kms encrypt decrypt
#!/usr/bin/env bash | |
if [ -z ${KMS_KEY_ID} ]; then | |
echo "KMS_KEY_ID unset! Exiting"; | |
exit 1 | |
fi | |
aws kms encrypt --key-id $KMS_KEY_ID --plaintext "hello" --output text --query CiphertextBlob > output.kms.yml | |
encrypted=$(<output.kms.yml) | |
echo "Encrypted: $encrypted" | |
echo "Decrypted: $(aws kms decrypt --ciphertext-blob fileb://<(echo $encrypted | base64 -D) --query Plaintext --output text | base64 -D)" |
This comment has been minimized.
This comment has been minimized.
$ aws kms decrypt --ciphertext-blob fileb://<(echo $blob | base64 -D) --query Plaintext --output text | md5sum |
This comment has been minimized.
This comment has been minimized.
make sure aws uses us-east-1 region |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
blob=AQECAHiBTXMxAMpI9Q4CfAD79nib3Vbut33Rr3ikKtQRWAQQFgAAAHYwdAYJKoZIhvcNAQcGoGcwZQIBADBgBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDFLZAunRHyfzsY41VwIBEIAzHu7FfSLsFIPshfhTmGq3yrSlv/BDfofTyFbL/wXuwy+sM9nYjWZmJbFNCBWadebHH9eh
aws kms decrypt --ciphertext-blob fileb://<(echo $blob | base64 -D) --query Plaintext --output text