Using MKS API calls you can Encrypt and Decrypt data easily. Follow the below steps to see how you can achieve this using AWS KMS service.


  1. Create a user in IAM who will have access to encrypt or decrypt the data.
  2. Note the “Access Key Id” and “Secret Access Key” for this user.
  3. Create a KMS encryption key in your selected region and note the “Key Id”.
  4. Now login to any EC2 instance (this example uses linux based EC2) and run following command to configure-  > aws configure
  5. Provide the “Access Key Id”,  “Secret Access Key” and “region” details. Keep the format as default.
  6. Now create any text file with contents using command: echo “this is example text to encrypt and decrypt” > test.txt
  7. Now run the below command to encrypt the data for this test.txt file
  8. aws kms encrypt –key-id “paste ENCRYPTION KEY ID here” –plaintext fileb://test.txt –output text –query CiphertextBlob | base64 –decode > encryptedtest.txt
  9. Run below command to decrypt the data from the file encryptedtest.txt
  10. aws kms decrypt –ciphertext-blob fileb://encryptedtest.txt –output text –query Plaintext | base64 –decode > decryptedtest.txt
  11. Run the below command to Re-encrypt the data of the file encryptedtest.txt
  12. aws kms re-encrypt –destination-key-id “paste ENCRYPTION KEY ID here” –ciphertext-blob fileb://encryptedtest.txt | base64 > newencryption.txt