donhenton/aws kms decrypt-encrypt.md

Last active July 29, 2019 15:37

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/donhenton/fa624c7a865185dbad40440c192a5afa.js"></script>
Save donhenton/fa624c7a865185dbad40440c192a5afa to your computer and use it in GitHub Desktop.

Download ZIP

Decrypt/Encrypt Using AWS and CLI

Raw

aws kms decrypt-encrypt.md

Encryption

aws kms encrypt --key-id <kms-id> \
--profile default \
--plaintext fileb://input_file.txt \
--query CiphertextBlob \
--output text \
	| base64 --decode > output.enc

Decryption

aws kms decrypt --ciphertext-blob fileb://output.enc  \
--output text  --query Plaintext  --region us-east-2 | base64 -D > decrypted.txt

Setup

set up aws client via aws configure
user for that set up doesn't need any IAM rights, but must be assigned as a key user