Stack Overflow
Stack Overflow

Questions tagged [amazon-kms]

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

704 questions
0
votes
0 answers

AWS KMS, Parameter store and cli credentials

I've recently been looking into AWS KMS for storing database passwords and the like. However I've also seen that secure strings in Parameter store can be used for this. In both instances I believe I would need to use the AWS CLI to access these…
TommyBs
  • 9,354
  • 4
  • 34
  • 65
0
votes
1 answer

Obtaining Data Keys using some KMS region master keys and then adding two more regions to get the same Data Key encrypted

I am generating a data encryption key implicitly as follows (key IDs used are just representational): from aws_encryption_sdk import encrypt # Key provider with only 2 region master keys to begin with kms_key_provider =…
RajSoundar
  • 341
  • 1
  • 2
  • 8
0
votes
1 answer

Redshift Unload With KMS Encryption and Credentials?

Is it possible to write an unload command using the credentials argument and the KMS_KEY_ID argument? I get the following error after running the code below: unload ('select top 10 * from testtable') to 's3://mybucket/test.txt' KMS_KEY_ID…
econgineer
  • 1,117
  • 10
  • 20
0
votes
1 answer

Using AWS KMS and/or credstash with non AWS server

Is it possible to use AWS KMS and a tool like credstash without the use of EC2 or equivalent or does it rely solely on IAM roles? I've got a server elsewhere where I am testing some things out and ultimately I will be looking at migrating an app to…
TommyBs
  • 9,354
  • 4
  • 34
  • 65
0
votes
1 answer

Packer kms for block_device_mappings

Is it possible to use the custom encryption key for ebs data volumes using packer? kms_key_id will only use for the encryption of the boot volume. how can we encrypt block device mappings? (data EBS volumes)
Buvin Perera
  • 481
  • 1
  • 6
  • 18
0
votes
1 answer

AWS Encryption SDK Header Mismatch between Regions

I'm using the Amazon Encryption SDK to encrypt data before storing it in a database. I'm also using Amazon KMS. As part of the encryption process, the SDK stores the Key Provider ID of the data key used to encrypt in the generated cipher-text…
stan
  • 4,885
  • 5
  • 49
  • 72
0
votes
1 answer

generateDataKey error Signature expired on AWS KMS?

I am working with my client so I cloned git repo and built application which use AWS KMS to generate data key. All is works well on live server but when I got failed on my local environment. Here is code snippet and result of error. const AWS =…
Eric Chan
  • 1,192
  • 4
  • 16
  • 30
0
votes
1 answer

AWS CLI, kms Uknown output type: q

When attempting to call aws kms get-parameters-for-import --key-id .... --wrapping-algorithm RSAES_OAEP_SHA_1 --wrapping-key-spec RSA_2048 I receive an error Unknown output type: q. I'm following the instructions in…
gdevito
  • 5
  • 2
0
votes
1 answer

reading KMS SES encrypted emails with with boto3

I'm trying to replicate the code found in the below link to python/boto3: https://github.com/gilt/node-s3-encryption-client/issues/3 however, Im stuck at getting the plain text from KMS with below code : metadata = s3.head_object(Bucket='my bucket',…
Danny
  • 151
  • 2
  • 12
0
votes
1 answer

Kms Encryption for secret password

I try to encode and decode plaintext using aws kms encrypt and decrypt.But it showing a following error: aws [options] [ ...] [parameters] To see help text, you can run: aws help aws help aws
jake
  • 333
  • 1
  • 4
  • 12
0
votes
1 answer

Extract a KMS-encrypted ZIP file from AWS S3

I want to use a Lambda function to retrieve a specific ZIP file from AWS S3, decrypt it and extract it. Here is the code I have: const AWS = require('aws-sdk'); const zlib = require('zlib'); const fs = require('fs'); const stream =…
Victor
  • 13,914
  • 19
  • 78
  • 147
0
votes
2 answers

Can you use AES encryption on client and KMS encryption on server because KMS uses AES?

I need to encrypt some text strings using keys on client side and then decrypt this encrypted string on server side using the same key used for encryption on client side. So the way I understand this, AWS KMS is built on top of AES. So can I use…
Andy
  • 2,493
  • 6
  • 37
  • 63
0
votes
1 answer

Decrypting data key in Java AWS SDK yields gibberish

So I've been reading and reading and looking at examples and...failing miserably. Here's my situation: I have a CMK in KMS and I've generated a data key, like so: $ aws kms generate-data-key --key-id 64a62e3e-7e38-4f86-8ef2-3d00929e6260 --key-spec…
RobA
  • 368
  • 2
  • 10
0
votes
2 answers

how to get encrypted file (KMS Server side) from AWS using java

This code below works when the file is not encrypted (plain text) server side. I'm trying to download another file from the same bucket, but this file is encrypted via KMS. I've tried SSECustomerKey and added .withSSECustomerKey(myKey), but no…
Baked Inhalf
  • 3,375
  • 1
  • 31
  • 45
0
votes
1 answer

get constraint issue when I try to use / and sub function together

I am trying to form a text with /. here is my cloudformation code: Resources: KeyAlias: Type: AWS::KMS::Alias DependsOn: KMSKey Properties: AliasName: alias/!Sub ${project}-${EnvironmentApp} TargetKeyId: Ref:…
Hamed Minaee
  • 2,480
  • 4
  • 35
  • 63
1 2 3
46 47