how to encrypt and decrypt with AWS KMS and Python - bite-size tutorial

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this bite-sized tutorial we are doing symmetric encryption using AWS key management service [Music] hi I'm Rafael and this is coder cave if you are new here hit subscribe so you don't miss my new videos AWS key management service allows us to easily create and manage encryption keys that we can use in AWS products and our custom code in this tutorial we will first create a symmetric key and then we will use this key in our custom Python code to encrypt and decrypt a piece of text in the AWS console we go to key management service and we create a new key for this tutorial I will create a symmetric key which means the same key will be used to encrypt and decrypt the sample text as for Advanced Options I will stick with kms so we go next in this step we can define an alias for our key and the description I can also define tags but for the purpose of this tutorial there is no use in doing that so we hit next and here we need to define administrative permissions so who is the user or which is the role that allows manipulation of this key for this key I will assign my own user as administrator of that key the next step will allow us to define the permissions so which users and roles can use the key now for this tutorial I will set my own user as user of the key or allowed to use the key it next here we can review the I am policy we can make some changes if we wanted to and then we are done we have a new key that we can see over here now we will need the key ID for the coding part of this tutorial and here to the coding part so for this part first thing we will need to import bata tree so that we can easily interface with AWS then we need the ID of the key that we just created so for that we go back to the AWS console and we grab this key and copy it in our code then and then we define the code of the method that is going to create a session and then use the session to encrypt a piece of text so first thing I will need to create a session here and so about three session session and here I will pass my profile name this is the name of the profile of my local profile that has the keys that allow me to connect to my AWS account and here I create a kms client so now I have everything I need to start encrypting some text so our safe the I would save the result of the encryption operation into an object called encryption result that's a dictionary and this is going to be created by the client the encrypt method of of the kms client so I need to pass the key ID and some plain text and of course this is a tutorial so I will say hello kms so this is going to be the text I want to encrypt all right so this is going to receive the encrypted string in in a byte array so the byte array is going to be in the encrypted results using the index cipher text Seifer block cipher text blob all right now I want to visualize the content of this array so I'm going to base64-encoded so we'll import base64 and then I will print base64 dot B is 64 encode of blob all right so we got everything or almost everything we need to run this code last thing we need to invoke the hello km/s okay so with this we should have everything we need to run the code so as the first thing we'll create a virtual environment with pilot and 3.8 then I will activate it and once activated I want to install a bottle tree all right now that bottle tree is installed we should have everything we need to run this code so let's give it a try oh all right looks like I made a mistake here it's a cipher text to blob let's run it again and here we have our base64 encoded encrypted string so this is going to be hello KMS encrypted and base64 encoded so now obviously I want to decrypt this code this the string so I brutally copy pasted this and I will have it here okay now to decrypt it I can call the decrypt method of the client and here again I need to pass the ciphertext blob but I'm going to regenerate this based on the encrypted text that I copied so I'm not going to use this object I'm going to use the text that I obtained earlier so this time I'm going to do a base64 decode of encrypted text okay and final thing I will print decrypted and I need to get the plaintext index of the dictionary all right so with this we should be good to go to again encrypt and then decrypt and there we go here we have again the encrypted encoded string then we passed this thing into the decrypts method and we obtain hello km/s which is our sample string as you can see with just a few clicks and less than 20 lines of code we are you able to use AWS kms to encrypt and decrypt some strings now in real life you would use that to encrypt secrets that you need to share with let's say AWS lambdas let's imagine that we have a lambda that needs to interface with some API probably that third party API will give you an API key you will need to have that API key available for your lambda so most probably you will have it in your template but you don't want to add it in plain text because if you are checking that template into let's say github then your plain text API key will be in github and you don't want that but if you use kms you will be able to encrypt that key add it into your template check it in into github and then your AWS lambda will be able to decrypt it at runtime so this is very safe and it's also very simple to use so what's not to love about AWS kms [Music] you

Info

Channel: Coder Cave

Views: 1,889

Rating: undefined out of 5

Keywords: serverless, kms, codercave, tutorial, aws, security, how to, how-to, howto, key management service, encryption, software development, coding, programming, python, boto3

Id: CFEYKrP0vxs

Channel Id: undefined

Length: 8min 35sec (515 seconds)

Published: Sat May 23 2020