Data

Tools

Indexes

Applications

Experiments

Open Source Science

kms-vault

A script for managing secrets encrypted / decrypted via AWS KMS.

https://github.com/awstoolbox/kms-vault

Science Score: 44.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (12.2%) to scientific vocabulary

Keywords

aws aws-kms encryption-decryption security security-tools wolfsoftware
Last synced: 4 months ago · JSON representation ·

Repository

A script for managing secrets encrypted / decrypted via AWS KMS.

Basic Info
  • Host: GitHub
  • Owner: AWSToolbox
  • License: mit
  • Language: Shell
  • Default Branch: master
  • Homepage:
  • Size: 171 KB
Statistics
  • Stars: 2
  • Watchers: 1
  • Forks: 1
  • Open Issues: 3
  • Releases: 1
Topics
aws aws-kms encryption-decryption security security-tools wolfsoftware
Created almost 5 years ago · Last pushed 4 months ago
Metadata Files
Readme Contributing Funding License Code of conduct Citation Codeowners Security

README.md

AWSToolbox logo
Github Build Status License Created
Release Released Commits since release

Overview

A bash script for managing secrets encrypted / decrypted via AWS KMS. This script is designed for encrypting things like yaml keys or other small pieces of data.

Limitations

There is 4K limit with regards to KMS encryption so do not use it for encrypting large files.

If you need to encrypt large files then use something like gpg or openssl and use this script to protect the private key.

We won't detail how to use gpg or any other tools for file encryption here, most methods will create a public and private key, and you can use this tool to protect that private key.

Usage

Usage: kms-vault.sh [ -hdel ] [ -k key alias ] [ -f input filename ] [ -o output filename ] -h : Print this screen -d : decrypt a given file -e : encrypt a given file -f : The name of the name to encrypt -k : The alias for the key to encrypt with -l : List the available KSM key aliases/names -o : Name of the output file

The script has 3 operating modes:

  1. List available KMS keys
  2. Encrypt a file
  3. Decrypt a file

List Keys

```shell ./kms-vault.sh -l

Available Aliases: 1. alias/puppet ```

The alias name is used when encrypting the file contents. Not ALL KSM keys are listed, the script will not use a key which is AWS managed or any key which doesn't have a TargetKeyId attribute.

It is also possible that attempts to use certain keys might well be meet with the following error:

An error occurred (AccessDeniedException) when calling the Encrypt operation: <truncated output>

This is due to IAM restrictions to the key you are attempting to use, this normally happens with AWS managed keys like S3 and RDS which is why the script excludes them, but may also occur if you have set the access permissions to your custom key to be to restrictive.

You are required to create your own KMS keys for encryption/decryption purposes. (A tool for creating this will be released shortly and the link placed here).

Encrypt File

shell ./kms-vault.sh -e -f <input file> -k <key alias> -o <output file>

The output from the script will be a long base64 encoded string, the output can be redirected to a file (an output file option is on the todo list)

Decrypt File

shell ./kms-vault.sh -d -f <input file> -o <output file>

The output from the script will be the decrypted contains of the file, the output can be redirected to a file (an output file option is on the todo list)


Owner

  • Name: AWS Toolbox
  • Login: AWSToolbox
  • Kind: organization
  • Email: github@wolfsoftware.com
  • Location: United Kingdom

A selection of tools for Amazon Web Services. Created by Wolf Software.

Citation (CITATION.cff) 

cff-version: 1.2.0
message: If you use this software, please cite it using these metadata.
title: KMS Vault
abstract: A script for managing secrets encrypted / decrypted via AWS KMS.
type: software
version: 0.1.0
date-released: 2024-05-23
repository-code: https://github.com/AWSToolbox/kms-vault
keywords:
  - "Wolf Software"
  - "Software"
license: MIT
authors:
  - family-names: "Wolf"
    orcid: "https://orcid.org/0009-0007-0983-2072"

GitHub Events

Total
  • Watch event: 1
  • Delete event: 62
  • Issue comment event: 134
  • Push event: 120
  • Pull request review event: 110
  • Pull request event: 136
  • Fork event: 1
  • Create event: 65
Last Year
  • Watch event: 1
  • Delete event: 62
  • Issue comment event: 134
  • Push event: 120
  • Pull request review event: 110
  • Pull request event: 136
  • Fork event: 1
  • Create event: 65

Issues and Pull Requests

Last synced: 4 months ago

All Time
  • Total issues: 0
  • Total pull requests: 49
  • Average time to close issues: N/A
  • Average time to close pull requests: 2 days
  • Total issue authors: 0
  • Total pull request authors: 1
  • Average comments per issue: 0
  • Average comments per pull request: 1.71
  • Merged pull requests: 38
  • Bot issues: 0
  • Bot pull requests: 49
Past Year
  • Issues: 0
  • Pull requests: 49
  • Average time to close issues: N/A
  • Average time to close pull requests: 2 days
  • Issue authors: 0
  • Pull request authors: 1
  • Average comments per issue: 0
  • Average comments per pull request: 1.71
  • Merged pull requests: 38
  • Bot issues: 0
  • Bot pull requests: 49
View more stats
Top Authors
Issue Authors
Pull Request Authors
  • dependabot[bot] (94)
Top Labels
Issue Labels
Pull Request Labels
dependabot: dependencies (94) dependabot: ecosystem : github actions (93) dependabot: auto approve (79) dependabot: auto merge (79) dependabot: manual merge (4)