Calcifer777 · October 25, 2020 17:07
diff --git a/Makefile b/Makefile
 secret="My database password"
 # echo $secret > password.txt

 get-data-key:
  aws kms generate-data-key \
    --key-id $key_id \
    --key-spec AES_256 \  # or --number-of-bytes 64 \
    --region $region |
    > aws-data-key.json

 # Sample output
 # {
 #   "KeyId": "arn:aws:kms:us-east-1:123456789:key/bbee76a1-bd25-4d57-81d8-38ff2b26468a",
 #   "Plaintext":"7DmPVPgzJ8exc9+AekcEmVL7jdv0RWMxPgA4JlrpE4k=",
 #   "CiphertextBlob":
 #   "ADIDAHiiF6PCTM1Hou+61r+M/pyUfwSizO02mH9+pIa0gaFRWwFF+FoN25Pm+tdPZiB0paGRAAAAfjB8BgkqhkiG9w0BBwabbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMIB9YpWJsDdZjP4BVAgEQgDvigjj2IaJoDmXJPS2AWG6OHqMwI8H5ybsS6l0Rt26fVUskQTxxWvCzkLSqssqi3bDnEysfaxN/ryXO7w=="
 # }

 decode-plain-text:
  echo "$(jq -r '.PlainText' aws-data-key.json)" | base64 --decode > datakey

 decode-CiphertextBlob:
  echo "$(jq -r '.CiphertextBlob' aws-data-key.json)" | base64 --decode > encrypted-datakey

 decode-data-key: decode-plain-text decode-CiphertextBlob

 encrypt-secret:
  openssl enc \
    -in ./password.txt \
    -out ./passwords-encrypted.txt \
    -e -aes256 
    -k fileb://./datakey
  rm datakey

 encode-datakey:
  aws kms decrypt \
    --ciphertext-blob fileb://./encrypted-datakey  \
    --region $region

 decrypt-CiphertextBlob:
  aws kms decrypt \
    --ciphertext-blob fileb://./encrypted-datakey  
    --region $region

 decrypt-secret:
  openssl enc \
    -in ./passwords-encrypted.txt \
    -out ./passwords-decrypted.txt \
    -d -aes256 \
    -k fileb://./datakey
	secret="My database password"
	# echo $secret > password.txt

	get-data-key:
	aws kms generate-data-key \
	--key-id $key_id \
	--key-spec AES_256 \ # or --number-of-bytes 64 \
	--region $region \|
	> aws-data-key.json

	# Sample output
	# {
	# "KeyId": "arn:aws:kms:us-east-1:123456789:key/bbee76a1-bd25-4d57-81d8-38ff2b26468a",
	# "Plaintext":"7DmPVPgzJ8exc9+AekcEmVL7jdv0RWMxPgA4JlrpE4k=",
	# "CiphertextBlob":
	# "ADIDAHiiF6PCTM1Hou+61r+M/pyUfwSizO02mH9+pIa0gaFRWwFF+FoN25Pm+tdPZiB0paGRAAAAfjB8BgkqhkiG9w0BBwabbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMIB9YpWJsDdZjP4BVAgEQgDvigjj2IaJoDmXJPS2AWG6OHqMwI8H5ybsS6l0Rt26fVUskQTxxWvCzkLSqssqi3bDnEysfaxN/ryXO7w=="
	# }

	decode-plain-text:
	echo "$(jq -r '.PlainText' aws-data-key.json)" \| base64 --decode > datakey

	decode-CiphertextBlob:
	echo "$(jq -r '.CiphertextBlob' aws-data-key.json)" \| base64 --decode > encrypted-datakey

	decode-data-key: decode-plain-text decode-CiphertextBlob

	encrypt-secret:
	openssl enc \
	-in ./password.txt \
	-out ./passwords-encrypted.txt \
	-e -aes256
	-k fileb://./datakey
	rm datakey

	encode-datakey:
	aws kms decrypt \
	--ciphertext-blob fileb://./encrypted-datakey \
	--region $region

	decrypt-CiphertextBlob:
	aws kms decrypt \
	--ciphertext-blob fileb://./encrypted-datakey
	--region $region

	decrypt-secret:
	openssl enc \
	-in ./passwords-encrypted.txt \
	-out ./passwords-decrypted.txt \
	-d -aes256 \
	-k fileb://./datakey