Skip to content

Instantly share code, notes, and snippets.

@ryu1kn ryu1kn/Makefile

Last active Jun 21, 2020
Embed
What would you like to do?
Encrypt/decrypt with AWS KMS using AWS cli
# How to encrypt/decrypt your text/blob secret with AWS KMS with AWS cli
KEY_ID=alias/my-key
SECRET_BLOB_PATH=fileb://my-secret-blob
SECRET_TEXT="my secret text"
ENCRYPTED_SECRET_AS_BLOB=encrypted_secret_blob
DECRYPTED_SECRET_AS_BLOB=decrypted_secret_blob # Result of decrypt-blob target
encrypt-text:
aws kms encrypt --key-id ${KEY_ID} --plaintext ${SECRET_TEXT} --query CiphertextBlob --output text \
| base64 --decode > ${ENCRYPTED_SECRET_AS_BLOB}
decrypt-text:
aws kms decrypt --ciphertext-blob fileb://${ENCRYPTED_SECRET_AS_BLOB} --query Plaintext --output text \
| base64 --decode
encrypt-blob:
aws kms encrypt --key-id ${KEY_ID} --plaintext ${SECRET_BLOB_PATH} --query CiphertextBlob --output text \
| base64 --decode > ${ENCRYPTED_SECRET_AS_BLOB}
decrypt-blob:
aws kms decrypt --ciphertext-blob fileb://${ENCRYPTED_SECRET_AS_BLOB} --query Plaintext --output text \
| base64 --decode > ${DECRYPTED_SECRET_AS_BLOB}
@pzaramella

This comment has been minimized.

Copy link

pzaramella commented Apr 30, 2020

Hi! Thanks for this gists! I have a question for you, what's in the file fileb://my-secret-blob? Is a Json structure with many secrets constants, or is only the value of one secret constant as the SECRET_TEXT?

Thanks a lots!

@ryu1kn

This comment has been minimized.

Copy link
Owner Author

ryu1kn commented Apr 30, 2020

Hi @pzaramella It's any non-text file that contains secret you want to encrypt; can be a PDF, zip, ...

If you want to encrypt a json, you can use encrypt-text target. It encrypts the entire file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.