すべてのプロダクト
Search

このプロダクト

    Key Management Service:シークレット値の取得例

    ドキュメントセンター

    Key Management Service:シークレット値の取得例

    最終更新日:Jan 20, 2025

    KMSインスタンスSDKクライアントが初期化されると、クライアントを使用してGetSecretValue APIを呼び出し、シークレット値を取得できます。 このトピックでは、このプロセスのコード例を示します。

    完全なコード例

    GetSecretValue APIを呼び出して、シークレット値を取得します。

    GitHubで入手可能なソースコード: GetSecretValueSample.java

    シークレット値を取得するための完全なコード例

    package com.aliyun.dkms.gcs.sdk.example;

import com.aliyun.dkms.gcs.openapi.models.Config;
import com.aliyun.dkms.gcs.openapi.util.models.RuntimeOptions;
import com.aliyun.dkms.gcs.sdk.Client;
import com.aliyun.dkms.gcs.sdk.models.GetSecretValueRequest;
import com.aliyun.dkms.gcs.sdk.models.GetSecretValueResponse;
import com.aliyun.tea.TeaException;

/**
 * Example of obtaining credential
 */
public class GetSecretValueSample {
		/**
		 * KMS instance client object
	 */	
    private static Client client = null;

    public static void main(String[] args) {
        try {
            // Construct KMS instance client object
            initClient();

            String secretName = "<SECRET_NAME>";

            // Example of obtaining credential
            getSecretValueSample(secretName);

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    /**
     * Initialize client
     * @throws Exception
     */
    public static void initClient() throws Exception {
       // Set the connection protocol to "https". The KMS instance service only allows access through the HTTPS protocol.
        Config config = new Config();
        config.setProtocol("https");
    
        // Client key.
        config.setClientKeyFile("<your-client-key-file>");
     
         // Client key security token.
        config.setPassword("<your-password>");
       
         // Set the endpoint to <your KMS Instance Id>.cryptoservice.kms.aliyuncs.com.
        config.setEndpoint("<your-endpoint>");
        
        // The CA certificate of the KMS instance. You can specify the path to the CA certificate file or enter the content of the CA certificate.
        config.setCaFilePath("<path/to/yourCaCert>");
        // Alternatively, set it to the CA certificate content of the KMS instance
        //config.setCa("<your-ca-certificate-content");
        client = new Client(config);
    }

    /**
     * Example of obtaining credential
     * @param secretName
     */
    private static void getSecretValueSample(String secretName) {
        GetSecretValueRequest request = new GetSecretValueRequest()
                .setSecretName(secretName);
        try {
            // If you need to ignore the server certificate, you can use the commented code here to invoke
            //RuntimeOptions runtimeOptions = new RuntimeOptions();
            //runtimeOptions.setIgnoreSSL(true);
            //GetSecretValueResponse getSecretValueResponse = client.getSecretValueWithOptions(request, runtimeOptions);
            GetSecretValueResponse getSecretValueResponse = client.getSecretValue(request);
            System.out.printf("SecretName: %s%n", getSecretValueResponse.getSecretName());
            // System.out.printf("SecretData: %s%n", getSecretValueResponse.getSecretData());
            System.out.printf("VersionStages: %s%n", getSecretValueResponse.getVersionStages());
            System.out.printf("RequestId: %s%n", getSecretValueResponse.getRequestId());
        } catch (Exception e) {
            if (e instanceof TeaException) {
                System.out.printf("Code: %s%n", ((TeaException) e).getCode());
                System.out.printf("Message: %s%n", ((TeaException) e).getMessage());
                System.out.printf("HttpCode: %s%n", ((TeaException) e).getData().get("httpCode"));
                System.out.printf("HostId: %s%n", ((TeaException) e).getData().get("hostId"));
                System.out.printf("RequestId: %s%n", ((TeaException) e).getData().get("requestId"));
            }
            e.printStackTrace();
        }
    }
}

    コード例の分析

    クライアントの初期化

    詳細については、「クライアントの初期化」をご参照ください。

    import com.aliyun.dkms.gcs.openapi.models.Config;
import com.aliyun.dkms.gcs.sdk.Client;

                           
 public static void initClient() throws Exception {

        // The connection protocol. Set the value to https. The KMS instance service only allows access through the HTTPS protocol.
        Config config = new Config();
        config.setProtocol("https");
    
        // Client key.
        config.setClientKeyFile("<CLIENT_KEY_FILE>");
     
         // Client key security token.
        config.setPassword("<PASSWORD>");
       
         // The endpoint of your KMS instance. Set the value in the following format: <ID of your KMS instance >.cryptoservice.kms.aliyuncs.com.
        config.setEndpoint("<ENDPOINT>");
        
        // The certificate authority (CA) certificate of the KMS instance. You can specify the path to the CA certificate file or enter the content of the CA certificate.
        config.setCaFilePath("<CA_CERTIFICATE_PATH>");
        // Alternatively, set the content of the CA certificate of the KMS instance
        //config.setCa("<CA_CERTIFICATE_CONTENT");
        client = new Client(config);
    }

    GetSecretValue APIを呼び出して、シークレット値を取得します。

        /**
     * Example of obtaining credential
     * @param secretName
     */
    private static void getSecretValueSample(String secretName) {
        GetSecretValueRequest request = new GetSecretValueRequest()
                .setSecretName(secretName);
        try {
            // If you need to ignore the server certificate, you can use the commented code here to invoke
            //RuntimeOptions runtimeOptions = new RuntimeOptions();
            //runtimeOptions.setIgnoreSSL(true);
            //GetSecretValueResponse getSecretValueResponse = client.getSecretValueWithOptions(request, runtimeOptions);
            GetSecretValueResponse getSecretValueResponse = client.getSecretValue(request);
            System.out.printf("SecretName: %s%n", getSecretValueResponse.getSecretName());
         // System.out.printf("SecretData: %s%n", getSecretValueResponse.getSecretData());
            System.out.printf("VersionStages: %s%n", getSecretValueResponse.getVersionStages());
            System.out.printf("RequestId: %s%n", getSecretValueResponse.getRequestId());
        } catch (Exception e) {
            if (e instanceof TeaException) {
                System.out.printf("Code: %s%n", ((TeaException) e).getCode());
                System.out.printf("Message: %s%n", ((TeaException) e).getMessage());
                System.out.printf("HttpCode: %s%n", ((TeaException) e).getData().get("httpCode"));
                System.out.printf("HostId: %s%n", ((TeaException) e).getData().get("hostId"));
                System.out.printf("RequestId: %s%n", ((TeaException) e).getData().get("requestId"));
            }
            e.printStackTrace();
        }
    }
}