All Products
Search

This Product

    Key Management Service:Initialize client

    Document Center

    Key Management Service:Initialize client

    Last Updated:Feb 13, 2025

    To initiate an API request using the Key Management Service (KMS) instance SDK, you must first initialize the Go client. This topic describes the steps to do so.

    Sample code

    using System;

string regionId = "<REGION_ID>";

// The CA certificate of the KMS instance.
string caFilePath = "<CA_CERTIFICATE>";

// Set the endpoint to <your KMS Instance Id>.cryptoservice.kms.aliyuncs.com.
string endpoint = "<ENDPOINT>";

// Set the Client Key and the security token of the Client Key.
AlibabaCloud.Dkms.Gcs.OpenApi.Models.Config kmsInstanceConfig = CreateKmsInstanceConfig(AlibabaCloud.DarabonbaEnv.Client.GetEnv("ClientKeyFile"), AlibabaCloud.DarabonbaEnv.Client.GetEnv("Password"), endpoint, caFilePath);
AlibabaCloud.Dkms.Gcs.Sdk.Client client = CreateClient(kmsInstanceConfig);
    Important

    Configuring the instance CA certificate is important for securing communications in a production environment by verifying the SSL/TLS certificate's authenticity. We recommend keeping this security measure enabled at all times. If you must disable SSL/TLS certificate verification, such as for offline testing, you can do so by setting the IgnoreSSL field in the RuntimeOptions parameter to true.

    Parameter description

    endpoint

    The endpoint refers to a dedicated gateway endpoint, representing the domain address of the KMS instance.

    1. Navigate to the Instances page, click on either the Software Key Management or Hardware Key Management tab, then click the KMS instance you want.

    2. In the Basic Information section, find the endpoint in the Instance VPC Endpoint field.image

    ClientKeyFile

    The ClientKeyFile is where the application's identity credentials are stored. Upon creation of the ClientKey, it will be automatically downloaded by the browser, typically with a default filename like clientKey_****.json.

    Password

    The Password is the security token for the ClientKey. Similar to the ClientKey, it will be automatically downloaded by the browser upon creation, with a default filename such as clientKey_****_Password.txt.

    CaFilePath

    The CaFilePath refers to the CA certificate that is associated with the KMS instance.

    1. On the Instances page, locate the Instance CA Certificate section and click Download.

    2. In the Instance CA Certificate dialog box, select the instance ID, click Download, and store it securely.

      The default filename for the downloaded CA certificate is PrivateKmsCA_kst-******.pem.image