Test processing with AWS KMS on your local PC

A memo when testing the processing using KMS on a local PC.

Things necessary

Source here

Execution procedure

1. Preparation of local-kms

Start local-kms called from AWS SDK in the container.

Since we will test encryption and decryption this time, set the Key used for encryption. Create a seed.yaml file with the local-kms document as it is.

Keys:
  - Metadata:
      KeyId: bc436485-5092-42b8-92a3-0aa8b93536dc
    BackingKeys:
      - 5cdaead27fe7da2de47945d73cd6d79e36494e73802f3cd3869f1d2cb0b5d7a9

Aliases:
  - AliasName: alias/testing
    TargetKeyId: bc436485-5092-42b8-92a3-0aa8b93536dc

After creating yaml, start local-kms.

docker run -p 8080:8080 \
--mount type=bind,source="$(pwd)"/init,target=/init \
nsmithuk/local-kms

2. Preparing the AWS SDK

Specifies to access local-kms from Endpoint Configuration when creating a KMSClient instance. The region can be anything.

    //Specify local KMS for Endpoint.Region is OK anywhere
    AwsClientBuilder.EndpointConfiguration endpointConfig =
        new AwsClientBuilder.EndpointConfiguration("http://localhost:8080/", "ap-northeast-1");

    kmsClient = AWSKMSClientBuilder.standard().withEndpointConfiguration(endpointConfig).build();

After that, call the required method from the generated KMSClient. local-kms performs encryption and decryption just like KMS. You can also register a customer key. It's easy because you don't have to deploy to AWS or set up KMS.

By the way, the called Log on the local-kms side looks like this. Accounts and regions seem appropriate.

Encryption called: arn:aws:kms:eu-west-2:111122223333:key/bc436485-5092-42b8-92a3-0aa8b93536dc

reference

Recommended Posts

Test processing with AWS KMS on your local PC
Connect to AWS RDS from your local PC Docker environment
Run GPU-required batch processing on AWS
[Ruby on Rails] View test with RSpec
[Ruby on Rails] Controller test with RSpec
[Ruby on Rails] Model test with RSpec
Build an environment with Docker on AWS
Environment construction command memo with Docker on AWS