Using MKS API calls you can Encrypt and Decrypt data easily. Follow the below steps to see how you can achieve this using AWS KMS service.
- Create a user in IAM who will have access to encrypt or decrypt the data.
- Note the “Access Key Id” and “Secret Access Key” for this user.
- Create a KMS encryption key in your selected region and note the “Key Id”.
- Now login to any EC2 instance (this example uses linux based EC2) and run following command to configure- > aws configure
- Provide the “Access Key Id”, “Secret Access Key” and “region” details. Keep the format as default.
- Now create any text file with contents using command: echo “this is example text to encrypt and decrypt” > test.txt
- Now run the below command to encrypt the data for this test.txt file
- aws kms encrypt –key-id “paste ENCRYPTION KEY ID here” –plaintext fileb://test.txt –output text –query CiphertextBlob | base64 –decode > encryptedtest.txt
- Run below command to decrypt the data from the file encryptedtest.txt
- aws kms decrypt –ciphertext-blob fileb://encryptedtest.txt –output text –query Plaintext | base64 –decode > decryptedtest.txt
- Run the below command to Re-encrypt the data of the file encryptedtest.txt
- aws kms re-encrypt –destination-key-id “paste ENCRYPTION KEY ID here” –ciphertext-blob fileb://encryptedtest.txt | base64 > newencryption.txt