This document describes step by step guide how to use crypt with AWS KMS.
AWS KMS uses client from AWS SDK for Go.
You can either run aws configure (if you don't have ~/.aws/credentials already)
or set environment variables.
To set AWS profile use --profile parameter.
Example usage with stdin:
echo "top secret" | crypt encrypt aws \
--out file.enc \
--region eu-west-1 \
--kms alias/testecho "top secret" > file.txt
crypt encrypt aws \
--in file.txt \
--out file.enc \
--region eu-west-1 \
--kms alias/testcrypt encrypt aws \
--indir to-encrypt \
--outdir encrypted \
--region eu-west-1 \
--kms alias/testIn directory encrypted you should have encrypted files with extension .crypt.
crypt decrypt aws \
--in file.enc \
--out file.dec \
--region eu-west-1crypt decrypt aws \
--indir to-decrypt \
--outdir decrypted \
--region eu-west-1This command scan all files with extension .crypt in folder to-decrypt and decrypts it to decrypted folder.
Decrypted files doesnt't have .crypt extension.