kms_rs

A simple crate for managing keys in AWS Key Management Service (KMS)

Disclaimer: This project has not been audited and not yet recommended for production environments.

⚠️ This project is under construction! ⚠️

Uses rusoto.

See examples for usage (uses clap).

Prerequisites

• An AWS account (sign up here)
• AWS CLI installed

As functionality is added, it will be listed below.

• Retrieve a list of all CMK's (Customer Master Keys) in region us-east-1
• Describe a single key given a key-id
• Create a key (symmetric only)
• Schedule key deletion
• Cancel key deletion
• Enable a key given a key-id
• Disable a key given a key-id
• Generate a data key
• Generate a data key without plaintext

A full list of commands can be found here. Feel free to open an issue to request a command(s) or PR to add them.

Note that the following are excludeded from AWS Free Tier:

• GenerateDataKeyPair
• GenerateDataKeyPairWithoutPlaintext
• Sign
• Verify
• Encrypt
• Decrypt
• GetPublicKey that reference asymmetric CMKs

Because of this, one goal of this crate is to provide you some functionality natively to keep high-volume usage costs down. See the latest costs here.

Future Goals

Integration with AWS CloudHSM

• Add native commands that aren't covered under AWS Free Tier
• CloudHSM details here
• Pricing calculation here

Integration with FIPS-140 hardware and software

• FIPS-140 details here