English | 简体中文

Alibaba Cloud Dedicated KMS Transfer SDK for Go can help Golang developers to migrate from the KMS keys to the Dedicated KMS keys.

• Alibaba Cloud Dedicated KMS Homepage
• Sample Code
• Issues
• Release

• Dedicated KMS provides a tenant-specific instance that is deployed in the VPC of a tenant to allow access over an internal network.
• Dedicated KMS uses a tenant-specific cryptographic resource pool to implement resource isolation and cryptographic isolation. This improves security.
• Dedicated KMS simplifies the management of HSMs. You can use the stable, easy-to-use upper-layer key management features and cryptographic operations provided by Dedicated KMS to manage your HSMs.
• Dedicated KMS allows you to integrate your HSMs with Alibaba Cloud services in a seamless manner. This delivers secure and controllable encryption capabilities for Alibaba Cloud services. For more information, see Alibaba Cloud services that can be integrated with KMS.
• Reduce the cost of migrating the Shared KMS keys to Dedicated KMS keys.

• Golang 1.12 or later.

If you use go mod to manage your dependence, You can declare the dependency on AlibabaCloud DKMS SDK for Go in the go.mod file:

require (
	github.com/aliyun/alibabacloud-dkms-transfer-go-sdk v0.1.8
)

Or, Run the following command to get the remote code package:

$ go get -u github.com/aliyun/alibabacloud-dkms-transfer-go-sdk

Alibaba Cloud Dedicated KMS Transfer SDK for Go transfers the the following method of request to dedicated KMS vpc gateway by default.

• Encrypt
• Decrypt
• GenerateDataKey
• GenerateDataKeyWithoutPlaintext
• GetPublicKey
• AsymmetricEncrypt
• AsymmetricDecrypt
• AsymmetricSign
• AsymmetricVerify
• GetSecretValue

package example

import (
	"fmt"
	"github.com/alibabacloud-go/tea/tea"
	"github.com/aliyun/alibaba-cloud-sdk-go/services/kms"
	dedicatedkmsopenapi "github.com/aliyun/alibabacloud-dkms-gcs-go-sdk/openapi"
	"github.com/aliyun/alibabacloud-dkms-transfer-go-sdk/sdk"
	"io/ioutil"
)

func main() {
	config := &dedicatedkmsopenapi.Config{
		Protocol:         tea.String("https"),
		ClientKeyContent: tea.String("<your client key content>"),
		Password:         tea.String("<your client key password>"),
		Endpoint:         tea.String("<your dkms instance service endpoint>"),
	}
	client, err := sdk.NewClientWithAccessKey("<your region id>", "<your access key id>", "<your access key secret>", config)
	if err != nil {
		panic(err)
	}
	
	// verify CA cert
	ca, err := ioutil.ReadFile("path/to/caCert.pem")
	if err != nil {
		panic(err)
	}
	client.SetVerify(string(ca))
	// or, ignore CA cert
	//client.SetHTTPSInsecure(true)

	request := kms.CreateEncryptRequest()
	request.KeyId = "<your key id>"
	request.Plaintext = "<your plaintext>"

	result, err := client.Encrypt(request)
	if err != nil {
		panic(err)
	}
	fmt.Println(result)
}

Apache-2.0

Copyright (c) 2009-present, Alibaba Cloud All rights reserved.