com.ibm.cloud.objectstorage.services.kms.package-info Maven / Gradle / Ivy
Show all versions of ibm-cos-java-sdk-bundle Show documentation
/*
* Copyright 2017-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
/**
* Key Management Service
*
* ***The KMS feature is not supported on IBM Cloud Object Storage
* Key Management Service (KMS) is an encryption and key management web service. This guide describes the KMS operations
* that you can call programmatically. For general information about KMS, see the Key Management Service Developer Guide .
*
*
*
* KMS is replacing the term customer master key (CMK) with KMS key and KMS key. The concept has
* not changed. To prevent breaking changes, KMS is keeping some variations of this term.
*
*
* Amazon Web Services provides SDKs that consist of libraries and sample code for various programming languages and
* platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs provide a convenient way to create programmatic access
* to KMS and other Amazon Web Services services. For example, the SDKs take care of tasks such as signing requests (see
* below), managing errors, and retrying requests automatically. For more information about the Amazon Web Services
* SDKs, including how to download and install them, see Tools for Amazon Web
* Services.
*
*
*
* We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to KMS.
*
*
* Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS 1.2. Clients must also support cipher
* suites with Perfect Forward Secrecy (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral
* Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support these modes.
*
*
* Signing Requests
*
*
* Requests must be signed by using an access key ID and a secret access key. We strongly recommend that you do
* not use your Amazon Web Services account (root) access key ID and secret key for everyday work with KMS. Instead,
* use the access key ID and secret access key for an IAM user. You can also use the Amazon Web Services Security Token
* Service to generate temporary security credentials that you can use to sign requests.
*
*
* All KMS operations require Signature
* Version 4.
*
*
* Logging API Requests
*
*
* KMS supports CloudTrail, a service that logs Amazon Web Services API calls and related events for your Amazon Web
* Services account and delivers them to an Amazon S3 bucket that you specify. By using the information collected by
* CloudTrail, you can determine what requests were made to KMS, who made the request, when it was made, and so on. To
* learn more about CloudTrail, including how to turn it on and find your log files, see the CloudTrail User Guide.
*
*
* Additional Resources
*
*
* For more information about credentials and request signing, see the following:
*
*
* -
*
* Amazon Web Services Security
* Credentials - This topic provides general information about the types of credentials used to access Amazon Web
* Services.
*
*
* -
*
* Temporary Security
* Credentials - This section of the IAM User Guide describes how to create and use temporary security
* credentials.
*
*
* -
*
* Signature Version 4 Signing
* Process - This set of topics walks you through the process of signing a request using an access key ID and a
* secret access key.
*
*
*
*
* Commonly Used API Operations
*
*
* Of the API operations discussed in this guide, the following will prove the most useful for most applications. You
* will likely perform operations other than these, such as creating keys and assigning policies, by using the console.
*
*
* -
*
* Encrypt
*
*
* -
*
* Decrypt
*
*
* -
*
* GenerateDataKey
*
*
* -
*
*
*
*/
package com.ibm.cloud.objectstorage.services.kms;