Class AWSKMSService

class: AWSKMSService

  • shared Key Management Service to encrypt/decrypt message.

Hierarchy

  • AWSKMSService

Implements

Constructors

constructor

Properties

_instance _keyId _options DEF_KMS_TARGET ENV_KMS_KEY_ID

Methods

decrypt encrypt getPublicKey hello instance keyId name sample sign verify

Constructors

constructor

Properties

Protected _instance

_instance: KMS

Private _keyId

_keyId: string

Private _options

_options: AWSKMSSignOption

Static DEF_KMS_TARGET

DEF_KMS_TARGET: string = ...

Static ENV_KMS_KEY_ID

ENV_KMS_KEY_ID: string = 'KMS_KEY_ID'

environ name of KMS KEY

Methods

decrypt

  • Decrypt message

    Parameters

    • encryptedSecret: string

    Returns Promise<string>

encrypt

  • Encrypt message

    Parameters

    • message: string

    Returns Promise<string>

getPublicKey

  • retrieve public-key for asymetric verification.

    • used to verify signature with JWT library w/o making request to AWS KMS.
    • in general, cache this public-key to verify locally.

    Parameters

    • encoding: BufferEncoding = 'base64'

      (optional) encoding type

    Returns Promise<string>

hello

instance

keyId

name

sample

  • it should be 'hello lemon'

    Example

     
    # encrypt text
    $ aws kms encrypt --profile <profile> --key-id <kms-key-id> --plaintext "hello lemon" --query CiphertextBlob --output text

    Returns Promise<{ KMS_KEY_ID: string; decrypted: string; encrypted: string; keyId: string; message: string }>

sign

  • make signature by message

    Parameters

    • message: string

      any string

    • forJwtSignature: boolean = true

      (option) flag to get JWT signature format.

    Returns Promise<string>

verify

  • verify signature in asymetric way

    • it tooks around 30ms

    Parameters

    • message: string

      any string

    • signature: string | Buffer

      signature of Buffer or string(in base64)

    Returns Promise<boolean>

Settings

Member Visibility

Theme

Generated using TypeDoc