Ruan Bekker's Blog

From a Curious mind to Posts on Github

Python Script to Decrypt Encrypted Data With AWS KMS

Quick script to decrypt data that was encrypted with your KMS key:

The Script:

The script requires the encrypted scring as an argument:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#!/usr/bin/env python

import boto3
import sys
from base64 import b64decode

try:
    encrypted_value = sys.argv[1]
except IndexError:
    print("Usage: {} {}".format(sys.argv[0], 'the-encrypted-string'))
    exit(1)

session = boto3.Session(
        region_name='eu-west-1',
        profile_name='default'
    )

kms = session.client('kms')

response = kms.decrypt(CiphertextBlob=b64decode(encrypted_value))['Plaintext']
print("Decrypted Value: {}".format(response))

Change the permissions so that the file is executable:

1
$ chmod +x decrypt.py

Usage:

1
2
$ ./decrypt.py asdlaskjdasidausd09q3uoijad09ujd38u309
Decrypted Value: thisIsMyDecryptedValue

Comments