diff options
| author | Dave Henderson <dhenderson@gmail.com> | 2019-03-23 22:44:08 -0400 |
|---|---|---|
| committer | Dave Henderson <dhenderson@gmail.com> | 2019-03-23 22:44:08 -0400 |
| commit | 2b59c4adc3f2c3b81f8b2e8b8cee490fd797cddf (patch) | |
| tree | 73d191de1fac85f610e04553f26d540b599b0353 /docs | |
| parent | 7d704de2ad60e658715c2b502ba7c261993fe61b (diff) | |
Adding docs for aws.KMSEncrypt and aws.KMSDecrypt
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/content/functions/aws.md | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/docs/content/functions/aws.md b/docs/content/functions/aws.md index f8e0f5b1..d9592be3 100644 --- a/docs/content/functions/aws.md +++ b/docs/content/functions/aws.md @@ -141,3 +141,83 @@ foo $ echo 'I am a {{ aws.EC2Tag "classification" "meat popsicle" }}.' | ./gomplate I am a meat popsicle. ``` + +## `aws.KMSEncrypt` + +Encrypt an input string with the AWS Key Management Service (KMS). + +At most 4kb (4096 bytes) of data may be encrypted. + +The resulting ciphertext will be base-64 encoded. + +The `keyID` parameter is used to reference the Customer Master Key to use, +and can be: + +- the key's ID (e.g. `1234abcd-12ab-34cd-56ef-1234567890ab`) +- the key's ARN (e.g. `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`) +- the alias name (aliases must be prefixed with `alias/`, e.g. `alias/ExampleAlias`) +- the alias ARN (e.g. `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`) + +For information on creating keys, see [_Creating Keys_](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) + +See [the AWS documentation](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html) +for more details. + +See also [`aws.KMSDecrypt`](#aws-kmsdecrypt). + +### Usage + +```go +aws.KMSEncrypt keyID input +``` +```go +input | aws.KMSEncrypt keyID +``` + +### Arguments + +| name | description | +|------|-------------| +| `keyID` | _(required)_ the ID of the Customer Master Key (CMK) to use for encryption | +| `input` | _(required)_ the string to encrypt | + +### Examples + +```console +$ export CIPHER=$(gomplate -i '{{ aws.KMSEncrypt "alias/gomplate" "hello world" }}') +$ gomplate -i '{{ env.Getenv "CIPHER" | aws.KMSDecrypt }}' +``` + +## `aws.KMSDecrypt` + +Decrypt ciphertext that was encrypted with the AWS Key Management Service +(KMS). + +The ciphertext must be base-64 encoded. + +See [the AWS documentation](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html) +for more details. + +See also [`aws.KMSEncrypt`](#aws-kmsencrypt). + +### Usage + +```go +aws.KMSDecrypt input +``` +```go +input | aws.KMSDecrypt +``` + +### Arguments + +| name | description | +|------|-------------| +| `input` | _(required)_ the base-64 encoded ciphertext to decrypt | + +### Examples + +```console +$ export CIPHER=$(gomplate -i '{{ aws.KMSEncrypt "alias/gomplate" "hello world" }}') +$ gomplate -i '{{ env.Getenv "CIPHER" | aws.KMSDecrypt }}' +``` |