End-to-end test using AWS CLI

3min

this section shows how to test encryption and decryption by using the xks key stored securely on the {{ch}} install aws cli refer to the amazon documentation ( docs aws amazon com/cli/latest/userguide/cli chap getting started html) for installing aws cli on your local machine test encryption and decryption you can use the following bash script to test encryption and decryption with the xks key the only value you must update in the script is the arn/key id the last output of the script indicates whether the test passes or fails to use this example, you must trim the arn string and get only the key id, which is bolded in the following example string arn\ aws\ kms\ us east 2 993246061881\ key/ d74123b9 0743 46d9 a22a 761239f139 \#!/usr/bin/env bash echo "configure your aws with your credentials" \# if your system already has this configured, you can comment this line below aws configure \# configure the plain text that you want to cipher and the keyid that you want plaintext="pele is bigger than pele" keyid="87057259 0b6e 46a3 9a6e 381513c7e2ad" \# aws cli wants to work with base64 format data bintext=$(echo n "$plaintext" | base64) echo "this is the plain text" echo $plaintext echo "this is the bin of plain text that will be used in test" echo $bintext echo "this is the keyid" echo $keyid \# aws cli wants to work with base64 format data ciphertext=$(aws kms encrypt key id $keyid plaintext $bintext output text query ciphertextblob) echo "this is the cypher text (in base64 format)" echo "$ciphertext" > ciphertext txt echo $(cat ciphertext txt) decrypted=$(aws kms decrypt ciphertext blob $ciphertext output text query plaintext) \# get back data to text format echo "$decrypted" | base64 decode > decryptresponse txt echo "this is the result of encrypting and decrypting" result=$(cat decryptresponse txt) echo $result if \[\[ "$plaintext" == "$result" ]]; then echo "encrypt and decrypt was succeed" else echo "failed to validate encrypt and decrypt" fi save the bash script to a file with the sh extension make the script executable with the chmod command in linux or macos chmod +x encryptdecrypttest sh and run it with the following command /encryptdecrypttest sh

Create a key in your AWS External key store

Google Cloud EKM (External Key Manager)