调用示例
最近更新时间: 2024-06-12 15:06:00
托管和保护凭据
示例: DB 管理员创建凭据 MySecret,并指定版本 MyVersion1,将数据库连接信息交由 SSM 加密存储。未指定 KMS 密钥时,SSM 将自动创建一个默认密钥。
var ( secretName = "MySecret1" version = "MyVersion1" plainText = "user:password@tcp(127.0.0.1:3306)/test" ) func ExampleCreateSecret() { credential := common.NewCredential( secretId, secretKey, ) cpf := profile.NewClientProfile() cpf.HttpProfile.Endpoint = endpoint client, _ := ssm.NewClient(credential, region, cpf) request := ssm.NewCreateSecretRequest() request.SecretName = &secretName request.VersionId = &version request.SecretString = &plainText resp, err := client.CreateSecret(request) if err != nil { // error handler } fmt.Println(*resp.Response.SecretName) // create ok }
查看凭据元数据信息
示例1: 获取凭据列表和凭据元数据信息。
func ExampleListSecrets() { credential := common.NewCredential( secretId, secretKey, ) cpf := profile.NewClientProfile() cpf.HttpProfile.Endpoint = endpoint client, _ := ssm.NewClient(credential, region, cpf) request := ssm.NewListSecretsRequest() resp, err := client.ListSecrets(request) if err != nil { // error handler } fmt.Println(resp.Response.SecretMetadatas) // get secrets metadata // ... }
示例2:根据名称获取凭据MySecret1的版本信息
var ( secretName = "MySecret1" ) func ExampleListSecretVersionIds() { credential := common.NewCredential( secretId, secretKey, ) cpf := profile.NewClientProfile() cpf.HttpProfile.Endpoint = endpoint client, _ := ssm.NewClient(credential, region, cpf) request := ssm.NewListSecretVersionIdsRequest() request.SecretName = &secretName resp, err := client.ListSecretVersionIds(request) if err != nil { // error handler } fmt.Println(resp.Response.Versions) // get version list // ... }
获取 SSM 存储的明文敏感数据
示例:服务调用方根据凭据名称 MySecret1 和指定版本 MyVersion1 获取 DB 连接明文信息。
var ( secretName = "MySecret1" version = "MyVersion1" ) func ExampleGetSecretValue() { credential := common.NewCredential( secretId, secretKey, ) cpf := profile.NewClientProfile() cpf.HttpProfile.Endpoint = endpoint client, _ := ssm.NewClient(credential, region, cpf) request := ssm.NewGetSecretValueRequest() request.VersionId = &version request.SecretName = &secretName resp, err := client.GetSecretValue(request) if err != nil { // error handler } fmt.Println(*resp.Response.SecretString) // get plain text, connect db // ... }
更新凭据内容
示例:根据凭据名称 MySecret1 和指定版本 MyVersion1 更新 DB 连接明文信息。
var ( secretName = "MySecret1" version = "MyVersion1" newSecretValue = "user2:password2@tcp(127.0.0.1:3306)/test" ) func ExamplePutSecretValue() { credential := common.NewCredential( secretId, secretKey, ) cpf := profile.NewClientProfile() cpf.HttpProfile.Endpoint = endpoint client, _ := ssm.NewClient(credential, region, cpf) request := ssm.NewPutSecretValueRequest() request.SecretName = &secretName request.VersionId = &version request.SecretString = &newSecretValue resp, err := client.PutSecretValue(request) if err != nil { // error handler } fmt.Println(*resp.Response.SecretName) // secret updated // ... }
禁用、删除和恢复凭据
示例1:禁用凭据,禁用后服务无法再获取此凭据存储的所有内容。
var ( secretName = "MySecret1" ) func ExampleDisableSecret() { credential := common.NewCredential( secretId, secretKey, ) cpf := profile.NewClientProfile() cpf.HttpProfile.Endpoint = endpoint client, _ := ssm.NewClient(credential, region, cpf) request := ssm.NewDisableSecretRequest() request.SecretName = &secretName resp, err := client.DisableSecret(request) if err != nil { // error handler } fmt.Println(*resp.Response.SecretName) // secret disabled // ... }
示例2:删除凭据,可以设置计划删除时间,在计划删除时间前,可以恢复凭据。
!只有禁用后的凭据才能删除。
func ExampleDeleteSecret() { credential := common.NewCredential( secretId, secretKey, ) cpf := profile.NewClientProfile() cpf.HttpProfile.Endpoint = endpoint client, _ := ssm.NewClient(credential, region, cpf) request := ssm.NewDeleteSecretRequest() request.SecretName = &secretName request.RecoveryWindowInDays = &recoverWindowsInDays resp, err := client.DeleteSecret(request) if err != nil { // error handler } fmt.Println(*resp.Response.DeleteTime) // secret deleted // ... }
示例3:恢复凭据,处于计划删除状态的凭据可以重新恢复并启。
func ExampleRestoreSecret() { credential := common.NewCredential( secretId, secretKey, ) cpf := profile.NewClientProfile() cpf.HttpProfile.Endpoint = endpoint client, _ := ssm.NewClient(credential, region, cpf) request := ssm.NewRestoreSecretRequest() request.SecretName = &secretName resp, err := client.RestoreSecret(request) if err != nil { // error handler } fmt.Println(*resp.Response.SecretName) // secret restored // ... }