Menu
AWS SDK for Go
Developer Guide

Creating a CMK in AWS Key Management Service

The following example uses the AWS SDK for GoCreateKey method, which implements the CreateKey operation, to create a customer master key (CMK). Since the example only encrypts a small amount of data, a CMK is fine for our purposes. For larger amounts of data, use the CMK to encrypt a data encryption key (DEK).

Copy
import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/kms" "fmt" "os" ) // Create a customer master key (CMK) // Since we are only encrypting small amounts of data (4 KiB or less) directly, // a CMK is fine for our purposes. // For larger amounts of data, // use the CMK to encrypt a data encryption key (DEK). func main() { // Initialize a session in us-west-2 that the SDK will use to load // credentials from the shared credentials file ~/.aws/credentials. sess, err := session.NewSession(&aws.Config{ Region: aws.String("us-west-2")}, ) // Create KMS service client svc := kms.New(sess) // Create the key result, err := svc.CreateKey(&kms.CreateKeyInput{ Tags: []*kms.Tag{ { TagKey: aws.String("CreatedBy"), TagValue: aws.String("ExampleUser"), }, }, }) if err != nil { fmt.Println("Got error creating key: ", err) os.Exit(1) } fmt.Println("ARN: " + *result.KeyMetadata.Arn) }

Choose Copy to save the code locally. See the complete example on GitHub.