@aws-sdk/client-kms

What is @aws-sdk/client-kms?

@aws-sdk/client-kms is an AWS SDK for JavaScript package that allows you to interact with the AWS Key Management Service (KMS). This service enables you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications.

What are @aws-sdk/client-kms's main functionalities?

Create a Key

This feature allows you to create a new KMS key. The code sample demonstrates how to create a key with a description, usage type, and origin.

const { KMSClient, CreateKeyCommand } = require('@aws-sdk/client-kms');

const client = new KMSClient({ region: 'us-west-2' });
const command = new CreateKeyCommand({
  Description: 'My test key',
  KeyUsage: 'ENCRYPT_DECRYPT',
  Origin: 'AWS_KMS'
});

client.send(command).then(
  (data) => console.log('Key Created:', data.KeyMetadata.KeyId),
  (error) => console.error('Error:', error)
);

Encrypt Data

This feature allows you to encrypt data using a specified KMS key. The code sample demonstrates how to encrypt a plaintext string.

const { KMSClient, EncryptCommand } = require('@aws-sdk/client-kms');

const client = new KMSClient({ region: 'us-west-2' });
const command = new EncryptCommand({
  KeyId: 'your-key-id',
  Plaintext: Buffer.from('Hello, World!')
});

client.send(command).then(
  (data) => console.log('Encrypted Data:', data.CiphertextBlob.toString('base64')),
  (error) => console.error('Error:', error)
);

Decrypt Data

This feature allows you to decrypt data that was encrypted using a KMS key. The code sample demonstrates how to decrypt a base64-encoded ciphertext.

const { KMSClient, DecryptCommand } = require('@aws-sdk/client-kms');

const client = new KMSClient({ region: 'us-west-2' });
const command = new DecryptCommand({
  CiphertextBlob: Buffer.from('your-encrypted-data', 'base64')
});

client.send(command).then(
  (data) => console.log('Decrypted Data:', data.Plaintext.toString()),
  (error) => console.error('Error:', error)
);

Generate Data Key

This feature allows you to generate a data key that you can use to encrypt data locally. The code sample demonstrates how to generate a 256-bit AES data key.

const { KMSClient, GenerateDataKeyCommand } = require('@aws-sdk/client-kms');

const client = new KMSClient({ region: 'us-west-2' });
const command = new GenerateDataKeyCommand({
  KeyId: 'your-key-id',
  KeySpec: 'AES_256'
});

client.send(command).then(
  (data) => console.log('Data Key:', data.Plaintext.toString('base64')),
  (error) => console.error('Error:', error)
);

Other packages similar to @aws-sdk/client-kms

node-forge

node-forge is a JavaScript library that provides a native implementation of various cryptographic functions, including key generation, encryption, and decryption. Unlike @aws-sdk/client-kms, node-forge does not integrate with AWS services and is used for local cryptographic operations.

crypto-js

crypto-js is a JavaScript library that provides a variety of cryptographic algorithms for encryption, decryption, hashing, and more. Similar to node-forge, it does not integrate with AWS services and is used for local cryptographic operations.

aws-sdk

aws-sdk is the older version of the AWS SDK for JavaScript, which includes support for KMS among many other AWS services. It is a more comprehensive package compared to @aws-sdk/client-kms, which is part of the modular v3 SDK.

README

@aws-sdk/client-kms

For SDK usage, please step to SDK readme.

Changelog

1.0.0-rc.9 (2020-12-11)

Bug Fixes

• codegen: import SENSITIVE_STRING only when used (#1761) (9296283)
• middleware-sdk-sqs: call next() exactly once in sendMessageMiddleware (#1752) (dc63e37)
• shared-ini-file-loader: ignore prohibited profile name (#1764) (a209082)

Features

• add service id config (#1765) (1ba5672)
• update clients as of 12/09/2020 (#1755) (de1a24d)
• update clients as of 12/11/2020 (#1767) (21646e3)
• util-waiter: add waiter utilities package (#1736) (02ad0a4)