Reputation: 103
Provide a custom URL to decrypt with KMS
I'm using KMS to encrypt / decrypt data using @aws-crypto/client-node.
I would like to use be able to provide the URL of a custom server to contact for testing purpose. But can't find how to provide this URL using this API. Is it doable ? Here is the current code I use to encrypt/decrypt.
import {
KmsKeyringNode,
buildClient,
CommitmentPolicy,
} from '@aws-crypto/client-node'
// Configuration de la politique de commitment
const { encrypt, decrypt } = buildClient(CommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT);
// Identifiant de la clé KMS (remplacez par votre propre clé)
const generatorKeyId = 'arn:aws:kms:my-key';
// Création du keyring KMS
const keyring = new KmsKeyringNode({ generatorKeyId});
// Données à chiffrer
const plaintext = 'Hello, World!';
// Chiffrement des données
async function encryptData() {
const { result } = await encrypt(keyring, plaintext);
console.log('Encrypted data:', result);
return result;
}
// Déchiffrement des données
async function decryptData(encryptedData: any) {
const { plaintext } = await decrypt(keyring, encryptedData);
console.log('Decrypted data:', plaintext.toString());
}
// Exécution des fonctions
(async () => {
const encryptedData = await encryptData();
await decryptData(encryptedData);
})();
Upvotes: 1
Views: 62
Answers (1)
Reputation: 31
Usually AWS refers to the custom URL as an "endpoint" or "endpoint url". It sounds like you want to use a custom endpoint URL to call a moto server instead of the default AWS API endpoint.
This example shows an example of creating a KMS client with custom configuration:
const client = new KMS({ region: 'us-west-2' })
// ...later, using client in the KeyringNode instantiation
const keyring = new AwsKmsMrkAwareSymmetricDiscoveryKeyringNode({
client,
discoveryFilter,
})
Digging into the reference documentation, the KMS client config takes (among other things), an EndpointInputConfig, which accepts an endpoint string:
The fully qualified endpoint of the webservice. This is only for using a custom endpoint (for example, when using a local version of S3).Endpoint transformations such as S3 applying a bucket to the hostname are still applicable to this custom endpoint.
So in your example, you should be able to add a new client and use it when you create your new KmsKeyringNode:
// Configure a new KMS client with custom endpoint
const customEndpointUrl = "my_custom_endpoint.local" // the default API endpoint is kms.<region>.amazonaws.com
const client = new KMS({ endpoint: customEndpointUrl })
// Création du keyring KMS
const keyring = new KmsKeyringNode({
client, // use the new KMS client configured with custom endpoint
generatorKeyId,
});
Upvotes: 0
Related Questions
- Decrypt text with AWS KMS in NodeJs
- What is the syntax for Typescript arrow functions with generics?
- Interface type check with Typescript
- Decrypt AWS RDS Aurora Activty Stream in Javascript (nodejs)
- How to use OpenSSL to encrypt/decrypt files?
- How do you Encrypt and Decrypt a PHP String?
- AWS KMS Decrypt: How is the KMS Key configured?
- Is it possible to decrypt MD5 hashes?
- AWS KMS Decrypt Error Credstash