kmsencrypt

command module

v1.0.1 Latest Latest Go to latest Published: Sep 17, 2021 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/mmatww/kmsencrypt

Links

Open Source Insights

README ¶

kmsencrypt

A tool designed to do KMS based envelope encryption of files.

Decryption

takes a file {filename.kms} that you have encrypted with this program
base64 decodes the file and extracts the IV and encryption key from the prefix
decrypts the encryption key with the proper EncryptionContext using KMS
then takes that key and unencrypts the data
saves the data in a local file of the name {filename}

Encryption

This takes the file {filename},
generates a KMS encryption key tied to a supplied EncryptionContext value and KMS Customer Master Key
encrypts the file with the encryption key
prepends the encrypted key and IV on to the file
base64 encodes the new file
saves it as {filename.kms}

How to build:

git clone into the $GOPATH/src/github.com/mmatww directory

mkdir $GOPATH/src/github.com/mmatww
cd $GOPATH/src/github.com/mmatww
git clone https://github.com/mmatww/kmsencrypt.git

or

go get github.com/mmatww/kmsencrypt

This tool requires the "aws-sdk-go" and the "urfave/cli" packages be installed.

go get github.com/aws/aws-sdk-go/
go get github.com/urfave/cli

Alternatively, if you have glide installed, you can just get the deps like this:

glide up

Then just build or install it...

go install

or

go build -o kmsencrypt
./kmsencrypt

Usage Notes

The tool has a full help system, but in general usage is

 kmsencrypt [command] {command specific options}

where commands are

kmsencrypt encrypt [localfilename] [context]
OPTIONS:
   -c value  The customer master key id - can set with KMSENCRYPT_CMKID environment variable [$KMSENCRYPT_CMKID]

or

kmsencrypt decrypt [localfilename] [context]

Dealing with an "AWS Error: NoCredentialProviders" error or needing ~/.aws/config

In some situations (like needing a STS token to work on an environment) or if you have entries in your ~/.aws/config file that are needed, you may need to set the following environment variable:

AWS_SDK_LOAD_CONFIG=1

This is a function of the aws sdk for go discussed here: http://docs.aws.amazon.com/sdk-for-go/api/aws/session/

Mac installation via homebrew

New! Now you can install on a mac by using homebrew.

brew install mmatww/tools/kmsencrypt

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

kmsencrypt.go

Directories ¶

Path	Synopsis
awsfuncs Package awsfuncs contains all the code that deals directly with AWS services	Package awsfuncs contains all the code that deals directly with AWS services
encryption Package encryption contains all the ECB and CBC encryption routines	Package encryption contains all the ECB and CBC encryption routines
errorhandle
filefuncs
padding Package padding performs pkcs#7 padding and unpadding	Package padding performs pkcs#7 padding and unpadding

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL