decrs

This is a simple secrets decryption tool written in Rust and uses AWS KMS to decrypt secrets. This can be added to container images to decrypt secrets in the entrypoint / startup script and pass the decrypted values to a child process. It will use the default credential lookup chain that the AWS CLI and SDKs use.

Installation

Decrs is a single static binary installed onto a Docker Image: public.ecr.aws/cythral/decrs

It can be installed into other images like so:

COPY --from=public.ecr.aws/cythral/decrs /decrs /usr/local/bin/decrs

This assumes that /usr/local/bin is in your $PATH.

Usage

export PLAINTEXT=$(decrs <base64 ciphertext from KMS>)

Name		Name	Last commit message	Last commit date
Latest commit History 243 Commits
.github		.github
.vscode		.vscode
cicd		cicd
scripts		scripts
src		src
.dockerignore		.dockerignore
.editorconfig		.editorconfig
.gitignore		.gitignore
Cargo.lock		Cargo.lock
Cargo.toml		Cargo.toml
Directory.Build.props		Directory.Build.props
Dockerfile		Dockerfile
README.md		README.md
decrs.sln		decrs.sln
global.json		global.json
nuget.config		nuget.config
omnisharp.json		omnisharp.json
renovate.json		renovate.json
stylecop.json		stylecop.json

cythral/decrs

Folders and files

Latest commit

History

Repository files navigation

decrs

Installation

Usage

About

Resources

Stars

Watchers

Forks

Languages