Skip to content

Instantly share code, notes, and snippets.

@smd877

smd877/KmsTest3.py

Created July 5, 2021 06:01
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save smd877/36aee3c9c06a5ae2bd11a89f5a3a65d8 to your computer and use it in GitHub Desktop.
Save smd877/36aee3c9c06a5ae2bd11a89f5a3a65d8 to your computer and use it in GitHub Desktop.
Download ZIP
AWS KMSの暗号化/復号化をローカル環境で行うサンプル
Raw
KmsTest3.py
import boto3
from base64 import b64encode, b64decode
AWS_KEY = 'ここにアクセスキーID'
AWS_SECRET = 'ここにシークレットアクセスキー'
AWS_LAMBDA_FUNCTION_NAME = 'ここにlambda関数名'
KMS_KEY_ID = 'arn:aws:kms:ap-northeast-1:XXXXXXXXXXXX:key/XXXX'
INPUT_VAL = 'hoge'
kms = boto3.client(
'kms',
region_name = 'ap-northeast-1',
aws_access_key_id = AWS_KEY,
aws_secret_access_key = AWS_SECRET,
)
ENCRYPTED = kms.encrypt(
KeyId = KMS_KEY_ID,
Plaintext = INPUT_VAL,
EncryptionContext = {'LambdaFunctionName' : AWS_LAMBDA_FUNCTION_NAME}
)['CiphertextBlob']
ENCRYPTED = b64encode(ENCRYPTED).decode('utf-8')
print('ENCRYPTED : {}'.format(ENCRYPTED))
DECRYPTED = kms.decrypt(
CiphertextBlob=b64decode(ENCRYPTED),
EncryptionContext={'LambdaFunctionName': AWS_LAMBDA_FUNCTION_NAME}
)['Plaintext'].decode('utf-8')
print('DECRYPTED : {}'.format(DECRYPTED))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment