All Products
Search

This Product

    Key Management Service:Sample code for retrieving the secret value

    Document Center

    Key Management Service:Sample code for retrieving the secret value

    Last Updated:Feb 12, 2025

    After initializing the KMS instance SDK client, you can use it to call the GetSecretValue API for retrieving the secret value. This topic provides code examples for this.

    Complete example

    package main

import (
	"fmt"
	"github.com/alibabacloud-go/tea/tea"
	dedicatedkmsopenapi "github.com/aliyun/alibabacloud-dkms-gcs-go-sdk/openapi"
	dedicatedkmsopenapiutil "github.com/aliyun/alibabacloud-dkms-gcs-go-sdk/openapi-util"
	dedicatedkmssdk "github.com/aliyun/alibabacloud-dkms-gcs-go-sdk/sdk"
	"io/ioutil"
)

func main() {
	// secret name.
	secretName := "<DKMS_SECRET_NAME>"

	// Create KMS instance SDK client object.
	client := getDkmsClientByClientKeyContent()
	//client := getDkmsClientByClientKeyFile()

	getSecretValueRequest := &dedicatedkmssdk.GetSecretValueRequest{
		SecretName: tea.String(secretName),
	}
	// Verify the server certificate.
	ca, err := ioutil.ReadFile("path/to/caCert.pem")
	if err != nil {
		panic(err)
	}
	runtimeOptions := &dedicatedkmsopenapiutil.RuntimeOptions{
		Verify: tea.String(string(ca)),
	}
	// Or, ignore the certificate.
	//runtimeOptions := &dedicatedkmsopenapiutil.RuntimeOptions{
	//	IgnoreSSL: tea.Bool(true),
	//}

	// Call the API to retrieve the secret value.
	response, err := client.GetSecretValueWithOptions(getSecretValueRequest, runtimeOptions)
	if err != nil {
		panic(err)
	}

	// secret name.
	_secretName := tea.StringValue(response.SecretName)
	// secret value.
	_secretData := tea.StringValue(response.SecretData)
	// Request ID.
	_RequestId := tea.StringValue(response.RequestId)

	fmt.Println("SecretName:", _secretName)
	//fmt.Println("SecretData:", _secretData)
	fmt.Println("RequestId:", _RequestId)
}

// Create KMS instance SDK client object using ClientKey content.
func getDkmsClientByClientKeyContent() *dedicatedkmssdk.Client {
	// Create KMS instance SDK client configuration
	config := &dedicatedkmsopenapi.Config{
	        // Set the connection protocol to "https". KMS instance service only allows access through HTTPS protocol.
		Protocol: tea.String("https"),
		// Replace with the content of the ClientKey file.
		ClientKeyContent: tea.String("<CLIENT_KEY_CONTENT>"),
		// Replace with the encryption password entered when creating the ClientKey.
		Password: tea.String("<CLIENT_KEY_PASSWORD>"),
		// Set the endpoint to <your KMS Instance Id>.cryptoservice.kms.aliyuncs.com.
		Endpoint: tea.String("<ENDPOINT>"),
	}
	// Create KMS instance SDK client object.
	client, err := dedicatedkmssdk.NewClient(config)
	if err != nil {
		// Handle exceptions
		panic(err)
	}
	return client
}

// Create KMS instance SDK client object using ClientKey file path.
func getDkmsClientByClientKeyFile() *dedicatedkmssdk.Client {
	// Create DKMS client configuration.
	config := &dedicatedkmsopenapi.Config{
		// Set the connection protocol to "https". KMS instance service only allows access through HTTPS protocol.
		Protocol: tea.String("https"),
		// Replace with the path of the ClientKey fil
		ClientKeyFile: tea.String("<CLIENT_KEY_FILE>"),
		// Replace with the encryption password entered when creating the ClientKey.
		Password: tea.String("<CLIENT_KEY_PASSWORD>"),
                 // Set the endpoint to <your KMS Instance Id>.cryptoservice.kms.aliyuncs.com.
		Endpoint: tea.String("ENDPOINT"),
	}
	// Create KMS instance SDK client object.
	client, err := dedicatedkmssdk.NewClient(config)
	if err != nil {
		// Handle exceptions
		panic(err)
	}
	return client
}

    Example walkthrough

    Initialize client

    You can create a KMS instance SDK client object using either ClientKey content or a ClientKey file path.

    import (
    dedicatedkmsopenapi "github.com/aliyun/alibabacloud-dkms-gcs-go-sdk/openapi"
    dedicatedkmssdk "github.com/aliyun/alibabacloud-dkms-gcs-go-sdk/sdk"
  "github.com/alibabacloud-go/tea/tea"
)

// Use ClientKey content to create a KMS instance SDK client object.
func getDkmsClientByClientKeyContent() *dedicatedkmssdk.Client {
	// Create KMS instance SDK client configuration.
	config := &dedicatedkmsopenapi.Config{
	        // Set the connection protocol to "https". The KMS instance service only allows access through the HTTPS protocol.
		Protocol: tea.String("https"),
		// Replace with the content of the ClientKey file.
		ClientKeyContent: tea.String("<CLIENT_KEY_CONTENT>"),
		// Replace with the encryption password entered when creating the ClientKey.
		Password: tea.String("<CLIENT_KEY_PASSWORD>"),
		// Set the endpoint to <KMS_INSTANCE_ID>.cryptoservice.kms.aliyuncs.com.
		Endpoint: tea.String("<ENDPOINT>"),
	}
	// Create a KMS instance SDK client object.
	client, err := dedicatedkmssdk.NewClient(config)
	if err != nil {
		// Abnormal handling.
		panic(err)
	}
	return client
}

// Use ClientKey file path to create a KMS instance SDK client object.
func getDkmsClientByClientKeyFile() *dedicatedkmssdk.Client {
	// Create DKMS client configuration.
	config := &dedicatedkmsopenapi.Config{
		// Set the connection protocol to "https". The KMS instance service only allows access through the HTTPS protocol.
		Protocol: tea.String("https"),
		// Replace with the path of the ClientKey file.
		ClientKeyFile: tea.String("<CLIENT_KEY_FILE>"),
		// Replace with the encryption password entered when creating the ClientKey.
		Password: tea.String("<CLIENT_KEY_PASSWORD>"),
                 // Set the endpoint to <KMS_INSTANCE_ID>.cryptoservice.kms.aliyuncs.com.
		Endpoint: tea.String("ENDPOINT"),
	}
	// Create a KMS instance SDK client object.
	client, err := dedicatedkmssdk.NewClient(config)
	if err != nil {
		// Abnormal handling.
		panic(err)
	}
	return client
}

    Call the GetSecretValue API

    func main() {
	// secret name
	secretName := "<DKMS_SECRET_NAME>"

	// Create KMS instance SDK client object
	client := getDkmsClientByClientKeyContent()
	//client := getDkmsClientByClientKeyFile()

	getSecretValueRequest := &dedicatedkmssdk.GetSecretValueRequest{
		SecretName: tea.String(secretName),
	}
	// Verify the server certificate
	ca, err := ioutil.ReadFile("path/to/caCert.pem")
	if err != nil {
		panic(err)
	}
	runtimeOptions := &dedicatedkmsopenapiutil.RuntimeOptions{
		Verify: tea.String(string(ca)),
	}
	// Or, ignore the certificate
	//runtimeOptions := &dedicatedkmsopenapiutil.RuntimeOptions{
	//	IgnoreSSL: tea.Bool(true),
	//}

	// Call the interface to retrieve the secret value
	response, err := client.GetSecretValueWithOptions(getSecretValueRequest, runtimeOptions)
	if err != nil {
		panic(err)
	}

	// secret name
	_secretName := tea.StringValue(response.SecretName)
	// secret value
	_secretData := tea.StringValue(response.SecretData)
	// Request ID
	_RequestId := tea.StringValue(response.RequestId)

	fmt.Println("SecretName:", _secretName)
	//fmt.Println("SecretData:", _secretData)
	fmt.Println("RequestId:", _RequestId)
}