Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
kms encrypt decrypt
#!/usr/bin/env bash
if [ -z ${KMS_KEY_ID} ]; then
echo "KMS_KEY_ID unset! Exiting";
exit 1
fi
aws kms encrypt --key-id $KMS_KEY_ID --plaintext "hello" --output text --query CiphertextBlob > output.kms.yml
encrypted=$(<output.kms.yml)
echo "Encrypted: $encrypted"
echo "Decrypted: $(aws kms decrypt --ciphertext-blob fileb://<(echo $encrypted | base64 -D) --query Plaintext --output text | base64 -D)"
@geraldstanje

This comment has been minimized.

Copy link
Owner Author

geraldstanje commented Jan 14, 2020

blob=AQECAHiBTXMxAMpI9Q4CfAD79nib3Vbut33Rr3ikKtQRWAQQFgAAAHYwdAYJKoZIhvcNAQcGoGcwZQIBADBgBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDFLZAunRHyfzsY41VwIBEIAzHu7FfSLsFIPshfhTmGq3yrSlv/BDfofTyFbL/wXuwy+sM9nYjWZmJbFNCBWadebHH9eh
aws kms decrypt --ciphertext-blob fileb://<(echo $blob | base64 -D) --query Plaintext --output text

@geraldstanje

This comment has been minimized.

Copy link
Owner Author

geraldstanje commented Jan 14, 2020

$ aws kms decrypt --ciphertext-blob fileb://<(echo $blob | base64 -D) --query Plaintext --output text | md5sum
58772456fdb775906dcdb1adbe9100e5 -

@geraldstanje

This comment has been minimized.

Copy link
Owner Author

geraldstanje commented Jan 14, 2020

make sure aws uses us-east-1 region

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.