ali-kms
Install
$ npm i ali-kms -SUsage as command
install
$ npm i -g ali-kms$ ali-kms --help ali-kms use $HOME/.kmsconfig as default config file.
example config file
accessKey=accessKeyaccessSecret=accessSecretregion=cn-shanghaiUsage as package
Prepare
You need create a new RAM strategy to manager kms.
This case have all privileges to manager kms. You can customize strategy follow the RAM doc.
Regions
| Name | ReginId | Publish Domain | VPC Domain |
|---|---|---|---|
| 华东1 | cn-hangzhou | kms.cn-hangzhou.aliyuncs.com | kms-vpc.cn-hangzhou.aliyuncs.com |
| 华东2 | cn-shanghai | kms.cn-shanghai.aliyuncs.com | kms-vpc.cn-shanghai.aliyuncs.com |
| 华东2(上海金融云) | cn-shanghai-finance-1 | kms.cn-shanghai-finance-1.aliyuncs.com | kms-vpc.cn-shanghai-finance-1.aliyuncs.com |
| 华北1(青岛) | cn-qingdao | kms.cn-qingdao.aliyuncs.com | kms-vpc.cn-qingdao.aliyuncs.com |
| 华北2 | cn-beijing | kms.cn-beijing.aliyuncs.com | kms-vpc.cn-beijing.aliyuncs.com |
| 华北3(张家口) | cn-zhangjiakou | kms.cn-zhangjiakou.aliyuncs.com | kms-vpc.cn-zhangjiakou.aliyuncs.com |
| 华北5(呼和浩特) | cn-huhehaote | kms.cn-huhehaote.aliyuncs.com | kms-vpc.cn-huhehaote.aliyuncs.com |
| 华南1 | cn-shenzhen | kms.cn-shenzhen.aliyuncs.com | kms-vpc.cn-shenzhen.aliyuncs.com |
| 华南1(深圳金融云) | cn-shenzhen-finance-1 | kms.cn-shenzhen-finance-1.aliyuncs.com | kms-vpc.cn-shenzhen-finance-1.aliyuncs.com |
| 香港 | cn-hongkong | kms.cn-hongkong.aliyuncs.com | kms-vpc.cn-hongkong.aliyuncs.com |
| 亚太东北(日本) | ap-northeast-1 | kms.ap-northeast-1.aliyuncs.com | kms-vpc.ap-northeast-1.aliyuncs.com |
| 亚太东南(悉尼) | ap-southeast-2 | kms.ap-southeast-2.aliyuncs.com | kms-vpc.ap-southeast-2.aliyuncs.com |
| 亚太东南(新加坡) | ap-southeast-1 | kms.ap-southeast-1.aliyuncs.com | kms-vpc.ap-southeast-1.aliyuncs.com |
| 亚太东南(马来西亚) | ap-southeast-3 | kms.ap-southeast-3.aliyuncs.com | kms-vpc.ap-southeast-3.aliyuncs.com |
| 欧洲中部(法兰克福) | eu-central-1 | kms.eu-central-1.aliyuncs.com | kms-vpc.eu-central-1.aliyuncs.com |
| 中东东部(迪拜) | me-east-1 | kms.me-east-1.aliyuncs.com | kms-vpc.me-east-1.aliyuncs.com |
Create A Kms Client
KMS(options)
Create A KMS Client
options:
- accessKey {String} access key
- accessSecret {String} access secret
- [region] {String} region to using kms
- [endpoint] {String} region domain. if you have region in options, endpoint will auto generate.
- [vpc] {Boolean} if you use kms in vpc, make vpc to be
true - [timeout] {Number} request timeout
Example:
const KMS = ;const options = accessKey: 'abc' accessSecret: 'abc' region: 'cn-hangzhou' // endpoint: 'kms-vpc.cn-hangzhou.aliyuncs.com' vpc: true timeout: 6000const kms = ;Operations
.describeRegions(options)
List all available regions
Parameters:
- [options] {Object} request options
- timeout {Number} request timeout, Unit: ms
Example:
const regions = await kms; const RegionId} = regions0; .createKey(params, options)
Create an encrypt/decrypt key
Parameters:
- params {Object} create key params
- description {String} key description
- [options] {Object} request options
- timeout {Number} request timeout, Unit: ms
Example:
const KeyId = await kms;.listKeys(params, options)
List all keys
Parameters:
- [params] list params
- [pageNumber=1] {Number} page number
- [pageSize=10] {Number} page size
- [options] {Object} request options
- timeout {Number} request timeout, Unit: ms
Example:
const List TotalCount PageNumber PageSize = await kms;.describeKey(keyId, options)
Get detail of key
Parameters:
- keyId {String} key id
- [options] {Object} request options
- timeout {Number} request timeout, Unit: ms
Example:
const CreationDate Description KeyId KeyState KeyUsage DeleteDate Creator } = await kms; .encrypt(keyId, params, options)
Encrypt plaintext
Parameters:
- keyId {String} encrypt key
- params {Object} encrypt params
- plaintext {String} plaintext to encrypt
- [context] {Object} platten json, encryption context
- [options] {Object} request options
- timeout {Number} request timeout, Unit: ms
Example:
const keyId = 'you key id'const CiphertextBlob = await kms;.decrypt(params, options)
Decrypt ciphertext
Parameters:
- params {Object} params for descrypt
- ciphertext {String} ciphertext to decrypt
- [context] {Object} decryption context
- [options] {Object} request options
- timeout {Number} request timeout, Unit: ms
Example:
const Plaintext = await kms;.generateDataKey(keyId, params, options)
Create a pair plain/cipher for encryption
Parameters:
- keyId {String} key id
- params {Object} generate date key params
- keySpec {String} algorithm to encrypt/decrypt, AES_256 or AES_128
- [length] {Number} encrypt key length
- [options] {Object} request options
- timeout {Number} request timeout, Unit: ms
Example:
const KEY_SPEC = KEY_SPECconst Plaintext CiphertextBlob = await kms;.scheduleKeyDeletion(keyId, delayDays, options)
Delete key after delay days(7~30)
Parameters:
- keyId {String} key id
- delayDays {Number} delay days, min: 7, max: 30
- [options] {Object} request options
- timeout {Number} request timeout, Unit: ms
Example:
await kms;.cancelKeyDeletion(keyId, options)
Cancel schedule deletion
Parameters:
- keyId {String} key id
- [options] {Object} request options
- timeout {Number} request timeout, Unit: ms
Example:
await kms;.enableKey(keyId, options)
Enable disabled key
Parameters:
- keyId {String} key id
- [options] {Object} request options
- timeout {Number} request timeout, Unit: ms
Example:
await kms;.disableKey(keyId, options)
Disable key
Parameters:
- keyId {String} key id
- [options] {Object} request options
- timeout {Number} request timeout, Unit: ms
Example:
await kms;License
MIT