kms_re_encrypt_data.go - AWS Code Sample


Decrypts encrypted data and then immediately re-encrypts data under a new customer master key (CMK).

/* Copyright 2010-2019, Inc. or its affiliates. All Rights Reserved. This file is licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ package main import ( "" "" "fmt" "os" ) func main() { // Initialize a session that the SDK uses to load // credentials from the shared credentials file ~/.aws/credentials // and configuration from the shared configuration file ~/.aws/config. sess := session.Must(session.NewSessionWithOptions(session.Options{ SharedConfigState: session.SharedConfigEnable, })) // Create KMS service client svc := kms.New(sess) // Encrypt data key // // Replace the fictitious key ARN with a valid key ID keyId := "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" // Encrypted data blob := []byte("1234567890") // Re-encrypt the data key result, err := svc.ReEncrypt(&kms.ReEncryptInput{CiphertextBlob: blob, DestinationKeyId: &keyId}) if err != nil { fmt.Println("Got error re-encrypting data: ", err) os.Exit(1) } fmt.Println("Blob (base-64 byte array):") fmt.Println(result.CiphertextBlob) }

Sample Details

Service: kms

Last tested: 2018-03-14

Author: Doug-AWS

Type: full-example