diff options
| author | Dave Henderson <dhenderson@gmail.com> | 2019-03-23 22:44:08 -0400 |
|---|---|---|
| committer | Dave Henderson <dhenderson@gmail.com> | 2019-03-23 22:44:08 -0400 |
| commit | 2b59c4adc3f2c3b81f8b2e8b8cee490fd797cddf (patch) | |
| tree | 73d191de1fac85f610e04553f26d540b599b0353 /docs-src/content | |
| parent | 7d704de2ad60e658715c2b502ba7c261993fe61b (diff) | |
Adding docs for aws.KMSEncrypt and aws.KMSDecrypt
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
Diffstat (limited to 'docs-src/content')
| -rw-r--r-- | docs-src/content/functions/aws.yml | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/docs-src/content/functions/aws.yml b/docs-src/content/functions/aws.yml index 53d6c470..f65935ba 100644 --- a/docs-src/content/functions/aws.yml +++ b/docs-src/content/functions/aws.yml @@ -96,3 +96,57 @@ funcs: - | $ echo 'I am a {{ aws.EC2Tag "classification" "meat popsicle" }}.' | ./gomplate I am a meat popsicle. + - name: aws.KMSEncrypt + description: | + Encrypt an input string with the AWS Key Management Service (KMS). + + At most 4kb (4096 bytes) of data may be encrypted. + + The resulting ciphertext will be base-64 encoded. + + The `keyID` parameter is used to reference the Customer Master Key to use, + and can be: + + - the key's ID (e.g. `1234abcd-12ab-34cd-56ef-1234567890ab`) + - the key's ARN (e.g. `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`) + - the alias name (aliases must be prefixed with `alias/`, e.g. `alias/ExampleAlias`) + - the alias ARN (e.g. `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`) + + For information on creating keys, see [_Creating Keys_](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) + + See [the AWS documentation](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html) + for more details. + + See also [`aws.KMSDecrypt`](#aws-kmsdecrypt). + pipeline: true + arguments: + - name: keyID + required: true + description: the ID of the Customer Master Key (CMK) to use for encryption + - name: input + required: true + description: the string to encrypt + examples: + - | + $ export CIPHER=$(gomplate -i '{{ aws.KMSEncrypt "alias/gomplate" "hello world" }}') + $ gomplate -i '{{ env.Getenv "CIPHER" | aws.KMSDecrypt }}' + - name: aws.KMSDecrypt + description: | + Decrypt ciphertext that was encrypted with the AWS Key Management Service + (KMS). + + The ciphertext must be base-64 encoded. + + See [the AWS documentation](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html) + for more details. + + See also [`aws.KMSEncrypt`](#aws-kmsencrypt). + pipeline: true + arguments: + - name: input + required: true + description: the base-64 encoded ciphertext to decrypt + examples: + - | + $ export CIPHER=$(gomplate -i '{{ aws.KMSEncrypt "alias/gomplate" "hello world" }}') + $ gomplate -i '{{ env.Getenv "CIPHER" | aws.KMSDecrypt }}' |