KMS API Calls Exam Tips
The following API Calls are associated with KMS
- Encrypt - Encrypts a plaintext file
- Example
aws kms encrypt --key-id YOURKEYIDHERE --plaintext fileb://secret.txt --output text --query CiphertextBlob | base64 --decode > encryptedsecret.txt
- Example
- Decrypt - Decrypts a plain-text file
- Example
aws kms decrypt --ciphertext-blob fileb://encryptedsecret.txt --output text --query Plaintext | base64 -- decode > decryptedsecret.txt
- Example
- Re-Encrypt - Transfers encrypted content from one file to another encrypted file without ever exposing the plain text content.
- Example
aws kms re-encrypt --destination-key-id YOURKEYIDHERE --ciphertext-blob fileb://encryptedsecret.txt | base64 > newencryption.txt
- Example
- Enable Key Rotation - Enables CMKs to be rotated every year automatically. It backs up the old key to associated with previously-encrypted data
- Example
aws enable-key-rotation --key-id YOURKEYIDHERE
- Example