Last active
July 18, 2018 17:19
-
-
Save Resisty/9bc88cb72e0470f07388e46c5093676b to your computer and use it in GitHub Desktop.
KMS Helper
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
''' Helper script for working with AWS KMS | |
''' | |
import sys | |
import base64 | |
import argparse | |
import boto3 | |
def decrypt_args(args): | |
''' Check args for decrypt function and call it appropriately | |
''' | |
content = args.content | |
if args.file: | |
with open(args.file, 'rb') as data: | |
content = data.read().strip() | |
return decrypt(args.profile, content.decode('utf-8')) | |
def decrypt(prof, text): | |
''' Use prof to create a boto3 session and decrypt text | |
''' | |
sess = boto3.Session(profile_name=prof) | |
kcli = sess.client('kms') | |
cipherblob = base64.b64decode(text.encode('utf-8')) | |
try: | |
print(kcli.decrypt(CiphertextBlob=cipherblob)['Plaintext'].decode('utf-8')) | |
except UnicodeDecodeError: | |
# probably binary, just dump it | |
sys.stdout.buffer.write(bytes(kcli.decrypt(CiphertextBlob=cipherblob)['Plaintext'])) | |
def encrypt_args(args): | |
''' Check args for encrypt function and call it appropriately | |
''' | |
content = args.content | |
if args.file: | |
with open(args.file, 'rb') as data: | |
content = data.read() | |
return encrypt(args.profile, args.key, content) | |
def encrypt(prof, key, text): | |
''' Use prof to create a boto3 session and encrypt text with key | |
''' | |
sess = boto3.Session(profile_name=prof) | |
kcli = sess.client('kms') | |
res = kcli.encrypt(KeyId=key, Plaintext=text) | |
cipherblob = res['CiphertextBlob'] | |
print(base64.b64encode(cipherblob).decode('utf-8')) | |
if __name__ == '__main__': | |
PARSER = argparse.ArgumentParser() | |
SUBPARSERS = PARSER.add_subparsers(dest='subparser_name') | |
ENC_PARSER = SUBPARSERS.add_parser('encrypt') | |
ENC_PARSER.add_argument('profile', | |
help='Name of the profile to use for AWS creds') | |
ENC_PARSER.add_argument('key', | |
help='KMS key ID to use for encryption.') | |
ENC_GROUP = ENC_PARSER.add_mutually_exclusive_group(required=True) | |
ENC_GROUP.add_argument('--content', | |
help='String to encrypt.') | |
ENC_GROUP.add_argument('--file', | |
help='File to read and encrypt contents.') | |
ENC_PARSER.set_defaults(func=encrypt_args) | |
DEC_PARSER = SUBPARSERS.add_parser('decrypt') | |
DEC_PARSER.add_argument('profile', | |
help='Name of the profile to use for AWS creds') | |
DEC_GROUP = DEC_PARSER.add_mutually_exclusive_group(required=True) | |
DEC_GROUP.add_argument('--content', | |
help='String to decrypt.') | |
DEC_GROUP.add_argument('--file', | |
help='File to read and decrypt contents.') | |
DEC_PARSER.set_defaults(func=decrypt_args) | |
ARGS = PARSER.parse_args() | |
ARGS.func(ARGS) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Because I have a hard time remember AWS CLI stuff, especially when it needs base64 nonsense thrown in | |
(venvπ ) me@laptop ~/tools π π΄ π― python kms_helper.py -h | |
usage: kms_helper.py [-h] {encrypt,decrypt} ... | |
positional arguments: | |
{encrypt,decrypt} | |
optional arguments: | |
-h, --help show this help message and exit | |
(venvπ ) me@laptop ~/tools π π΄ π― | |
(venvπ ) me@laptop ~/tools π π΄ π― python3 kms_helper.py encrypt personal SOME-KEY-ID --content 'butts' | |
AQICAHjMg9iwniHllffti4r1lDLfdtt+PfnebDAbSp1sp1NS0wHUetKtZRNhIn6Ud0x6mQdYAAAAYzBhBgkqhkiG9w0BBwagVDBSAgEAME0GCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM9cGtdwx7SsEX06NCAgEQgCAUVKi/JbsDpfxX5keUTxAosBbf2CEoovboJEga2Ft+YA== | |
(venvπ ) me@laptop ~/tools π π΄ π― python3 kms_helper.py decrypt personal --content 'AQICAHjMg9iwniHllffti4r1lDLfdtt+PfnebDAbSp1sp1NS0wGZxrihvvgu5wXC7Qw4CYBdAAAAYzBhBgkqhkiG9w0BBwagVDBSAgEAME0GCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMNutWAYcnBw14aMRfAgEQgCDWXVgdmbaZpf62k/VbFVcMjm1J1Nh2g9Yyz0evRYsMJQ==' | |
butts | |
(venvπ ) me@laptop ~/tools π π΄ π― python3 kms_helper.py encrypt personal SOME-KEY-ID --file secret_license | tee license.encrypted | |
AQICAHjMg9iwniHllffti4r1lDLfdtt+PfnebDAbSp1sp1NS0wFKyO8fq54bq9HAYkAtuvW2AAAMsDCCDKwGCSqGSIb3DQEHBqCCDJ0wggyZAgEAMIIMkgYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAwPJzA0N4SgfbAobAACARCAggxjMYdPq5JwA4cPU72+efq15YihFHWT2bJICQNefDiXOiLhKXGV7LYw4CrYBeTA47rtiEm6l0HnBMPP599/qxWe6KD79MC1bZF4LJZL/q15Ln/h6bV5C6EeiJUsjUeH3dtylqlxiC/Pm50k3/cc7uFMGUywppMdrfDCBQDkvdla/0NskLZkuBwxpWrKXI3p6bCg1jnifFvf8pG/cHjVHYMoOyG2aG+hCQETSNXhZC274gu7rSAQ83uSynq7X4l+kJOh5aIQidUUoMInFgU1QPLU2U0u2icq+OoMDVvhB6aDAbVyHy2t9TA1K/AR62QZ312p73HHhEQ9op12w/JlsyDDCkG16jrprCmT7axSiexURxX8uyR7omLBbHphf62VkT67RZ142Z8a0gKFvDJhOjJqXXoJC5IMaQwK1cDnZXZmNTKNKpUu4Zspx3pfCV8/OjaWrlkO0Mcgtgdcn/2YXWZtGwLiI1D0HS46/+BNxoY2Sj393jsmhbwjtYmqCD0RfNB5tayAL60WwM3IT0a7yyBydKDO/ZvDyLYC8RlxyXJyb6euK9xfUa4fc3Fmf04qW/w2Ip7THP3/Dl0+Y9zpkq65iLbMCEWWNvEwHVL7tRR81Iwct66lS40DUu+Y5BlnVnfsGCTqXxqXlFTpLvyg3EIeX9era15yPn41mHV+6DKS6IDppiBH0alXMzjgzbQYadeZbyMhnIDH5Q4t05N5fdcZxb48hhk4SpW5/+Yscj8EB6/Gu7VQvO460MJhxkAxw7j1tAuwvB/MOXvYdP6NC//IEiCXxfZJgfZiQS4pYL63Y/SvJZ3F8xRrq+O9PVeSMN6gzW3/9xQ86O/UzPcK+S4WC6URN5ZuhJH05my0yEzGQMfPK4Ik0xhPJfhVJVPxRlAvNVVzBe5150ixOXGs8+pI+vp8Z6dUBCKyYiH0UqZ99pFG+Fnh+cAGjL9TdIQ1Op/NMro7cW0ZjUTFWA75L8ID5Yv5HB4XDKlqOKfoB8FyhDZaPAW34xeINrW1LHfKJORBmybg3FOuIuLvmpbuh5hQZGqQ7lH8tPR156YGrrr+Xc/jIqZUs3/XO3K1zkyrOSMhOzLthj4EHgGuVRufLgdQoFoqSf6prMFc3gvfmHI6s9PEz3+ZMdfmRhcI65Fpq/xeYf+UMQqPmvVlfkOeA3hhL4IewnmB1QzRs2ayFw2X+r0WzHwfQfPt/ba0n1TNfXyR97GC7r9ThM4ee0zFIn0qM/C7GxKE+pSHGFj8AS1tanYYPR1qil7hTInZgBxrKJDULURdoiXo1oh+VZKF+WQxdblyD91RutBgezluluCvgrANoxlYSMfwEapAAYfsweP5SyJeY63Gff1twZUhyAErnbJS2b+5jIO57rWMIvG+TVINuw/oRTgYB9d9TK15pGU9MxVjO5Lpp+9DVGfhErDs64fAMocWD0dwMQWv8lT2erSkbIWPb6ZRXtu1dB2JdSDECF0I3rv5ZeEN78R4UbeBdbe5H8KGRXdUGSKbbK0u74Gsw4vTxYCK+KpSaK+6L4m2ivM4Y8vd6fOd1V77bj1NXi6+F6vgzXP365ws2UeMg4/11K3s7s9GHyXz9NVnh6dre7ZNr/yGqMLpf/PqLW4Irlu4PHRxX6AFr70JTBBm1SGFUOWuRuD8Tg/Ng7sjB3xx0mU6UhgoNdrT8e5fcP/x+WFH1lq21MDHsLLZSDQvaHXcRDxAQ/tUZgjRlvJM4wNnVDJZgHV4z5e50Ac33ZkKPWkxolI+9fKcdHsaJp/oFoiuqykUVN0l4I3GIz+0oleRItYBGeI2p7pIo+iTBciHl7eb7Q6Bn/mN8JwApH/cjMuEHoaAcKT6vTIdw7z2LHfaJsXO2jLeB3FvMuaprDluoxFcOeYwCnoJpxRB8kKIg4ZnrC+XRqWlGFoQBERNqnzJDema0TVPIwhhqgbibdjX2+93FBMak4Pwexfd4u4P2Xf5k+MUvWxqF6/GuF9XXT1WlSGDr14P1ji6NISFZ1zlsB/LyHNiG420K4o1/kXfzIQULCD7tOJGRKtawLzGC/G41M8L5yGs+n45vm/6Mj4qjRz6rdZAAcjInz3ejjhdmIbasiQQLUHPRVD4J4IcPC5V+/6O3Wh/4Zu7ltZl0xY0c6IGsBR+JD36w9KePxYpEkMa01YzIVJ84S0Txc1gggm8JisS2Wm3dSmuYqHzBze3PZVeSRbeiIhkBZSBI+X2FQOu1dcV9s8VXA1kmcjMBASSiEAbGBTOEZS6XZcvbrrhIwEXTNwXudrl74ZONxDItV85lFuKk6VWkB4Au2EAhbfsbZROrxFkpYS/WinRwsuRV7CzA8+FtDtcOAm2cI8JdjGckfwPHaz2F50v90MKR9a2hPqTvVuOnsO0D6zbBygYNOpFvV8h4gWD6Hdc+orpGzJK6qAf3BB4q3Sh1JzKBTIRJFT+rmNe/ob8GwfCBDdwv9yzoRNuTPkF8QV41SntL5TlwN6RToIrGKyYVaCXeCL4Q3zTBCQZsZZFYdSHWpICSv88gze08Ep1uZMqu+Ju4/heRYE1vGLq6WOYzJL6/AUzuiJFmrm2PnQmMuovCZ3R67tByF1Knme98de4PeTj9sqELJ8Lg163Oo75o8zT+bjFsdVNmKLWPximulONay/nUggeVN4ROMTLd7PTbY6hiKKnGCI0BdxNd2VuuaswYN8GfjjxR3OTxeC3/V3Nze5qZZyhA4jxDMUHxHNMQyyYjcOKShXVSk+gF9MQnMIzSS9WGGJn6k1V82lY89xPrywrExuNJt+cIXuamVV1A6z+YwDzyVHhby8XuS9uFdrscqyBmU19RL7i66o777bi7v9XRsUtECYLVFVh/d25Dcacxyic+iRYWLsD5Jh+PdueH2w2hzis4P/dqzRCT4YlDsS6p3oCeHsm5hXMMme1eWNYpxoSqzBwqEY6/fQGxymM+cXOiUfr9vHbS++l9tHyCKfNAIWyIoTVQD87gucG0TKJriYkOzWSU5s6hdf4TKACZLVIwSRbkCsFz9iNjtv/zkMFVzzIk+a4PBWfYCS+M1VEG9D69DEeQTYtVfKIsDIt6zhvLIPxz/2C4HXMluSENzALzFd+UhqIPpICgQ3vmuSRz+fPoebIzayItoKhTNX4XykM7DtvjiM69fYxkfs+9KrplWmKsIspNi/9IZZujkVY9uoJyN7Lp828bqGN8c22FIHfxXlFQQMM20548YANnDoixp0iUnU77MG8vD+MAg/9mr/9i7TW2yRvkB4enz9Ql1RVBt0SoDNJlDqhrwK0BsMXWu0HzlL4CktrYlYQrw6Nsrhwz3rtaSj5n+FSZq0BkjWh24vNrGsLuYq45opyhix9F4f6h0JjmIPjwys/eh+4K5ZttrNJjcf7Lsa1X1p7pDvY/aeGQo7eLzfHcCpzbu2iTMBUy/H4LDc3TOLQP8Ygki9shHVDSC19POF/zwPNGBCvtuo4Tv7+0li9/mdEiC+R+6vg61gjQlBlW4FmQ+SkFjhw3gypUwFGV9qLcMZ6GRtSFVvMSSi2gpRpvm8kKzpQKKlpt3bHpqAImihH4GujMI60sXrRFRpE6Uei/fUWIEGNYCMLqzseCtiSK4iPyrW5BIsBl1d46QTRh4pEEOFXoHDTslXvv3KRTpBUJQwLdWkaPNwtxf/oGibBl0WPjpQ7JBIrGK4zgwTHKD9Cj3+r/9QKbLzC8PlA/EZMPQKqVgclA7BgyJPYjOSiUSjd6Cm4K3jxdI/ihqQgNnshPS3ziv+copFb6nGsptYmM81TNzq6Cus62E7uTdUfMjGq3ntb4os8evLoLayPAoD9bK3z/9qvSExD3fMeMqKr7lKZv8aRakhJ5n2PtSXGU05eiM4AeUq9WaiAMmyBIxPBHqj7CMPoFIsKFTYMIzsox05NJ/WMXXhbilDtIZ90pK3Cxnqw1vmyJuZn9NMqYcpfV9T5jF806wZfqjrNq4jqixLe3vl927VIUy20bLbnjWo49jMVC2f4uDKMVBLZ+SoWpOQabjyP/gRfzLqmvYMNZ6hAotg3TEcU21sPd5EbdsxqLQIyPki2KBcn+UOWeIW3S/svxe8hsLYeSDrtVJQgcmTP6ua/J2M/1pAqEsC4IuOeamRyIY5EOXhqZnz4ORFvJHglAUjYbv3LQ1VhSrRqUoT7gPW+V3xzh9mSsXMdva63JJF3Do+wrDhz+WF/5kN9j31k797a0K3hnLGUvc9mMiS+L5FKwJqB | |
(venvπ ) me@laptop ~/tools π π΄ π― python3 kms_helper.py decrypt personal --file license.encrypted > secret_license_decrypted | |
(venvπ ) me@laptop ~/tools π π΄ π― md5 secret_license secret_license_decrypted | |
MD5 (secret_license) = 475434508b2a6f30a5de51bce36085be | |
MD5 (secret_license_decrypted) = 475434508b2a6f30a5de51bce36085be |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment