PHP download

PHP code example of paragonie / ciphersweet-provider-aws-kms

1. Go to this page and download the library: Download paragonie/ciphersweet-provider-aws-kms library. Choose the download type require.

2. Extract the ZIP file and open the index.php.

3. Add this code to the index.php.

    
        
<?php
require_once('vendor/autoload.php');

/* Start to develop here. Best regards https://php-download.com/ */

paragonie / ciphersweet-provider-aws-kms example snippets



use Aws\Kms\KmsClient;
use ParagonIE\Certainty\RemoteFetch;
use ParagonIE\CipherSweet\Backend\BoringCrypto;
use ParagonIE\CipherSweet\KeyProvider\KmsKeyProvider;

// Recommended: always use the latest CACert bundle
$remoteFetch = new RemoteFetch('/path/to/cacert-dir');
$latestBundle = $remoteFetch->getLatestBundle()->getFilePath();
$keyID = ''; /* get this from KMS */

$kmsClient = new KmsClient([
    'profile' => 'default',
    'region' => 'us-east-1',
    'http' => ['verify' => $latestBundle]
]);

// Recommended: Use encryption context for your apps
$encryptionContext = [
    'app' => 'foo.example.com'
];


$newKey = KmsKeyProvider::generate(
    $kmsClient,
    new BoringCrypto(), // Your backend goes here
    $keyID,
    $encryptionContext
);
// Save this somewhere so you can reuse it:
$edk = $newKey->getEncryptedDataKey();


// Moving forward, you can simply instantiate your key provider like so:
$provider = new KmsKeyProvider(
    $kmsClient,
    new BoringCrypto(), // Your backend goes here
    $keyID,
    $encryptionContext,
    $edk
);


/** @var \ParagonIE\CipherSweet\KeyProvider\MultiTenantKmsKeyProvider $multiPro */
$multiPro->setTenantColumnForTable('table_name', 'tenant_id_column_name');


// Calling createTenant() will persist it to memory
$specificProvider = $multiPro->createTenant($tenantID, $kmsKeyID, $encryptionContext);



use ParagonIE\CipherSweet\CipherSweet;
use ParagonIE\CipherSweet\EncryptedMultiRows;
use ParagonIE\CipherSweet\KeyProvider\MultiTenantKmsKeyProvider;

/**
 * @var \Aws\Kms\KmsClient $kmsClient
 * @var \ParagonIE\CipherSweet\KeyProvider\TenantEDKInterface $edkLookup
 */

$multiPro = (new MultiTenantKmsKeyProvider())
    ->setEDKLookup($edkLookup)
    ->setKmsClient($kmsClient);

$multiPro->setTenantColumnForTable('table_1_name', 'tenant_id');

$multiPro->createTenant('example_1', 'kms_key_id_goes_here', ['region' => 'us-east-2']);
$multiPro->createTenant('example_2', 'kms_key_id_goes_here', ['region' => 'us-west-1']);

$engine = new CipherSweet($multiPro, $multiPro->getBackend());
$encryptManyRows = (new EncryptedMultiRows($engine))->setAutoBindContext(true);


$multiPro->setStaticBlindIndexTenant("dedicated-searching-tenant-id-goes-here");


$multiPro->setStaticBlindIndexTenant(null);


/**
 * @var \ParagonIE\CipherSweet\KeyProvider\MultiTenantKmsKeyProvider $multiPro
 * @var \ParagonIE\CipherSweet\KeyProvider\KmsKeyProvider $provider
 * @var \Psr\SimpleCache\CacheInterface $yourCache
 */

// This will pass $yourCache to all KmsKeyProviders managed by this multi-tenant provider:
$multiPro->setDataKeyCache($yourCache);

// For only one single-tenant provider:
$provider->setDataKeyCache($yourCache);