-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error when trying to decrypt message #2
Comments
@petems, the recommended way to pass the credentials is using IAM Instance Roles into your EC2 machine. The credentials will be available system-wide. |
@adenot Do they have to be stored in the ENV? Anyone logging into the machine would be able to see them in the environment. They can't be read from Would you accept a PR to be able to set the API credentials in a config file? |
I believe if you set the environment using puppet it wouldn't be available system-wide, only for puppet run. Using |
@adenot Can you give an example or point to the docs on how to set an IAM role for the Puppet master which would have permissions to the key? |
This will allow encrypt and decrypt a specific key:
For more information: http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html |
How do I provide credentials to decrypt a message?
When I encrypt, I can provide them on the command line:
But this doesn't work (nor is practical) for agent runs.
The text was updated successfully, but these errors were encountered: