KMS client

This page contains examples with the KMS client. See the client introduction for a more detailed description how to use a client. You may also want to consider the authentication documentation to understand the many ways you can authenticate with AWS.

The KMS package could be installed with Composer. 

composer require async-aws/kms

A new client object may be instantiated by: 

use AsyncAws\KMS\KMSClient;

$kMS = new KMSClient();

The authentication parameters is read from the environment by default. You can also specify a AWS access id and secret: 

use AsyncAws\KMS\KMSClient;

$kMS = new KMSClient([
    'accessKeyId' => 'my_access_key',
    'accessKeySecret' => 'my_access_secret',
    'region' => 'eu-central-1',
]);

For all available options, see the configuration reference.

Usage

Encrypt plaintext

use AsyncAws\Kms\Enum\EncryptionAlgorithmSpec;
use AsyncAws\Kms\Input\EncryptRequest;
use AsyncAws\Kms\KmsClient;

$kms = new KmsClient();

$output = $kms->encrypt(new EncryptRequest([
    'EncryptionAlgorithm' => EncryptionAlgorithmSpec::SYMMETRIC_DEFAULT,
    'KeyId' => '1234abcd-12ab-34cd-56ef-1234567890ab',
    'Plaintext' => '{"message": "Hello, World!"}',
]));

// binary ciphertext string
$ciphertextBlob = $output->getCiphertextBlob();

Decrypt ciphertext

use AsyncAws\Kms\Enum\EncryptionAlgorithmSpec;
use AsyncAws\Kms\Input\DecryptRequest;
use AsyncAws\Kms\KmsClient;

$kms = new KmsClient();

$output = $kms->decrypt(new DecryptRequest([
    'CiphertextBlob' => 'binary-ciphertext-string',
    'EncryptionAlgorithm' => EncryptionAlgorithmSpec::SYMMETRIC_DEFAULT,
    'KeyId' => '1234abcd-12ab-34cd-56ef-1234567890ab',
]));

// binary plaintext string
$plaintextBlob = $output->getPlaintext();

Generate data key

use AsyncAws\Kms\Enum\DataKeySpec;
use AsyncAws\Kms\Input\GenerateDataKeyRequest;
use AsyncAws\Kms\KmsClient;

$kms = new KmsClient();

$output = $kms->generateDataKey(new GenerateDataKeyRequest([
    'KeyId' => '1234abcd-12ab-34cd-56ef-1234567890ab',
    'KeySpec' => DataKeySpec::AES_256,
]));

// binary ciphertext string
$ciphertextBlob = $output->getCiphertextBlob();

// binary plaintext string
$plaintextBlob = $output->getPlaintext();

The source code to this page is found on GitHub.