我使用SDK 2.8.21版本来使用KMS。
我有一个config.php文件包含
<?php
// File saved as /path/to/custom/config.php
require 'vendor/autoload.php';
use Doctrine'Common'Cache'FilesystemCache;
use Guzzle'Cache'DoctrineCacheAdapter;
// Create a cache adapter that stores data on the filesystem
$cacheAdapter = new DoctrineCacheAdapter(new FilesystemCache('/tmp/cache'));
return array(
'includes' => array('_aws'),
'services' => array(
'default_settings' => array(
'params' => array(
'credentials.cache' => $cacheAdapter
)
)
)
);
下面是我用来做测试加密的test.php文件。
<?php
require 'vendor/autoload.php';
use Aws'Common'Aws;
// Create the AWS service builder, providing the path to the config file
try {
$keyId = '<KMSKEYALIAS>';
$aws = Aws::factory('config.php');
$client = $aws->get('kms');
$result = $client->encrypt(array(
'KeyId' => $keyId,
'Plaintext' => 'This is the song that never ends...'
));
print_r($result);
}
catch ('Exception $e)
{
echo $e->getMessage()."'n'n";
}
当我执行php test.php时,我得到"使用AWS密钥管理服务时需要一个区域"。
认为这可能是服务器IAM问题,我们使用CLI工具进行测试。
aws kms encrypt --key-id <KMSKEYALIAS> --plaintext "1'!2@3#4$5%6^7&8*9(0)-_=+" --query CiphertextBlob --output text | base64 --decode > /tmp/encrypt.txt
/tmp/encrypted.txt包含加密的数据。
我很困惑,真的需要一些帮助来弄清楚这是法律中的错误还是我做错了什么。
我目前无法升级到v3。
正如@cmorrissey提到的,我需要设置区域。在我看来,我读的文档和博客文章并没有说清楚这一点。这个答案是为了防止其他人觉得文档不够清晰。
<?php
// File saved as /path/to/custom/config.php
require 'vendor/autoload.php';
use Doctrine'Common'Cache'FilesystemCache;
use Guzzle'Cache'DoctrineCacheAdapter;
// Create a cache adapter that stores data on the filesystem
$cacheAdapter = new DoctrineCacheAdapter(new FilesystemCache('/tmp/cache'));
return array(
'includes' => array('_aws'),
'services' => array(
'default_settings' => array(
'params' => array(
'region' => 'us-east-1',
'credentials.cache' => $cacheAdapter
)
)
)
);