I am following the official example code for AWS SDK: https://github.com/aws/aws-encryption-sdk-javascript/blob/master/modules/example-node/src/kms_simple.ts and try to encrypt and decrypt data using an AWS-KMS managed key.
However, I am curious how to authenticate with my AWS KMS account that Amazon knows, who I am and that I have access to my keys?
Code:
import { buildClient, CommitmentPolicy, KmsKeyringNode } from '@aws-crypto/client-node';
const generatorKeyId = 'arn:aws:kms:us-west-2:464646464:alias/EncryptDecrypt';
const keyIds = [];
const keyring = new KmsKeyringNode({ generatorKeyId, keyIds });
console.log(keyring);
const context = {
stage: 'demo',
purpose: 'simple demonstration app',
origin: 'us-west-2',
};
/* Create a string to encrypt */
const cleartext = 'my-test-string';
const { encrypt, decrypt } = buildClient(CommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT);
const { result } = await encrypt(keyring, cleartext, { encryptionContext: context });
console.log("RESULT", result)
I think I have to leave my AWS-credentials somewhere here, but where? The Documentation is not telling at all about that.
To learn how to get up and running with the AWS SDK for JavaScript v3, please refer to the official AWS SDK for JavaScript Developer Guide. You will learn how to configure it -- including how to setup your credentials. See:
Configuring the SDK for JavaScript
In addition, the official Github location for AWS SDK code examples is here:
https://github.com/awsdocs/aws-doc-sdk-examples
Reading the JavaScript Dev Guide is the place to start to learn how to work with this SDK.