AwsEncryptionSdk.Keyring.KmsClient.ExAws (AWS Encryption SDK v0.7.0)

View Source

AWS KMS client implementation using ExAws.

Provides production-ready KMS operations using the ExAws library. Credentials and region are resolved using ExAws's default credential chain.

Configuration

Configuration can be passed via the :config option or through application config:

# Option 1: Pass config directly
{:ok, client} = ExAws.new(
  region: "us-east-1",
  config: [
    access_key_id: "...",
    secret_access_key: "..."
  ]
)

# Option 2: Use application config (config/config.exs)
config :ex_aws,
  access_key_id: [{:system, "AWS_ACCESS_KEY_ID"}, :instance_role],
  secret_access_key: [{:system, "AWS_SECRET_ACCESS_KEY"}, :instance_role],
  region: "us-east-1"

Example

{:ok, client} = ExAws.new(region: "us-east-1")

{:ok, result} = ExAws.generate_data_key(
  client,
  "arn:aws:kms:us-east-1:123456789012:key/abc123",
  32,
  %{"purpose" => "encryption"},
  []
)

IO.inspect(result.plaintext)  # The unencrypted data key

Summary

Types

t()

Functions

new(opts \\ [])

Creates a new ExAws KMS client.

Types

t()

@type t() :: %AwsEncryptionSdk.Keyring.KmsClient.ExAws{
  config: keyword(),
  region: String.t() | nil
}

Functions

new(opts \\ [])

@spec new(keyword()) :: {:ok, t()}

Creates a new ExAws KMS client.

Options

  • :region - AWS region (optional, defaults to ExAws config)
  • :config - ExAws configuration options (optional)

Example

{:ok, client} = ExAws.new(region: "us-east-1")