Skip to content

hcentive/hcentive-kms-cli

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits

bin

bin

 
 

config

config

 
 

lib

lib

 
 

spec

spec

 
 

.gitignore

.gitignore

 
 

.yardopts

.yardopts

 
 

Gemfile

Gemfile

 
 

Gemfile.lock

Gemfile.lock

 
 

LICENSE.txt

LICENSE.txt

 
 

README.md

README.md

 
 

kms.gemspec

kms.gemspec

 
 

Repository files navigation

kms

A command line tool to encrypt and decrypt text using AWS KMS. It is part of the toolset for the overall encryption framework.

Installation

System requirements -

  • Ruby 2.1.1
  • The following packages must be installed on the system -
    • build-essential
    • zlib1g-dev
    • openssl
    • libssl-dev
    • libopenssl-ruby

kms requires the following environment variables to be present:

AWS_ACCESS_KEY_ID='...'
AWS_SECRET_ACCESS_KEY='...'
AWS_REGION='us-east-1'
AWS_KMS_KEY_SPEC=AES_256

If this utility is run from an EC2 instance launched with an IAM role, the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are picked up from instance metadata.

Clone the repository from GitHub and run bundle install to install dependencies

$ git clone https://git.demo.hcentive.com/hcentive-kms-cli
$ bundle install

Usage

kms has the following commands. Type help to get the list of commands.

kms help                 
Commands:
  kms decrypt TENANT STACK CONTEXT KEYALIAS PLAINTEXT -c, --context=CONTEXT -p, --product=PRODUCT -s, --stack=STACK -t, --tenant=TENANT -x, --ciphertext=CIPHERTEXT             ...
  kms encrypt TENANT STACK CONTEXT KEYALIAS PLAINTEXT -c, --context=CONTEXT -k, --keyalias=KEYALIAS -p, --product=PRODUCT -s, --stack=STACK -t, --tenant=TENANT -x, --plaintext=...
  kms help [COMMAND]

  • kms encrypt

Encrypt plaintext with supplied key alias; use tenant, stack and context to build encryption context.

USAGE

kms encrypt --context=CONTEXT --keyalias=KEYALIAS --stack=STACK --tenant=TENANT --plaintext=PLAINTEXT

Or use option aliases.

kms encrypt -c CONTEXT -k KEYALIAS -s STACK -t TENANT -x PLAINTEXT

Options
-t, --tenant=TENANT        # tenant - name of the tenant of the product
-s, --stack=STACK          # stack - dev, qa, sit, uat, production
-c, --context=CONTEXT      # context - unique context for the plaintext being encrypted; for example, hostname of the application server
-k, --keyalias=KEYALIAS    # keyalias - encryption key alias
-x, --plaintext=PLAINTEXT  # plaintext - text to be encrypted

  • kms decrypt

Decrypt base64 encoded ciphertext with supplied key alias; use tenant, stack and context to build encryption context

USAGE

kms decrypt --context=CONTEXT --stack=STACK --tenant=TENANT --ciphertext=CIPHERTEXT

Or use option aliases.

kms decrypt -c CONTEXT -s STACK -t TENANT -x CIPHERTEXT

Options
-t, --tenant=TENANT        # tenant - name of the tenant of the product
-s, --stack=STACK          # stack - dev, qa, sit, uat, production
-c, --context=CONTEXT      # context - unique context for the plaintext being encrypted; for example, hostname of the application server
-k, --keyalias=KEYALIAS    # keyalias - encryption key alias
-x, --plaintext=PLAINTEXT  # plaintext - text to be encrypted

About

Ruby gem for hCentive's implementation of AWS KMS

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

7 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages