private static async Task Decrypt(KmsCryptoClient kmsCryptoClient, string keyId, string cipherText)
{
logger.Info("Decrypt");
DecryptDataDetails decryptDataDetails = new DecryptDataDetails
{
Ciphertext = cipherText,
KeyId = keyId,
LoggingContext = GetSampleLoggingContext()
};
DecryptRequest decryptRequest = new DecryptRequest
{
DecryptDataDetails = decryptDataDetails
};
DecryptResponse decryptResponse = await kmsCryptoClient.Decrypt(decryptRequest);
logger.Info($"Decrypted text: {decryptResponse.DecryptedData.Plaintext}");
}
protected override void ProcessRecord()
{
base.ProcessRecord();
client?.Dispose();
client = new KmsCryptoClient(AuthProvider, new Oci.Common.ClientConfiguration
{
RetryConfiguration = retryConfig,
TimeoutMillis = TimeOutInMillis,
ClientUserAgent = PSUserAgent
});
try
{
WriteDebug("Choosing Endpoint:" + Endpoint);
client.SetEndpoint(Endpoint);
}
catch (Exception ex)
{
TerminatingErrorDuringExecution(ex);
}
}
private static async Task <string> Encrypt(KmsCryptoClient kmsCryptoClient, string keyId)
{
logger.Info("Encrypt");
string plainText = "I love .NET SDK!";
var plainTextBytes = System.Text.Encoding.UTF8.GetBytes(plainText);
EncryptDataDetails encryptDataDetails = new EncryptDataDetails
{
KeyId = keyId,
Plaintext = System.Convert.ToBase64String(plainTextBytes),
LoggingContext = GetSampleLoggingContext()
};
EncryptRequest encryptRequest = new EncryptRequest
{
EncryptDataDetails = encryptDataDetails
};
EncryptResponse encryptResponse = await kmsCryptoClient.Encrypt(encryptRequest);
logger.Info($"PlainText: {plainText}");
logger.Info($"CipherText: {encryptResponse.EncryptedData.Ciphertext}");
return(encryptResponse.EncryptedData.Ciphertext);
}
protected override void ProcessRecord()
{
base.ProcessRecord();
try
{
client?.Dispose();
int timeout = GetPreferredTimeout();
WriteDebug($"Cmdlet Timeout : {timeout} milliseconds.");
client = new KmsCryptoClient(AuthProvider, new Oci.Common.ClientConfiguration
{
RetryConfiguration = retryConfig,
TimeoutMillis = timeout,
ClientUserAgent = PSUserAgent
});
WriteDebug("Choosing Endpoint:" + Endpoint);
client.SetEndpoint(Endpoint);
}
catch (Exception ex)
{
TerminatingErrorDuringExecution(ex);
}
}
private static async Task GenerateDataEncryptionKey(KmsCryptoClient kmsCryptoClient, string keyId)
{
logger.Info("Generate Data Encryption Key");
KeyShape keyShape = new KeyShape
{
Algorithm = KeyShape.AlgorithmEnum.Aes,
Length = DefaultKeyLength
};
GenerateKeyDetails generateKeyDetails = new GenerateKeyDetails
{
KeyId = keyId,
KeyShape = keyShape,
IncludePlaintextKey = true,
LoggingContext = GetSampleLoggingContext()
};
GenerateDataEncryptionKeyRequest generateDataEncryptionKeyRequest = new GenerateDataEncryptionKeyRequest
{
GenerateKeyDetails = generateKeyDetails
};
GenerateDataEncryptionKeyResponse generateDataEncryptionKeyResponse =
await kmsCryptoClient.GenerateDataEncryptionKey(generateDataEncryptionKeyRequest);
logger.Info($"Generated Data Encyption key: {generateDataEncryptionKeyResponse.GeneratedKey.Plaintext}");
}
public static async Task MainKeyManagement()
{
logger.Info("Starting example");
var provider = new ConfigFileAuthenticationDetailsProvider("DEFAULT");
var compartmentId = Environment.GetEnvironmentVariable("OCI_COMPARTMENT_ID");
var vaultId = Environment.GetEnvironmentVariable("VAULT_ID");
KmsVaultClient kmsVaultClient = null;
KmsManagementClient kmsManagementClient = null;
KmsCryptoClient kmsCryptoClient = null;
try
{
// Initialize the KMS Clients. KMS has three clients as following:
// * KmsVaultClient: The client for Vault management
// * KmsManagementClient: The client for Key management (ControlPlane)
// * KmsCryptoClient: The client for data encryption and decryption (DataPlane)
kmsVaultClient = new KmsVaultClient(provider);
kmsManagementClient = new KmsManagementClient(provider);
kmsCryptoClient = new KmsCryptoClient(provider);
Vault vault = await GetVault(kmsVaultClient, vaultId);
// The ManagementClient and CryptoClient use Vault specific endpoints; Set them now.
kmsManagementClient.SetEndpoint(vault.ManagementEndpoint);
kmsCryptoClient.SetEndpoint(vault.CryptoEndpoint);
// Vault Operations
await UpdateVaultResetTags(kmsVaultClient, vault.Id);
await UpdateVault(kmsVaultClient, vault.Id);
await ListVaults(kmsVaultClient, compartmentId);
await ScheduleVaultDeletion(kmsVaultClient, vault.Id);
var waiterConfiguration = new WaiterConfiguration
{
MaxAttempts = 10,
GetNextDelayInSeconds = DelayStrategy.GetExponentialDelayInSeconds
};
// After scheduling deletion, the Vault will stay in SCHEDULING_DELETION state shortly and then
// transit to PENDING_DELETION state. Wait a bit for the transition to happen.
logger.Info("Wait a bit for the deletion scheduling to finish");
GetVaultRequest getVaultRequest = new GetVaultRequest
{
VaultId = vault.Id
};
kmsVaultClient.Waiters.ForVault(getVaultRequest, waiterConfiguration, Vault.LifecycleStateEnum.PendingDeletion).Execute();
await CancelVaultDeletion(kmsVaultClient, vault.Id);
// After cancelling deletion, the Vault will stay in CANCELLING_DELETION state shortly and then
// transit to ACTIVE state. Wait a bit for the transition to happen.
logger.Info("Wait a bit for the deletion cancelling to finish");
kmsVaultClient.Waiters.ForVault(getVaultRequest, waiterConfiguration, Vault.LifecycleStateEnum.Active).Execute();
// Management / Key Operations
string keyId = await CreateKey(kmsManagementClient, compartmentId);
// After creating a Key, the Key will stay in CREATING state shortly and then
// transit to ENABLED state. Wait a bit for the transition to happen.
logger.Info("Wait a bit for Key creation to finish");
GetKeyRequest getKeyRequest = new GetKeyRequest
{
KeyId = keyId
};
kmsManagementClient.Waiters.ForKey(getKeyRequest, waiterConfiguration, Key.LifecycleStateEnum.Enabled).Execute();
await GetKey(kmsManagementClient, keyId);
await UpdateKeyResetTags(kmsManagementClient, keyId);
kmsManagementClient.Waiters.ForKey(getKeyRequest, waiterConfiguration, Key.LifecycleStateEnum.Enabled).Execute();
await UpdateKey(kmsManagementClient, keyId);
kmsManagementClient.Waiters.ForKey(getKeyRequest, waiterConfiguration, Key.LifecycleStateEnum.Enabled).Execute();
await ListKeys(kmsManagementClient, compartmentId);
await DisableKey(kmsManagementClient, keyId);
// After disabling a Key, the Key will stay in DISABLING state shortly and then
// transit to DISABLED state. Wait a bit for the transition to happen.
logger.Info("Wait a bit for Key disabling to finish");
kmsManagementClient.Waiters.ForKey(getKeyRequest, waiterConfiguration, Key.LifecycleStateEnum.Disabled).Execute();
await EnableKey(kmsManagementClient, keyId);
// After enabling a Key, the Key will stay in ENABLING state shortly and then
// transit to ENABLED state. Wait a bit for the transition to happen.
logger.Info("Wait a bit for Key enabling to finish");
kmsManagementClient.Waiters.ForKey(getKeyRequest, waiterConfiguration, Key.LifecycleStateEnum.Enabled).Execute();
await ScheduleKeyDeletion(kmsManagementClient, keyId);
// After scheduling deletion, the Key will stay in SCHEDULING_DELETION state shortly and then
// transit to PENDING_DELETION state. Wait a bit for the transition to happen.
logger.Info("Wait a bit for deletion scheduling to finish");
kmsManagementClient.Waiters.ForKey(getKeyRequest, waiterConfiguration, Key.LifecycleStateEnum.PendingDeletion).Execute();
await CancelKeyDeletion(kmsManagementClient, keyId);
// After cancelling deletion, the Key will stay in CANCELLING_DELETION state shortly and then
// transit to Enabled state. Wait a bit for the transition to happen.
logger.Info("Wait a bit for deletion cancelling to finish");
kmsManagementClient.Waiters.ForKey(getKeyRequest, waiterConfiguration, Key.LifecycleStateEnum.Enabled).Execute();
await CreateKeyVersion(kmsManagementClient, keyId);
await ListKeyVersions(kmsManagementClient, keyId);
// Crypto Operations
string cipherText = await Encrypt(kmsCryptoClient, keyId);
await Decrypt(kmsCryptoClient, keyId, cipherText);
await GenerateDataEncryptionKey(kmsCryptoClient, keyId);
kmsManagementClient.Waiters.ForKey(getKeyRequest, waiterConfiguration, Key.LifecycleStateEnum.Enabled).Execute();
}
catch (Exception e)
{
logger.Error($"Failed to perform operations on Vault: {e}");
}
finally
{
if (kmsVaultClient != null)
{
kmsVaultClient.Dispose();
}
if (kmsManagementClient != null)
{
kmsManagementClient.Dispose();
}
if (kmsCryptoClient != null)
{
kmsCryptoClient.Dispose();
}
}
logger.Info("End example");
}
