\EncryptionAlgorithmSpec; use AsyncAws\Kms\Input\EncryptRequest; use AsyncAws\Kms\KmsClient; $kms = new KmsClient(); $output = $kms->encrypt(new EncryptRequest([ 'EncryptionAlgorithm' => EncryptionAlgorithmSpec::SYMMETRIC_DEFAULT, 'KeyId' => '1234abcd-12ab-34cd-56ef-1234567890ab', 'Plaintext' => '{"message": "Hello, World!"}', ])); // binary ciphertext string $ciphertextBlob = $output->getCiphertextBlob();

Decrypt ciphertext

use AsyncAws\Kms\Enum\EncryptionAlgorithmSpec; use AsyncAws\Kms\Input\DecryptRequest; use AsyncAws\Kms\KmsClient; $kms = new KmsClient(); $output = $kms->decrypt(new DecryptRequest([ 'CiphertextBlob' => 'binary-ciphertext-string', 'EncryptionAlgorithm' => EncryptionAlgorithmSpec::SYMMETRIC_DEFAULT, 'KeyId' => '1234abcd-12ab-34cd-56ef-1234567890ab', ])); // binary plaintext string $plaintextBlob = $output->getPlaintext();

Generate data key

use AsyncAws\Kms\Enum\DataKeySpec; use AsyncAws\Kms\Input\GenerateDataKeyRequest; use AsyncAws\Kms\KmsClient; $kms = new KmsClient(); $output = $kms->generateDataKey(new GenerateDataKeyRequest([ 'KeyId' => '1234abcd-12ab-34cd-56ef-1234567890ab', 'KeySpec' => DataKeySpec::AES_256, ])); // binary ciphertext string $ciphertextBlob = $output->getCiphertextBlob(); // binary plaintext string $plaintextBlob = $output->getPlaintext();

The source code to this page is found on GitHub.