SQL Server
SQL Server
AWS KMS Import PFX Key
See more AWS KMS Examples
Imports a certificate's private key from a .pfx file to new key created in AWS KMS.Chilkat SQL Server Downloads
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
DECLARE @hr int
-- Important: Do not use nvarchar(max). See the warning about using nvarchar(max).
DECLARE @sTmp0 nvarchar(4000)
DECLARE @success int
SELECT @success = 0
-- This example requires the Chilkat API to have been previously unlocked.
-- See Global Unlock Sample for sample code.
-- Note: This example is using a relative file path. You can also specify a full file path, such as "C:/someDir/myCertAndKey.pfx"
-- or a file path the makes sense on non-Windows operating systems..
DECLARE @cert int
EXEC @hr = sp_OACreate 'Chilkat.Cert', @cert OUT
IF @hr <> 0
BEGIN
PRINT 'Failed to create ActiveX component'
RETURN
END
EXEC sp_OAMethod @cert, 'LoadPfxFile', @success OUT, 'qa_data/pfx/myCertAndKey.pfx', 'pfx_password'
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @cert
RETURN
END
-- Get the cert's private key. This is what will be uploaded to AWS KMS.
DECLARE @privKey int
EXEC @hr = sp_OACreate 'Chilkat.PrivateKey', @privKey OUT
EXEC sp_OAMethod @cert, 'GetPrivateKey', @success OUT, @privKey
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @privKey
RETURN
END
DECLARE @json int
EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @json OUT
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'service', 'aws-kms'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'auth.access_key', 'AWS_ACCESS_KEY'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'auth.secret_key', 'AWS_SECRET_KEY'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'auth.region', 'us-west-2'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'description', 'Test of uploading existing private key to AWS KMS'
-- Let's add some information about the certificate this key belongs to.
-- This is for informational purposes only, so that we can examine the tags
-- in the AWS KMS console and know the corresponding certificate.
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'tags[0].key', 'CertSerial'
EXEC sp_OAGetProperty @cert, 'SerialNumber', @sTmp0 OUT
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'tags[0].value', @sTmp0
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'tags[1].key', 'CertIssuer'
EXEC sp_OAGetProperty @cert, 'IssuerCN', @sTmp0 OUT
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'tags[1].value', @sTmp0
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'tags[2].key', 'CertSubject'
EXEC sp_OAGetProperty @cert, 'SubjectCN', @sTmp0 OUT
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'tags[2].value', @sTmp0
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'keyUsage', 'SIGN_VERIFY'
-- The UploadToCloud method was added in Chilkat v9.5.0.96
DECLARE @jsonOut int
EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jsonOut OUT
EXEC sp_OAMethod @privKey, 'UploadToCloud', @success OUT, @json, @jsonOut
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @privKey, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @privKey
EXEC @hr = sp_OADestroy @json
EXEC @hr = sp_OADestroy @jsonOut
RETURN
END
-- When successful, the jsonOut contains information about the private key in AWS KMS.
-- Most importantly, the KeyId.
EXEC sp_OASetProperty @jsonOut, 'EmitCompact', 0
EXEC sp_OAMethod @jsonOut, 'Emit', @sTmp0 OUT
PRINT @sTmp0
-- Sample JSON result:
-- {
-- "AWSAccountId": "954491834127",
-- "Arn": "arn:aws:kms:us-west-2:954491834127:key/187012e8-008f-4fc7-b100-5efe6146dff2",
-- "KeySpec": "RSA_4096",
-- "Description": "Test of uploading existing private key to AWS KMS",
-- "KeyId": "187012e8-008f-4fc7-b100-5efe6146dff2",
-- "KeyUsage": "SIGN_VERIFY"
-- }
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @privKey
EXEC @hr = sp_OADestroy @json
EXEC @hr = sp_OADestroy @jsonOut
END
GO