Encrypt/decrypt with AWS KMS using AWS cli
# How to encrypt/decrypt your text/blob secret with AWS KMS with AWS cli | |
KEY_ID=alias/my-key | |
SECRET_BLOB_PATH=fileb://my-secret-blob | |
SECRET_TEXT="my secret text" | |
ENCRYPTED_SECRET_AS_BLOB=encrypted_secret_blob | |
DECRYPTED_SECRET_AS_BLOB=decrypted_secret_blob # Result of decrypt-blob target | |
encrypt-text: | |
aws kms encrypt --key-id ${KEY_ID} --plaintext ${SECRET_TEXT} --query CiphertextBlob --output text \ | |
| base64 --decode > ${ENCRYPTED_SECRET_AS_BLOB} | |
decrypt-text: | |
aws kms decrypt --ciphertext-blob fileb://${ENCRYPTED_SECRET_AS_BLOB} --query Plaintext --output text \ | |
| base64 --decode | |
encrypt-blob: | |
aws kms encrypt --key-id ${KEY_ID} --plaintext ${SECRET_BLOB_PATH} --query CiphertextBlob --output text \ | |
| base64 --decode > ${ENCRYPTED_SECRET_AS_BLOB} | |
decrypt-blob: | |
aws kms decrypt --ciphertext-blob fileb://${ENCRYPTED_SECRET_AS_BLOB} --query Plaintext --output text \ | |
| base64 --decode > ${DECRYPTED_SECRET_AS_BLOB} |
This comment has been minimized.
This comment has been minimized.
Hi @pzaramella It's any non-text file that contains secret you want to encrypt; can be a PDF, zip, ... If you want to encrypt a json, you can use |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
Hi! Thanks for this gists! I have a question for you, what's in the file fileb://my-secret-blob? Is a Json structure with many secrets constants, or is only the value of one secret constant as the SECRET_TEXT?
Thanks a lots!