The encrypted form will be stored with the encryptedįile. Plaintext form is used to encrypt the data. The example function returns the data key in both its plaintext and encrypted forms. The example creates a data key forĮach file it encrypts, but it’s possible to use a single data key to encrypt multiple files. The data key isĬustomer managed and does not incur an AWS storage cost. To encrypt a file, the example create_data_key function creates a data key.
error ( e ) return None, None # Return the key ID and ARN return response, response Create a data key # create_key ( Description = desc ) except ClientError as e : logging. client ( 'kms' ) try : response = kms_client.
:param desc: key description :return Tuple(KeyId, KeyArn) where: KeyId: AWS globally-unique string ID KeyArn: Amazon Resource Name of the CMK :return Tuple(None, None) if error """ # Create CMK kms_client = boto3. If the example does not find an existing CMK, it creates a new one and returns its ID and ARN.ĭef create_cmk ( desc = 'Customer Master Key' ): """Create a KMS Customer Master Key The created CMK is a Customer-managed key stored in AWS KMS.
error ( e ) return None, None # All existing CMKs were checked and the desired key was not found return None, None Create a customer master key # list_keys ( Marker = response ) except ClientError as e : logging. debug ( 'A CMK with the specified description was not found' ) done = True else : # Yes, retrieve another batch try : response = kms_client. error ( e ) return None, None # Is this the key we're looking for? if key_info = desc : return cmk, cmk # Are there more keys to retrieve? if not response : # No, the CMK was not found logging. describe_key ( KeyId = cmk ) except ClientError as e : logging. error ( e ) return None, None done = False while not done : for cmk in response : # Get info about the key, including its description try : key_info = kms_client. list_keys () except ClientError as e : logging. Def retrieve_cmk ( desc ): """Retrieve an existing KMS CMK based on its description :param desc: Description of CMK specified when the CMK was created :return Tuple(KeyId, KeyArn) where: KeyId: CMK ID KeyArn: Amazon Resource Name of CMK :return Tuple(None, None) if a CMK with the specified description was not found """ # Retrieve a list of existing CMKs # If more than 100 keys exist, retrieve and process them in batches kms_client = boto3.
0 kommentar(er)
