elblivion/kms_example.sh

## kms_example.sh
$ aws kms encrypt --key-id arn:aws:kms:us-east-1:<my_account>:key/<my_key> --plaintext $(cat ~/.chef/prod-secret) --query CiphertextBlob --output text | base64 -D > secret
$ aws kms decrypt --ciphertext-blob fileb://secret  --output text --query Plaintext | base64 -D > decoded
$ if [[ "$(cat decoded)" == "$(cat ~/.chef/prod-secret)" ]]; then echo "got back original chef secret"; fi
got back original chef secret
	$ aws kms encrypt --key-id arn:aws:kms:us-east-1:<my_account>:key/<my_key> --plaintext $(cat ~/.chef/prod-secret) --query CiphertextBlob --output text \| base64 -D > secret
	$ aws kms decrypt --ciphertext-blob fileb://secret --output text --query Plaintext \| base64 -D > decoded
	$ if [[ "$(cat decoded)" == "$(cat ~/.chef/prod-secret)" ]]; then echo "got back original chef secret"; fi
	got back original chef secret