in sample/crypto/kms.go [108:159]
func main() {
cfg := oss.LoadDefaultConfig().
WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
WithRegion(region)
client := oss.NewClient(cfg)
kmsRegion := "cn-hangzhou"
kmsAccessKeyId := "access key id"
kmsAccessKeySecret := "access key secret"
kmsKeyId := "kms id"
kmsClient, err := kmssdk.NewClientWithAccessKey(kmsRegion, kmsAccessKeyId, kmsAccessKeySecret, nil)
if err != nil {
log.Fatalf("failed to kms sdk client%v", err)
}
materialDesc := make(map[string]string)
materialDesc["desc"] = "your kms encrypt key material describe information"
masterKmsCipher, err := CreateMasterAliKms3(materialDesc, kmsKeyId, kmsClient)
if err != nil {
log.Fatalf("failed to create master AliKms3 %v", err)
}
eclient, err := oss.NewEncryptionClient(client, masterKmsCipher)
request := &oss.PutObjectRequest{
Bucket: oss.Ptr(bucketName),
Key: oss.Ptr(objectName),
Body: strings.NewReader("hi kms"),
}
result, err := eclient.PutObject(context.TODO(), request)
if err != nil {
log.Fatalf("failed to put object with encryption client %v", err)
}
log.Printf("put object with encryption client result:%#v\n", result)
getRequest := &oss.GetObjectRequest{
Bucket: oss.Ptr(bucketName),
Key: oss.Ptr(objectName),
}
getResult, err := eclient.GetObject(context.TODO(), getRequest)
if err != nil {
log.Fatalf("failed to get object with encryption client %v", err)
}
defer getResult.Body.Close()
data, err := ioutil.ReadAll(getResult.Body)
if err != nil {
log.Fatalf("failed to read all %v", err)
}
log.Printf("get object data:%s\n", data)
}