When I am trying to execute the command:
aws kms decrypt --ciphertext-blob fileb://CPOEncrypted.txt --output text --query Plaintext
I am getting the below error and I am suspecting that ciphertext issue.
A client error (InvalidCiphertextException) occurred when calling the Decrypt operation:
1. Make sure your aws is configured on pc, AWS Access Key ID and AWS Secret Access Key are set. To configure it - run in console:
$ aws configure
(http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html).
2. make sure the file is correct. I had the same issue because some part of BASE64 was missed during copy-paste - so BASE64 code was incorrect. Now it works fine.I use this command for file creation where code is client_secret encoded in Base64 format (letters and numbers of code were randomly changed in example of course):
$echo ZPATMQE/c3o06DQL0FnZn1Q04Ojh8JbKh87gNohFJFvJ8L456JGFFDhtscGHDjOhbnwKDJnUnK5lkjOJHFDkGuyhgouyfk2YFhgfgffftftDTDBtdbItydbtDbtd65Hf654521JHJHFJGSJFAlc3Qhgb4/s3daa435KHGJGjhgf+as54asd54DKUGdasd54asd5DFf+a54faas65454asUHgTm+a | base64 -di > encrypted-file
3. Then I use this command in console to get the final result:
$ echo $(aws kms decrypt --ciphertext-blob fileb://encrypted-file --query Plaintext --output text | base64 -di)
A slight variation if you want to use the blob as a string and not inside a .txt
aws kms decrypt --ciphertext-blob fileb://<(echo "put the giant blob text in here” | base64 -D) --output text --query Plaintext --region us-east-1 | base64 -D
This will decrypt the text and print as output.
You can run this command on a Windows machine
aws kms decrypt --ciphertext-blob <ENCRYPTED VALUE FROM SECRET MANAGER> --output text --query Plaintext
But you can not run in ubuntu. If you run in Ubuntu then mentioned error will occur. "A client error (InvalidCiphertextException) occurred when calling the Decrypt operation:"
