Local KMS - A mock version of AWS' Key Management Service

Local KMS is a mock of Amazon Web Services’ KMS API, designed for be used in local development and testing.

Whilst this service does use real encryption, it is designed for development and testing against KMS; not for use in a production environment.

It came from a need to use KMS’ encrypt() and decrypt() endpoints on a project. After a bit of a hunt around, including in the my typically go to - localstack, I couldn’t find anything that met these requirements. Especially something that took into account how volatile a local development environment can be. i.e. I needed something that I could put in an container and bring up and down all day, without having to worry about losing access to the keys that my test data have been encrypted with.

Once I’d build the initial endpoints, I’ve added more of them over time and I now covers the major of common endpoints used, including:

  • Management of Customer Master Keys; including:
    • Enabling and disabling keys
    • Scheduling key deletion
    • Enabling/disabling automated key rotation
  • Management of key aliases
  • Encryption
    • Encryption Contexts
  • Decryption
  • Generating a data key, with or without plain text
  • Generating random data

Built in Go.