I hereby claim:
- I am bmalavan on github.
- I am bmalavan (https://keybase.io/bmalavan) on keybase.
- I have a public key ASDdOcZJNw6Ss1x-sEjNyyNEPfWVhaLCxhAgHM6JOTVhygo
To claim this, I am signing this object:
bmalavan
bmalavan
/ keybase.md
Created
April 5, 2021 17:44
bmalavan
/ gist:e681945f98c9e5923c5c5e7765fd1a95
Created
August 23, 2018 09:51
— forked from fuzzyami/gist:f3a7231037166117a6fef9607960aee7
golang encyrpt, decrypt key with kms
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| The code below shows how to encrypt and then decrypt some plaintext into a cyphertext using | |
| KMS's Encrypt/Decrypt functions and secretbox (https://godoc.org/golang.org/x/crypto/nacl/secretbox). | |
| The plaintext message is sealed into a secretbox using a key that is generated by kmsClient.GenerateDataKey(). | |
| Note that this procedure reuquires that a master key would *already exist in KMS* and that its arn/alias is specified. | |
| The aws library assumes that the proper credentials can be found in the shared file (~/.aws/credentials) | |
| and opts for the 'default' role. | |
| Once sealed, the cyphertext is then unboxed, again by first getting the key from kms (kmsClient.Decrypt), |