Created
March 6, 2018 16:56
-
-
Save wyllie/82f029acf308c3ec1dd1138ccb10716e to your computer and use it in GitHub Desktop.
AWS KMS encrypt/decrypt from CLI
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get the key-id from KMS | |
| % aws kms list-keys | |
| # To encrypt some text: | |
| % aws kms encrypt --key-id <KeyId> --plaintext <text to encrypt> | |
| # To decrypt it: | |
| % aws kms decrypt --ciphertext-blob fileb://<(echo <blob from encrypt step> | base64 -D) --output text --query Plaintext | base64 -D | |
| ###Example: | |
| # Get the key to use | |
| % aws kms list-keys | |
| { | |
| "Keys": [ | |
| { | |
| "KeyArn": "arn:aws:kms:us-east-5:12345:key/1111aa11-1881-8118-1881-118811228811", | |
| "KeyId": "1111aa11-1881-8118-1881-118811228811" | |
| }, | |
| { | |
| "KeyArn": "arn:aws:kms:us-east-5:12345:key/1111aa11-1881-8118-1881-118811228812", | |
| "KeyId": "1111aa11-1881-8118-1881-118811228812" | |
| } | |
| ] | |
| } | |
| # Encrypt | |
| % aws kms encrypt --key-id 1111aa11-1881-8118-1881-118811228811 --plaintext this_is_my_secret | |
| { | |
| "KeyId": "arn:aws:kms:us-east-5:12345:key/1111aa11-1881-8118-1881-118811228812", | |
| "CiphertextBlob": "AQECA_very_long_stringZQ==" | |
| } | |
| # Decrypt | |
| % aws kms decrypt --ciphertext-blob fileb://<(echo AQECA_very_long_stringZQ== | base64 -D) --output text --query Plaintext | base64 -D | |
| this_is_my_secret |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment