- This Project is to demonstrate the use of AWS KMS to encrypt and decrypt the secret. The secret is encrypted using the AWS KMS and decrypted using the same. The secret is stored in the encrypted_secret.txt file. The infrastructure is created using Terraform. The infrastructure is destroyed using Terraform.
- AWS CLI
- AWS Account
- Terraform
- jq
- AWS Configured with Access Key and Secret Key
-
Clone the repository to your local machine.
-
Change the user arn in the variables.tf file.
-
Run the following commands to create the infrastructure:
terraform init terraform apply
-
Once the infrastructure is created, you will get the encrypted secret in the output.
-
To Encrypt and Decrypt the secret, use the following commands:
1. aws kms encrypt --key-id "a783e385-1f85-4846-83a4-34f624c88b31" --plaintext "my_secret" --region us-east-1
2. aws kms encrypt --key-id "a783e385-1f85-4846-83a4-34f624c88b31" --plaintext "my_secret" --region us-east-1 | jq -r '.CiphertextBlob'
3. ENCRYPTED_SECRET=$(aws kms encrypt --key-id "a783e385-1f85-4846-83a4-34f624c88b31" --plaintext "my_secret" --region us-east-1 | jq -r '.CiphertextBlob')
4. echo $ENCRYPTED_SECRET > encrypted_secret.txt
1. aws kms decrypt --key-id "a783e385-1f85-4846-83a4-34f624c88b31" --ciphertext-blob ${ENCRYPTED_SECRET} --region us-east-1
2. aws kms decrypt --key-id alias/my_encryption_key --ciphertext-blob ${ENCRYPTED_SECRET} --region us-east-1
- Once Project is done, run the following command to destroy the infrastructure:
terraform destroyThe AWS KMS is used to encrypt and decrypt the secret. The secret is encrypted using the AWS KMS and decrypted using the same. The secret is stored in the encrypted_secret.txt file. The infrastructure is created using Terraform. The infrastructure is destroyed using Terraform.