Encrypting & Decrypting with AWS KMS using AWS CLI
- Create IAM user & KMS service
- Create an Amazon Linux 2 EC2 instance & login to it
- Run AWS configure and configure with KeyManager user’s access key id and secret access key
- Make a note of encryption key
- Create a file for encrypting and decryption
echo "I Love WebMagic " > secret.txt
- Encrypting the content in the file
aws kms encrypt --key-id YOURKEYIDHERE --plaintext fileb://secret.txt --output text --query CiphertextBlob | base64 --decode > encryptedsecret.txt
- Decrypting the content in the file
aws kms decrypt --ciphertext-blob fileb://encryptedsecret.txt --output text --query Plaintext | base64 --decode > decryptedsecret.txt
- Re-encrypting the content in the file
aws kms re-encrypt --destination-key-id YOURKEYIDHERE --ciphertext-blob fileb://encryptedsecret.txt | base64 > newencryption.txt
- Setting key rotation
aws kms enable-key-rotation --key-id YOURKEYIDHERE
- Checking the key rotation status
aws kms get-key-rotation-status --key-id YOURKEYIDHERE
- Generating data key for
aws kms generate-data-key --key-id YOURKEYIDHERE --key-spec AES_256
Comments are closed, but trackbacks and pingbacks are open.