Skip to content
/ hcentive-kms-cli Public
forked from hcentive/hcentive-kms-cli

Ruby gem for hCentive's implementation of AWS KMS

License

MIT license
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

satie/hcentive-kms-cli

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
bin
bin
 
 
config
config
 
 
lib
lib
 
 
spec
spec
 
 
.gitignore
.gitignore
 
 
.yardopts
.yardopts
 
 
Gemfile
Gemfile
 
 
Gemfile.lock
Gemfile.lock
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
kms.gemspec
kms.gemspec
 
 

Repository files navigation

kms

A command line tool to encrypt and decrypt text using AWS KMS. It is part of the toolset for the overall encryption framework.

Installation

System requirements -

  • Ruby 2.1.1
  • The following packages must be installed on the system -
    • build-essential
    • zlib1g-dev
    • openssl
    • libssl-dev
    • libopenssl-ruby

kms requires the following environment variables to be present:

AWS_ACCESS_KEY_ID='...'
AWS_SECRET_ACCESS_KEY='...'
AWS_REGION='us-east-1'
AWS_KMS_KEY_SPEC=AES_256

If this utility is run from an EC2 instance launched with an IAM role, the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are picked up from instance metadata.

Clone the repository from GitHub and run bundle install to install dependencies

$ git clone https://git.demo.hcentive.com/hcentive-kms-cli
$ bundle install

Usage

kms has the following commands. Type help to get the list of commands.

kms help                 
Commands:
  kms decrypt TENANT STACK CONTEXT KEYALIAS PLAINTEXT -c, --context=CONTEXT -p, --product=PRODUCT -s, --stack=STACK -t, --tenant=TENANT -x, --ciphertext=CIPHERTEXT             ...
  kms encrypt TENANT STACK CONTEXT KEYALIAS PLAINTEXT -c, --context=CONTEXT -k, --keyalias=KEYALIAS -p, --product=PRODUCT -s, --stack=STACK -t, --tenant=TENANT -x, --plaintext=...
  kms help [COMMAND]

  • kms encrypt

Encrypt plaintext with supplied key alias; use tenant, stack and context to build encryption context.

USAGE

kms encrypt --context=CONTEXT --keyalias=KEYALIAS --stack=STACK --tenant=TENANT --plaintext=PLAINTEXT

Or use option aliases.

kms encrypt -c CONTEXT -k KEYALIAS -s STACK -t TENANT -x PLAINTEXT

Options
-t, --tenant=TENANT        # tenant - name of the tenant of the product
-s, --stack=STACK          # stack - dev, qa, sit, uat, production
-c, --context=CONTEXT      # context - unique context for the plaintext being encrypted; for example, hostname of the application server
-k, --keyalias=KEYALIAS    # keyalias - encryption key alias
-x, --plaintext=PLAINTEXT  # plaintext - text to be encrypted

  • kms decrypt

Decrypt base64 encoded ciphertext with supplied key alias; use tenant, stack and context to build encryption context

USAGE

kms decrypt --context=CONTEXT --stack=STACK --tenant=TENANT --ciphertext=CIPHERTEXT

Or use option aliases.

kms decrypt -c CONTEXT -s STACK -t TENANT -x CIPHERTEXT

Options
-t, --tenant=TENANT        # tenant - name of the tenant of the product
-s, --stack=STACK          # stack - dev, qa, sit, uat, production
-c, --context=CONTEXT      # context - unique context for the plaintext being encrypted; for example, hostname of the application server
-k, --keyalias=KEYALIAS    # keyalias - encryption key alias
-x, --plaintext=PLAINTEXT  # plaintext - text to be encrypted

About

Ruby gem for hCentive's implementation of AWS KMS

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Ruby 100.0%