-
Notifications
You must be signed in to change notification settings - Fork 5.8k
/
Copy pathre_encrypt_data.rb
32 lines (22 loc) · 1.33 KB
/
re_encrypt_data.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
# Purpose:
# re_encrypt_data.rb demonstrates how to
# re-encrypt data under a new AWS KMS key
# using Amazon Key Management Services (AWS KMS) using the AWS SDK for Ruby.
# snippet-start:[kms.ruby.reEncryptData]
require 'aws-sdk-kms' # v2: require 'aws-sdk'
# Human-readable version of the ciphertext of the data to reencrypt.
blob = '01020200785d68faeec386af1057904926253051eb2919d3c16078badf65b808b26dd057c101747cadf3593596e093d4ffbf22434a6d00000068306606092a864886f70d010706a0593057020100305206092a864886f70d010701301e060960864801650304012e3011040c9d629e573683972cdb7d94b30201108025b20b060591b02ca0deb0fbdfc2f86c8bfcb265947739851ad56f3adce91eba87c59691a9a1'
sourceCiphertextBlob = [blob].pack('H*')
# Replace the fictitious key ARN with a valid key ID
destinationKeyId = 'arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321'
client = Aws::KMS::Client.new(region: 'us-west-2')
resp = client.re_encrypt({
ciphertext_blob: sourceCiphertextBlob,
destination_key_id: destinationKeyId
})
# Display a readable version of the resulting re-encrypted blob.
puts 'Blob:'
puts resp.ciphertext_blob.unpack('H*')
# snippet-end:[kms.ruby.reEncryptData]