Stack Overflow
Stack Overflow

Questions tagged [amazon-kms]

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

704 questions
4
votes
3 answers

How to derive a sign-in key for AWS Signature Version 4 (in ColdFusion)?

I am trying to use ColdFusion to access Amazon Web Services (AWS) using their current authentication method known as Signature Version 4. I have consulted their documentation which has code examples for several programming languages, as well as…
vrtjason
  • 43
  • 3
4
votes
1 answer

How can I read from the memory stream of the "Plaintext" property returned by New-KMSDataKey?

I am using an AWS Powershell cmdlet New-KMSDataKey that creates a System.IO.MemoryStream that contains an encryption key that I need to use to encrypt some files. This is the documentation for the…
Chris
  • 41
  • 1
  • 2
3
votes
1 answer

How to decrypt data using AWS-KMS and fix the error "unencryptedDataKey has not been set"?

I am using AWS KMS, following their official Tutorial, to encrypt data using a Master Key, which I have setup accordingly in AWS Management Console. Encryption seems to work fine. But when I want to decrypt the encrypted cypher-text, I get the…
MrsBookik
  • 825
  • 1
  • 7
  • 6
3
votes
0 answers

Encrypting a Postgres column at the application level using AWS KMS

Problem I need to store encrypted data in a Postgres column. I know of pgcrypto, however I haven't used it before and don't have a lot of time to research and understand it (which I'd like to, given the data I will be storing in the…
Chris
  • 7,996
  • 11
  • 66
  • 98
3
votes
0 answers

Is it possible to encrypt a message outside of AWS KMS using a "key material" and decrypt using KMS?

I have created a custom managed symmetric key (for encryption / decryption purposes) in AWS KMS and imported my own key material from an external source. For symmetric keys, AWS KMS uses the AES-256-GCM algorithm spec. What I am trying to understand…
marley89
  • 411
  • 4
  • 8
3
votes
0 answers

AWS KMS Support for PGP encryption

I have a batch process that require PGP encryption for files before writing them to "Archive" location. I read a little about PGP encryption using Java and learned that Bounsycastle does provide that capability. However it does require a…
Kul
  • 67
  • 4
3
votes
1 answer

AWS-CDK: Cross account Resource Access and Resource reference

I have a secret key-value pair in Secrets Manager in Account-1 in us-east-1. This secret is encrypted using a Customer managed KMS key - let's call it KMS-Account-1. All this has been created via console. Now we turn to CDK. We have…
KnowSQL
  • 85
  • 1
  • 6
3
votes
0 answers

SQS Encryption - Why does SNS need to use KMS CMK but Lambda don't for associated SQS?

I'm turning on SSE for two SQS queues. The first queue is subscribed to an SNS and has a lambda trigger. The second queue doesn't have SNS subscription and only has a lambda trigger. It seems I can use the default AWS managed key aws/sqs for the 2nd…
StarCub
  • 4,141
  • 7
  • 41
  • 58
3
votes
2 answers

AWS IAM and KMS policy 'muddlement'

I'm hoping some AWS policy expert may be able to help me decode what's going on here. I've been playing with IAM and resource policies in AWS. According to AWS's own documentation, unless there are any explicit denies in all of the policies, the…
pete
  • 33
  • 4
3
votes
1 answer

Encrypt with a AWS KMS Public Key without using an AWS SDK or CLI tool

I have generated a Public-Private pair through the KMS CMK SDK and I retrieved the public key. I am looking for a way to encrypt data with this public key without using the KMS SDK or anything related to amazon. Then I would proceed with decryption…
Bouramas
  • 1,077
  • 1
  • 17
  • 36
3
votes
1 answer

How to access AWS S3 with KMS from org.apache.hadoop.fs.s3a.S3AFileSystem API

I have EC2 configured with fs.s3a.aws.credentials.provider com.amazonaws.auth.InstanceProfileCredentialsProvider fs.s3a.server-side-encryption-algorithm
LMK IND
  • 472
  • 1
  • 5
  • 19
3
votes
0 answers

getting InvalidCiphertextException: null on using aws decrypt

const decryptComment = async (comment) => { console.log(comment); const data = decrypt(comment).then(function (result) { const buf2 = Buffer.from(result, 'base64').toString('ascii'); …
habiba
  • 321
  • 3
  • 12
3
votes
1 answer

How to get aws kms encrypt response as base64 string in sdk v3. Getting Uint8Array as response

I am using @aws-sdk/client-kms to encrypt the data. I was getting the base64 string as a response. Now I am getting Uint8Array. const encryptedBlob = await kms.encrypt({ KeyId: kmsKey, Plaintext: Buffer.from(JSON.stringify('data to…
Arpit Yadav
  • 516
  • 8
  • 21
3
votes
1 answer

Accessing an KMS encrypted Bucket with an Alias

Suppose I have a bucket that is encrypted with a KMS key, the KMS key policy is like so { "Effect" : "Allow", "Principal" : { "AWS" : "arn:aws:iam:::my_role_here" }, "Action" : [ "kms:Encrypt", …
Minh
  • 2,180
  • 5
  • 23
  • 50
3
votes
1 answer

AWS KMS - why do I need the "kms:Decrypt" permission when I try to encrypt data?

I noticed that in both of the following scenarios: S3 - PutObject to an encrypted bucket. SQS - SendMessage to an encrypted queue. I need to have the kms:Decrypt permission (in addition to the kms:GenerateDataKey permission), otherwise it throws…
Ori Wasserman
  • 962
  • 1
  • 10
  • 24
1 2 3
46 47