KMS: Create a key and encrypt data

Create a customer managed KMS key, encrypt and decrypt data, and generate a data key using the AWS CLI.

Source

https://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html

Use case

ID: kms/getting-started
Phase: create
Complexity: beginner
Core actions: kms:CreateKey, kms:Encrypt, kms:Decrypt

What it does

Creates a customer managed KMS key
Creates an alias for the key
Describes the key metadata
Encrypts data using fileb://
Decrypts the ciphertext
Generates a data key for client-side encryption
Lists KMS keys and aliases

Running

bash aws-kms-gs.sh

Resources created

KMS customer managed key (with alias)

The key costs $1/month until deleted. The script prompts you to clean up when it finishes. Cleanup schedules the key for deletion with a 7-day waiting period.

Estimated time

Run: ~7 seconds

Cost

$1/month for the customer managed key. Delete the key promptly to avoid charges.

Related docs

Getting started with AWS KMS
Creating keys
Encrypting and decrypting data
Data keys
Deleting KMS keys

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

KMS: Create a key and encrypt data

Source

Use case

What it does

Running

Resources created

Estimated time

Cost

Related docs

FilesExpand file tree

README.md

Latest commit

History

README.md

File metadata and controls

KMS: Create a key and encrypt data

Source

Use case

What it does

Running

Resources created

Estimated time

Cost

Related docs