gouf
12/26/2016 - 6:37 PM
AWS KMS サービスを利用して、秘密にしたいデータをコードの中で扱えるようにする
AWS KMS サービスを利用して、秘密にしたいデータをコードの中で扱えるようにする
require 'aws-sdk'
# Please set your own key id
# Ref: https://console.aws.amazon.com/iam/home?region=ap-northeast-1#/encryptionKeys/ap-northeast-1
key_id = 'arn:aws:kms:ap-northeast-1:000000000000:key/00000000-0000-0000-0000-000000000000' # note: keep secret key_id, export to environment variable
kms = Aws::KMS::Client.new(
region: 'ap-northeast-1'
)
response = kms.encrypt(
key_id: key_id,
plaintext: 'my_sensitive_text_data'
)
p ciphertext_blob = response.dig(:ciphertext_blob).to_s
# => "\x01\x01\x02\x00xS\xBB\xBE\xC5\x03G\xE9>fz{\xBEyW\x8E&\x01I\xFB\xBF\xBD\xB0Vfk(snip)...
response2 = kms.decrypt(
ciphertext_blob: ciphertext_blob
)
p response2.dig(:plaintext)
# => 'my_sensitive_text_data'