Stack Overflow
Stack Overflow

Questions tagged [amazon-kms]

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

704 questions
0
votes
1 answer

How to decrypt data with botocore

I am trying to print the decrypted data with the encrypted data to verify that it is correct. session = botocore.session.get_session() client = session.create_client('kms',region_name = 'us-east-1',aws_access_key_id = '[YOUR ACCESS…
A. Pearson
  • 191
  • 6
  • 20
0
votes
3 answers

Multiple calls to botocore.stub.Stubber causes exception

I am using botocore.stub.Stubber to mock the kmsclient. The code I am using is with botocore.stub.Stubber(s3) as stubber: with botocore.stub.Stubber(kms) as stubber2: stubber.add_response('copy_object', response,…
Kailas J C
  • 139
  • 3
  • 8
0
votes
2 answers

How to use client side encryption with Python

I am attempting to use client side encryption to encrypt sensitive data before moving it to cloud storage on S3 and moving it over to redshift. I tried using the sample code provided by AWS, and after paling around with it I got it to run without…
A. Pearson
  • 191
  • 6
  • 20
0
votes
2 answers

EMR + Spark + KMS - save decrypted data

We are processing KMS client side encrypted data in EMR using spark. I am able to successfully process the encrypted data using the following configuration but even the aggregated data written to s3 is encrypted. Is there a way to write unencrypted…
TopCoder
  • 4,206
  • 19
  • 52
  • 64
0
votes
0 answers

Default encrypt S3 Bucket creation

s3:PutEncryptionConfiguration requires KMS permissions in the IAM policy. However, AWS IAM policy simulator does not show the same. The simulator shows an "allow" on the following S3 policy while there are no other policies with KMS permissions. Am…
lft93ryt
  • 948
  • 1
  • 16
  • 32
0
votes
1 answer

How do I utilize AWS Signature v4 when generating a presigned S3 URL?

I'm inheriting a codebase that makes use of the Java AWS SDK to generate presigned S3 URLs for both Putting and Getting Objects. The code looks something like this: GeneratePresignedUrlRequest request = new GeneratePresignedUrlRequest(bucket,…
soapergem
  • 9,263
  • 18
  • 96
  • 152
0
votes
1 answer

Can I use Vault like an Amazon KMS service?

I am looking for the system that allows to create and store symmetric master keys in a safe manner. One of such systems is Amazon KMS, where I can create master private key per user and use it to encrypt some data (e.g. user's private keys). But I…
Eduard Bondarenko
  • 363
  • 2
  • 14
0
votes
1 answer

How to get the Initialization Vector (IV) from the AWS Encryption CLI?

I'm encrypting a file using the AWS Encryption CLI using a command like so: aws-encryption-cli --encrypt --input test.mp4 --master-keys key=arn:aws:kms:us-west-2:123456789012:key/exmaple-key-id --output . --metadata-output - From the output of the…
Dasmowenator
  • 5,505
  • 5
  • 36
  • 50
0
votes
1 answer

How to unwrap an embedded S3 datakey in Node.js?

I have an object that I've successfully encrypted using an Amazon Web Services key (KMS), and then stored it in an S3 bucket. This all works fine from Java, including reading and decrypting, but Node.js does not know how to handle the embedded…
MattW
  • 783
  • 7
  • 11
0
votes
1 answer

Getting ARN of a user other than root in a cloudformation template for Key management System (AWS))

I am currently writing a Cloud formation Template(CFT) for KMS (Key Management Services) where I want to give Key Administrative permissions and key usage permissions to users other than root. I want this to be called dynamically through the CFT. As…
user4108565
0
votes
1 answer

AWS KSM Data Key Caching SDK for .NET

I'm trying to implement Data Key Caching for AWS on .NET. I've seen that Java has an implementation of LocalCryptoMaterialsCache which I cannot find for C#. The ideia is to use this so I can send less request to KMS when inserting or retrieving an…
Ricardo Mota
  • 1,194
  • 2
  • 12
  • 25
0
votes
0 answers

Validate AWS KMS value at start of code

I am validation KMS ARN value by String and pattern match in Regular Expression. Sample Input: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab Rules: Start with “arn:aws:kms:” string value. Followed by Region Name. c.…
Vivek Sable
  • 9,938
  • 3
  • 40
  • 56
0
votes
0 answers

Get aws kms key from ec2 instance

I"m trying to avoid hard coding AWS 'KMS key' in a python application running on AWS EC2 instance. The AWS EC2 instance is assigned with an IAM role where access to the particular KMS key is defined. The instance doesnt have access to list all the…
rose
  • 31
  • 5
0
votes
1 answer

Hiera-eyaml-Kms - decrypting issue when it used in puppet

I'm using Kms key in puppet to decrypt some secrets , im getting bellow error while decrypting the secrets Error: Evaluation Error: Error while evaluating a Function Call, missing region; use :region option or export region name to…
Andy
  • 33
  • 4
0
votes
1 answer

AWS SSM document with private information

I've been asked to come up with a solution to ensure that all of our Windows servers on AWS have local accounts created for the admin team using SSM. We need the ability to audit this and ensure that the passwords can be changed easily. I know, i…
Steve
  • 175
  • 1
  • 3
  • 13
1 2 3
46 47