Add URI support initializing an awskms.

kms/awskms/awskms.go

@@ -17,6 +17,9 @@ import (
 	"go.step.sm/crypto/pemutil"
 )
 
+// Scheme is the scheme used in uris.
+const Scheme = "awskms"
+
 // KMS implements a KMS using AWS Key Management Service.
 type KMS struct {
 	session *session.Session
@@ -69,7 +72,24 @@ var customerMasterKeySpecMapping = map[apiv1.SignatureAlgorithm]interface{}{
 // AWS sessions can also be configured with environment variables, see docs at
 // https://docs.aws.amazon.com/sdk-for-go/api/aws/session/ for all the options.
 func New(ctx context.Context, opts apiv1.Options) (*KMS, error) {
-	o := session.Options{}
+	var o session.Options
+
+	if opts.URI != "" {
+		u, err := uri.ParseWithScheme(Scheme, opts.URI)
+		if err != nil {
+			return nil, err
+		}
+		o.Profile = u.Get("profile")
+		if v := u.Get("region"); v != "" {
+			o.Config.Region = new(string)
+			*o.Config.Region = v
+		}
+		if f := u.Get("credentials-file"); f != "" {
+			o.SharedConfigFiles = []string{opts.CredentialsFile}
+		}
+	}
+
+	// Deprecated way to setting configuration parameters.
 	if opts.Region != "" {
 		o.Config.Region = &opts.Region
 	}

kms/awskms/awskms_test.go

@@ -60,7 +60,13 @@ func TestNew(t *testing.T) {
 			Profile:         "smallstep",
 			CredentialsFile: "~/aws/credentials",
 		}}, expected, false},
+		{"ok with uri", args{ctx, apiv1.Options{
+			URI: "awskms:region=us-east-1;profile=smallstep;credentials-file=/var/run/aws/credentials",
+		}}, expected, false},
 		{"fail", args{ctx, apiv1.Options{}}, nil, true},
+		{"fail uri", args{ctx, apiv1.Options{
+			URI: "pkcs11:region=us-east-1;profile=smallstep;credentials-file=/var/run/aws/credentials",
+		}}, nil, true},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {