Initialization
Confirm Endpoint
KMS Currently, it supports "North China-Beijing", "South China-Guangzhou" and "East China-Suzhou".
Beijing: http://bkm.bj.baidubce.com; Guangzhou: http://bkm.gz.baidubce.com; Suzhou: http://bkm.su.baidubce.com。
The corresponding information is:
| Access region | Corresponding Endpoint |
|---|---|
| BJ | bkm.bj.baidubce.com |
| GZ | bkm.gz.baidubce.com |
| SU | bkm.su.baidubce.com |
Get the Key
To use Baidu AI Cloud KMS, you need to have a valid AK (Access Key ID) and SK (Secret Access Key) for signature authentication. AK/SK is assigned to users by the system and is a string to identify users and verify signatures for accessing KMS. You can obtain and understand your AK/SK information through the following steps:
Register Baidu AI Cloud Account
[Create AK/SK](https://console.bce.baidu.com/iam/? _= 1542024769382#/iam/accesslist)
Create a New KmsClient
Being the client of the KMS service, KmsClient provides a series of methods for developers to interact with the KMS service.
Use AK/SK to create a new KmsClient
To access KMS through AK/SK, users can see the following code to create a KmsClient:
Note: Here, Access Key ID, Secret Access Key and domain name (ENDPOINT) are required.
import com.baidubce.auth.DefaultBceCredentials;
import com.baidubce.services.kms.KmsClient;
import com.baidubce.services.kms.KmsClientConfiguration;
import com.baidubce.services.kms.model.*;
import com.baidubce.BceClientException;
import com.baidubce.BceServiceException;
import com.baidubce.Protocol;
public class Kms {
public static void main(String[] args) {
String ACCESS_KEY_ID = <your-access-key-id>; // User's Access Key ID
String SECRET_ACCESS_KEY = <your-secret-access-key>; // User's Secret Access Key
String ENDPOINT = <domain-name>; // User-specified domain name
// Initialize an KmsClient
KmsClientConfiguration config = new KmsClientConfiguration();
config.setCredentials(new DefaultBceCredentials(ACCESS_KEY_ID, SECRET_ACCESS_KEY));
config.setEndpoint(ENDPOINT);
config.setProtocol(Protocol.HTTPS); // Set https protocol
KmsClient client = new KmsClient(config);
// Next, you can use the client to operate kms
}
}In the above codes, ACCESS_KEY_ID corresponds to "Access Key ID" in the console, and SECRET_ACCESS_KEY corresponds to "Access Key Secret" in the console.
The > ENDPOINT parameter can only be defined with the specified domain name containing the region.
Configure HTTPS to Access KMS
KMS supports HTTPS, and you can access to KMS service with HTTP in KMS Java SDK with the following 2 methods:
-
Indicate https in endpoint
String ENDPOINT = "https://bkm.gz.baidubce.com"; // The endpoint contains protocol using https String ACCESS_KEY_ID =
; // User's Access Key ID String SECRET_ACCESS_KEY = ; // User's Secret Access Key -
Set the https protocol by calling the setProtocol method:
String ENDPOINT = "bkm.gz.baidubce.com"; // endpoint does not contain protocol. String ACCESS_KEY_ID =
; // User's Access Key ID String SECRET_ACCESS_KEY = ; // User's Secret Access Key // Initialize an KmsClient KmsClientConfiguration config = new KmsClientConfiguration(); config.setCredentials(new DefaultBceCredentials(ACCESS_KEY_ID, SECRET_ACCESS_KEY));
config.setEndpoint(ENDPOINT); config.setProtocol(Protocol.HTTPS); // If protocol is not indicated, http is used. KmsClient client = new KmsClient(config);
If protocol is indicated in endpoint, the entry in endpoint takes effect, and a separate call to setProtocol () does not work.
String ENDPOINT = "http://bkm.gz.baidubce.com"; // The endpoint contains protocol using http
String ACCESS_KEY_ID = <your-access-key-id>; // User's Access Key ID
String SECRET_ACCESS_KEY = <your-secret-access-key>; // User's Secret Access Key
// Initialize an KmsClient
KmsClientConfiguration config = new KmsClientConfiguration();
config.setCredentials(new DefaultBceCredentials(ACCESS_KEY_ID, SECRET_ACCESS_KEY));
config.setEndpoint(ENDPOINT);
config.setProtocol(Protocol.HTTPS); // // As indicated in endpoint, this is an invalid operation, as is http.
KmsClient client = new KmsClient(config);
// Next, you can use the client to operate kms