scalp42 · May 22, 2017 03:48
diff --git a/kms_example.sh b/kms_example.sh
 $ aws kms encrypt --key-id arn:aws:kms:us-east-1:<my_account>:key/<my_key> --plaintext $(cat ~/.chef/prod-secret) --query CiphertextBlob --output text | base64 -D > secret
 $ aws kms decrypt --ciphertext-blob fileb://secret  --output text --query Plaintext | base64 -D > decoded
 $ if [[ "$(cat decoded)" == "$(cat ~/.chef/prod-secret)" ]]; then echo "got back original chef secret"; fi
 got back original chef secret
	$ aws kms encrypt --key-id arn:aws:kms:us-east-1:<my_account>:key/<my_key> --plaintext $(cat ~/.chef/prod-secret) --query CiphertextBlob --output text \| base64 -D > secret
	$ aws kms decrypt --ciphertext-blob fileb://secret --output text --query Plaintext \| base64 -D > decoded
	$ if [[ "$(cat decoded)" == "$(cat ~/.chef/prod-secret)" ]]; then echo "got back original chef secret"; fi
	got back original chef secret