gouf · January 3, 2017 08:52
diff --git a/aws_kms_client.rb b/aws_kms_client.rb
 require 'aws-sdk'

 # Please set your own key id
 # Ref: https://console.aws.amazon.com/iam/home?region=ap-northeast-1#/encryptionKeys/ap-northeast-1
 key_id = 'arn:aws:kms:ap-northeast-1:000000000000:key/00000000-0000-0000-0000-000000000000' # note: keep secret key_id, export to environment variable

 kms = Aws::KMS::Client.new(
  region: 'ap-northeast-1'
 )

 response = kms.encrypt(
  key_id: key_id,
  plaintext: 'my_sensitive_text_data'
 )

 p ciphertext_blob = response.dig(:ciphertext_blob).to_s
 # => "\x01\x01\x02\x00xS\xBB\xBE\xC5\x03G\xE9>fz{\xBEyW\x8E&\x01I\xFB\xBF\xBD\xB0Vfk(snip)...

 response2 = kms.decrypt(
  ciphertext_blob: ciphertext_blob
 )

 p response2.dig(:plaintext)
 # => 'my_sensitive_text_data'
	require 'aws-sdk'

	# Please set your own key id
	# Ref: https://console.aws.amazon.com/iam/home?region=ap-northeast-1#/encryptionKeys/ap-northeast-1
	key_id = 'arn:aws:kms:ap-northeast-1:000000000000:key/00000000-0000-0000-0000-000000000000' # note: keep secret key_id, export to environment variable

	kms = Aws::KMS::Client.new(
	region: 'ap-northeast-1'
	)

	response = kms.encrypt(
	key_id: key_id,
	plaintext: 'my_sensitive_text_data'
	)

	p ciphertext_blob = response.dig(:ciphertext_blob).to_s
	# => "\x01\x01\x02\x00xS\xBB\xBE\xC5\x03G\xE9>fz{\xBEyW\x8E&\x01I\xFB\xBF\xBD\xB0Vfk(snip)...

	response2 = kms.decrypt(
	ciphertext_blob: ciphertext_blob
	)

	p response2.dig(:plaintext)
	# => 'my_sensitive_text_data'