This example showcases how to use the AWS KMS client with Quarkus.
- Run
./mvnw clean quarkus:dev
curl -XPOST -H"Content-type: text/plain" http://localhost:8080/sync/encrypt -d'Quarkus is awsome'And the result similar to this output:
S2Fybjphd3M6a21zOnVzLWVhc3QtMTowMDAwMDAwMDAwMDA6a2V5LzZmYzAwOWZhLWYwMDUtNGI4My04ZDc1LTk4OGVhZTk4ZTM1NwAAAAAfC2HyHrHBXLNFomHLdH9PlMKWQKofyhJjbY2TUovEaBuc4Hj+Lb2BSoYTa/c=
You can now decrypt a message you previously encrypted
curl -XPOST -H"Content-type: text/plain" http://localhost:8080/sync/decrypt -d '<encrypted-message>'Repeat the same using async endpoints. Encrypt
curl -XPOST -H"Content-type: text/plain" http://localhost:8080/async/encrypt -d 'Quarkus is awsome'And then decrypt
curl -XPOST -H"Content-type: text/plain" http://localhost:8080/async/decrypt -d '<encrypted-message>'As a prerequisite, install the AWS Command Line Interface.
Start LocalStack:
docker run \
--rm \
--name local-kms \
-p 4566:4566 \
localstack/localstackKMS listens on localhost:4566 for REST endpoints.
Create an AWS profile for your local instance using AWS CLI:
aws configure --profile localstackAWS Access Key ID [None]: test-key
AWS Secret Access Key [None]: test-secret
Default region name [None]: us-east-1
Default output format [None]:
Create a master key with an alias for simplier configuration.
key_id=$(aws kms create-key --query KeyMetadata.KeyId --output text --profile localstack --endpoint-url=http://localhost:4566)
aws kms create-alias --alias-name "alias/quarkus" --target-key-id $key_id --profile localstack --endpoint-url=http://localhost:4566You can compile the application and run it with:
./mvnw install
AWS_PROFILE=localstack java -Dquarkus.kms.endpoint-override=http://localhost:4566 -jar ./target/quarkus-app/quarkus-run.jarYou can now replay the curl commands above.
You can compile the application into a native executable using:
./mvnw install -DnativeAnd run it with:
AWS_PROFILE=localstack ./target/amazon-kms-quickstart-1.0.0-SNAPSHOT-runner -Dquarkus.kms.endpoint-override=http://localhost:4566Build a native image in a container by running:
./mvnw install -Dnative -DskipTests -Dquarkus.native.container-build=trueBuild a Docker image:
docker build -f src/main/docker/Dockerfile.native -t quarkus/amazon-kms-quickstart .Create a network that connects your container with LocalStack:
docker network create localstackStop your LocalStack container you started at the beginning:
docker stop local-kmsStart LocalStack and connect to the network:
docker run \
--rm \
--name local-kms \
--network=localstack \
-p 4566:4566 \
localstack/localstackCreate a master key with an alias for simplier configuration.
key_id=$(aws kms create-key --query KeyMetadata.KeyId --output text --profile localstack --endpoint-url=http://localhost:4566)
aws kms create-alias --alias-name "alias/quarkus" --target-key-id $key_id --profile localstack --endpoint-url=http://localhost:4566Run the Quickstart container connected to that network (note that we're using the internal port of the LocalStack container):
docker run -i --rm --network=localstack \
-p 8080:8080 \
-e QUARKUS_KMS_ENDPOINT_OVERRIDE="http://local-kms:4566" \
-e QUARKUS_KMS_AWS_REGION="us-east-1" \
-e QUARKUS_KMS_AWS_CREDENTIALS_TYPE="static" \
-e QUARKUS_KMS_AWS_CREDENTIALS_STATIC_PROVIDER_ACCESS_KEY_ID="test-key" \
-e QUARKUS_KMS_AWS_CREDENTIALS_STATIC_PROVIDER_SECRET_ACCESS_KEY="test-secret" \
quarkus/amazon-kms-quickstartReplay curl commands from above:
Clean up your environment:
docker stop local-kms
docker network rm localstackBefore you can use the AWS SDKs with KMS, you must get an AWS access key ID and secret access key. For more information, see:
Create a master key with an alias for simplier configuration.
key_id=$(aws kms create-key --query KeyMetadata.KeyId --output text)
aws kms create-alias --alias-name "alias/quarkus" --target-key-id $key_idYou can run the demo the same way as for a local instance, but you don't need to override the endpoint as you are going to communicate with the AWS service with the default AWS profile.
Run it:
java -jar ./target/quarkus-app/quarkus-run.jarOr, run it natively:
./target/amazon-kms-quickstart-1.0.0-SNAPSHOT-runner