To make KMS instance API requests with the SDK, you must first initialize a client.
Initialize the client
import com.aliyun.dkms.gcs.openapi.models.Config;
import com.aliyun.dkms.gcs.sdk.Client;
public static void initClient() throws Exception {
// The protocol must be "https". The KMS instance service only allows access over HTTPS.
Config config = new Config();
config.setProtocol("https");
// Path to the ClientKey file.
config.setClientKeyFile("<YOUR_CLIENT_KEY_FILE>");
// Password for the ClientKey.
config.setPassword("<YOUR_PASSWORD>");
// Set the endpoint to <your-kms-instance-id>.cryptoservice.kms.aliyuncs.com.
config.setEndpoint("<YOUR_ENDPOINT>");
// The CA certificate of the KMS instance. You can specify a file path or the content directly.
config.setCaFilePath("<PATH_TO_YOUR_CACERT>");
// Alternatively, you can set the CA certificate content.
//config.setCa("<your-ca-certificate-content");
client = new Client(config);
}
A CA certificate is critical for securing communication in a production environment. It validates the authenticity of the SSL/TLS certificate. We recommend always keeping this verification enabled. If you must disable SSL/TLS certificate verification, for example, in an offline testing environment, you can set the IgnoreSSL field of the RuntimeOptions parameter to true.
Parameters
Endpoint
The domain name of the KMS instance.
-
On the Instances page, click the Software Key Management or Hardware Key Management tab, and then select the target KMS instance.
-
Click the instance ID to go to the details page and view the Instance VPC Endpoint. In the Basic Information section of the instance details page, view the Instance VPC Endpoint field. This address is the endpoint of the instance, and is in a format such as
kst-xxx.cryptoservice.kms.aliyuncs.com.
ClientKey file path
The path to your application's credential file. When you create a ClientKey, the file is downloaded automatically by your browser. The default filename is clientKey_****.json.
Password
The password for the ClientKey. When you create a ClientKey, a password file is downloaded automatically by your browser. The default filename is clientKey_****_Password.txt.
Ca and caFilePath
The CA certificate of the KMS instance.
On the Instances page, click the Software Key Management or Hardware Key Management tab, and then select the target KMS instance.
Click the instance ID or click Details in the Actions column. On the Details page, in the Instance CA Certificate section, click Download and save the certificate securely.
NoteThe downloaded CA certificate file is named
PrivateKmsCA_kst-******.pemby default.