aws-kms

“errorMessage”: “string argument without an encoding”, [duplicate]

强颜欢笑 提交于 2020-01-06 05:26:08
问题 This question already has answers here : TypeError: string argument without an encoding (3 answers) Closed yesterday . I'm trying to save password string encrypted in DynamoDb, I get this error. Response: { "errorMessage": "string argument without an encoding", "errorType": "TypeError", "stackTrace": [ " File \"/var/task/lambda_function.py\", line 25, in lambda_handler\n encrypted_password = encrypt(session, plain_text_password, key_alias)\n", " File \"/var/task/lambda_function.py\", line 11,

How to encrypt data using KMS key in AWS Powershell script

孤者浪人 提交于 2020-01-02 06:57:30
问题 I am trying to encrypt a text using AWS KMS and creating a powershell script. So I used New-KMSDataKey to encrypt my KMS master key which in output returns plaintextDataKey and ciphertextblob . Now I am using plaintextDataKey to encrypt my plaintext using Invoke-KMSEncrypt but I get Invalid Operation error as shown below: Below is my script: param([string]$zonesecret, [string]$KMSKey, [string]$Keyspec, [string]$region= 'us-east-1', [string]$AccessKey, [string]$SecretKey) # splat $splat = @

How to generate AWS S3 pre-signed URL using signature version 4

邮差的信 提交于 2019-12-23 17:19:27
问题 I am generating a pre-signed URL in a C# .NET Core 2.0 API controller class using the AWSSDK.S3 (3.3.31.11). The resulting URL is intended to be used by a client side Angular application to upload a file to an S3 bucket that is encrypted using SSE-KMS. Although the S3Client reports that the SignatureMethod is "HmacSHA256" and SignatureVersion is "4", when I try to upload a file using the pre-signed URL I get an error indicating "Requests specifying Server Side Encryption with AWS KMS managed

How to use AWS KMS in AWS lambda

眉间皱痕 提交于 2019-12-22 05:15:22
问题 I've just started to work with AWS services, particularly AWS Lambda. Is there a way to use AWS KMS service from within Lambda code (Java). I'd like to use KMS to decrypt an encrypted externalized (read from a property) secret. My Lambda code is in java. Thanks in advance. 回答1: Yes, it should work fine. I recently ported a Node.js RESTful API over to Lambda and didn't have to change any KMS code. You'll just need to make sure the role your Lambda function runs under has permissions to the key

Does AWS RDS encryption with KMS affect performance?

主宰稳场 提交于 2019-12-22 02:25:11
问题 Amazon states that Encryption and decryption are handled transparently so you don’t have to modify your application to access your data My application (Rails, MySQL, Elasticsearch) builds a lot of graphics and therefore queries a lot of data. From my prior experience with database encryption, it really affects data retrieving speed (as we can only say if record matches condition after reading and decryptng it). Is there any relevant benchmarks? Or maybe you have worked with such server-side

Aws S3 etag not matching md5 after KMS encryption

流过昼夜 提交于 2019-12-11 07:57:34
问题 All- We are working on migrating some confidential & regulatory information from Local UNIX file system to S3. The files are copied using AWS EC2 instance into S3 using "aws s3 cp--sse aws:kms --sse-kms-key-id....... " command. What i have noticed is the etag is different from the unix md5sum. It is exactly the same if i don't encrypt the data using kms keys. I need to validate the upload to make sure data is not corrupt while uploading to S3, how do i validate my file is intact as etag won't

Nodejs async issue while decrypting aws kms keys

有些话、适合烂在心里 提交于 2019-12-11 06:22:54
问题 I have a lambda function in node6 which has 5 env variables all encrypted with aws kms. I have the following method which takes a encrypted key and returns a decrypted key. function decryptKMS(encryptedKey) { console.log('inside decryptkms'); const kms = new AWS.KMS(); kms.decrypt({ CiphertextBlob: new Buffer(encryptedKey, 'base64') }, (err, data) => { if (err) { console.log('Decrypt error:', err); return callback(err); } var result = data.Plaintext.toString('ascii'); return result; }); } And

How do I get AWS cross-account KMS keys to work?

旧城冷巷雨未停 提交于 2019-12-06 03:45:26
问题 I'm trying to set up cross-account access to allow for an external account to use my KMS key to decrypt data from an S3 bucket. I have the key, policies, roles set up with what I believe is the correct grants but I can't describe the key from the external account. Hoping to get some input as to what I'm doing wrong. Account 111: Key with policy grant to root of external account (999) { "Version": "2012-10-17", "Id": "key-consolepolicy-3", "Statement": [ { "Sid": "Enable IAM User Permissions",

Error while decrypting file using KMS key in Amazon S3

流过昼夜 提交于 2019-12-06 02:11:55
问题 I am trying to use Amazon S3 as a file system with encryption. I am successfully able to achieve uploading file on AWS S3 server using KMS Encrypted key (Server side Encryption). Please find below working code : For Encrypt: private static final String AWS_KMS_KEY = "---KMS Key---" private static final String BUCKET_NAME = "---bucket name---" private static final String keyName = "---display key name---" private static final String filePath = "---File Path---" private static final String

How to encrypt data using KMS key in AWS Powershell script

 ̄綄美尐妖づ 提交于 2019-12-05 21:28:47
I am trying to encrypt a text using AWS KMS and creating a powershell script. So I used New-KMSDataKey to encrypt my KMS master key which in output returns plaintextDataKey and ciphertextblob . Now I am using plaintextDataKey to encrypt my plaintext using Invoke-KMSEncrypt but I get Invalid Operation error as shown below: Below is my script: param([string]$zonesecret, [string]$KMSKey, [string]$Keyspec, [string]$region= 'us-east-1', [string]$AccessKey, [string]$SecretKey) # splat $splat = @{KeyId=$KMSKey; KeySpec=$Keyspec; Region=$region} # generate a data key $datakey = New-KMSDataKey @splat