Skip to main content

main/keyring/aws_kms_hierarchical/
version_branch_key_id_example.rs

1// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
2// SPDX-License-Identifier: Apache-2.0
3
4use aws_esdk::key_store::client as keystore_client;
5use aws_esdk::key_store::types::key_store_config::KeyStoreConfig;
6use aws_esdk::key_store::types::KmsConfiguration;
7
8/*
9 This example demonstrates configuring a KeyStore and then
10 uses a helper method to version a branch key.
11*/
12pub async fn version_branch_key_id(
13    key_store_table_name: &str,
14    logical_key_store_name: &str,
15    kms_key_arn: &str,
16    branch_key_id: &str,
17) -> Result<(), crate::BoxError> {
18    // Create a Key Store
19    // The KMS Configuration you use in the KeyStore MUST have the right access to the resources in the KeyStore.
20    let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
21    let key_store_config = KeyStoreConfig::builder()
22        .kms_client(aws_sdk_kms::Client::new(&sdk_config))
23        .ddb_client(aws_sdk_dynamodb::Client::new(&sdk_config))
24        .ddb_table_name(key_store_table_name)
25        .logical_key_store_name(logical_key_store_name)
26        .kms_configuration(KmsConfiguration::KmsKeyArn(kms_key_arn.to_string()))
27        .build()?;
28
29    let keystore = keystore_client::Client::from_conf(key_store_config)?;
30
31    // To version a branch key you MUST have access to kms:ReEncrypt* and kms:GenerateDataKeyWithoutPlaintext
32    keystore
33        .version_key()
34        .branch_key_identifier(branch_key_id)
35        .send()
36        .await?;
37
38    println!("Version Branch Key Example Completed Successfully");
39
40    Ok(())
41}
42
43// Function to test version_branch_key_id in main.rs in examples directory
44pub async fn create_and_version_branch_key_id() -> Result<(), crate::BoxError2> {
45    use super::create_branch_key_id::create_branch_key_id;
46    use crate::example_utils::utils;
47
48    let branch_key_id: String = create_branch_key_id(
49        utils::TEST_KEY_STORE_NAME,
50        utils::TEST_LOGICAL_KEY_STORE_NAME,
51        utils::TEST_KEY_STORE_KMS_KEY_ID,
52    )
53    .await?;
54
55    version_branch_key_id(
56        utils::TEST_KEY_STORE_NAME,
57        utils::TEST_LOGICAL_KEY_STORE_NAME,
58        utils::TEST_KEY_STORE_KMS_KEY_ID,
59        &branch_key_id,
60    )
61    .await?;
62
63    Ok(())
64}
65
66#[tokio::test(flavor = "multi_thread")]
67pub async fn test_version_branch_key_id() -> Result<(), crate::BoxError2> {
68    // Test function for Version Branch Key example
69    create_and_version_branch_key_id().await?;
70    Ok(())
71}