kms encrypt decrypt
| #!/usr/bin/env bash | |
| if [ -z ${KMS_KEY_ID} ]; then | |
| echo "KMS_KEY_ID unset! Exiting"; | |
| exit 1 | |
| fi | |
| aws kms encrypt --key-id $KMS_KEY_ID --plaintext "hello" --output text --query CiphertextBlob > output.kms.yml | |
| encrypted=$(<output.kms.yml) | |
| echo "Encrypted: $encrypted" | |
| echo "Decrypted: $(aws kms decrypt --ciphertext-blob fileb://<(echo $encrypted | base64 -D) --query Plaintext --output text | base64 -D)" |
This comment has been minimized.
This comment has been minimized.
|
$ aws kms decrypt --ciphertext-blob fileb://<(echo $blob | base64 -D) --query Plaintext --output text | md5sum |
This comment has been minimized.
This comment has been minimized.
|
make sure aws uses us-east-1 region |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
blob=AQECAHiBTXMxAMpI9Q4CfAD79nib3Vbut33Rr3ikKtQRWAQQFgAAAHYwdAYJKoZIhvcNAQcGoGcwZQIBADBgBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDFLZAunRHyfzsY41VwIBEIAzHu7FfSLsFIPshfhTmGq3yrSlv/BDfofTyFbL/wXuwy+sM9nYjWZmJbFNCBWadebHH9eh
aws kms decrypt --ciphertext-blob fileb://<(echo $blob | base64 -D) --query Plaintext --output text