Working with aliases using the AWS KMS API and the AWS SDK for PHP Version 3 - AWS SDK for PHP
CredentialsCreate an aliasView an aliasUpdate an aliasDelete an alias

Working with aliases using the AWS KMS API and the AWS SDK for PHP Version 3

AWS Key Management Service (AWS KMS) provides an optional display name for an AWS KMS key called an alias.

The following examples show how to:

All the example code for the AWS SDK for PHP is available here on GitHub.

Credentials

Before running the example code, configure your AWS credentials, as described in Credentials. Then import the AWS SDK for PHP, as described in Basic usage.

For more information about using AWS Key Management Service (AWS KMS), see the AWS KMS Developer Guide.

Create an alias

To create an alias for a KMS key, use the CreateAlias operation. The alias must be unique in the account and AWS Region. If you create an alias for a KMS key that already has an alias, CreateAlias creates another alias to the same KMS key. It doesn’t replace the existing alias.

Imports 


require 'vendor/autoload.php';

use Aws\Exception\AwsException;

Sample Code 

$KmsClient = new Aws\Kms\KmsClient([
    'profile' => 'default',
    'version' => '2014-11-01',
    'region' => 'us-east-2'
]);

$keyId = 'arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab';
$aliasName = "alias/projectKey1";

try {
    $result = $KmsClient->createAlias([
        'AliasName' => $aliasName,
        'TargetKeyId' => $keyId,
    ]);
    var_dump($result);
} catch (AwsException $e) {
    // output error message if fails
    echo $e->getMessage();
    echo "\n";
}

View an alias

To list all aliases in the caller's AWS account and AWS Region, use the ListAliases operation.

Imports 


require 'vendor/autoload.php';

use Aws\Exception\AwsException;

Sample Code 

$KmsClient = new Aws\Kms\KmsClient([
    'profile' => 'default',
    'version' => '2014-11-01',
    'region' => 'us-east-2'
]);

$limit = 10;

try {
    $result = $KmsClient->listAliases([
        'Limit' => $limit,
    ]);
    var_dump($result);
} catch (AwsException $e) {
    // output error message if fails
    echo $e->getMessage();
    echo "\n";
}

Update an alias

To associate an existing alias with a different KMS key, use the UpdateAlias operation.

Imports 


require 'vendor/autoload.php';

use Aws\Exception\AwsException;

Sample Code 

$KmsClient = new Aws\Kms\KmsClient([
    'profile' => 'default',
    'version' => '2014-11-01',
    'region' => 'us-east-2'
]);

$keyId = 'arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab';
$aliasName = "alias/projectKey1";

try {
    $result = $KmsClient->updateAlias([
        'AliasName' => $aliasName,
        'TargetKeyId' => $keyId,
    ]);
    var_dump($result);
} catch (AwsException $e) {
    // output error message if fails
    echo $e->getMessage();
    echo "\n";
}

Delete an alias

To delete an alias, use the DeleteAlias operation. Deleting an alias has no effect on the underlying KMS key.

Imports 


require 'vendor/autoload.php';

use Aws\Exception\AwsException;

Sample Code 

$KmsClient = new Aws\Kms\KmsClient([
    'profile' => 'default',
    'version' => '2014-11-01',
    'region' => 'us-east-2'
]);

$aliasName = "alias/projectKey1";

try {
    $result = $KmsClient->deleteAlias([
        'AliasName' => $aliasName,
    ]);
    var_dump($result);
} catch (AwsException $e) {
    // output error message if fails
    echo $e->getMessage();
    echo "\n";
}