Skip to content

Instantly share code, notes, and snippets.

@ryu1kn

ryu1kn/Makefile

Last active Mar 10, 2021
Embed
What would you like to do?
Encrypt/decrypt with AWS KMS using AWS cli
# How to encrypt/decrypt your text/blob secret with AWS KMS with AWS cli
KEY_ID=alias/my-key
SECRET_BLOB_PATH=fileb://my-secret-blob
SECRET_TEXT="my secret text"
ENCRYPTED_SECRET_AS_BLOB=encrypted_secret_blob
DECRYPTED_SECRET_AS_BLOB=decrypted_secret_blob # Result of decrypt-blob target
encrypt-text:
aws kms encrypt --key-id ${KEY_ID} --plaintext ${SECRET_TEXT} --query CiphertextBlob --output text \
| base64 --decode > ${ENCRYPTED_SECRET_AS_BLOB}
decrypt-text:
aws kms decrypt --ciphertext-blob fileb://${ENCRYPTED_SECRET_AS_BLOB} --query Plaintext --output text \
| base64 --decode
encrypt-blob:
aws kms encrypt --key-id ${KEY_ID} --plaintext ${SECRET_BLOB_PATH} --query CiphertextBlob --output text \
| base64 --decode > ${ENCRYPTED_SECRET_AS_BLOB}
decrypt-blob:
aws kms decrypt --ciphertext-blob fileb://${ENCRYPTED_SECRET_AS_BLOB} --query Plaintext --output text \
| base64 --decode > ${DECRYPTED_SECRET_AS_BLOB}
@pzaramella

This comment has been minimized.

Copy link

@pzaramella pzaramella commented Apr 30, 2020

Hi! Thanks for this gists! I have a question for you, what's in the file fileb://my-secret-blob? Is a Json structure with many secrets constants, or is only the value of one secret constant as the SECRET_TEXT?

Thanks a lots!

@ryu1kn

This comment has been minimized.

Copy link
Owner Author

@ryu1kn ryu1kn commented Apr 30, 2020

Hi @pzaramella It's any non-text file that contains secret you want to encrypt; can be a PDF, zip, ...

If you want to encrypt a json, you can use encrypt-text target. It encrypts the entire file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment