Menu
I've just started to work with AWS services, particularly AWS Lambda. Is there a way to use AWS KMS service from within Lambda code (Java). I'd like to use KMS to decrypt an encrypted externalized (read from a property) secret. My Lambda code is in java. Thanks in advance.
576
asked Sep 16 '15 23:09
In Python:
with open('encrypted_pem.txt', 'r') as encrypted_pem:
pem_file = encrypted_pem.read()
kms = boto3.client('kms', region_name=REGION)
return kms.decrypt(CiphertextBlob=b64decode(pem_file))['Plaintext']
Taken from AWS Labs Chef cleanup source.
The README of that repo explains how to encrypt the PEM file in the first place using the AWS KMS CLI.
121
Yes, it should work fine.
I recently ported a Node.js RESTful API over to Lambda and didn't have to change any KMS code.
You'll just need to make sure the role your Lambda function runs under has permissions to the key you setup through AWS to use with the encrypt/decrypt calls.
33
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
