Source code for pysecret.aws.kms

# -*- coding: utf-8 -*-

"""
AWS Key Management Service supportintegration
"""


[docs]def kms_symmetric_encrypt(
    kms_client,
    blob: bytes,
    kms_key_id: str,
):
    """
    Use KMS key to encrypt a short text.

    - KMS.Client.encrypt: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/kms.html#KMS.Client.encrypt

    :param blob: binary data to encrypt
    :param kms_key_id:

    :rtype: bytes
    """
    return kms_client.encrypt(
        Plaintext=blob,
        KeyId=kms_key_id,
    )["CiphertextBlob"]


[docs]def kms_symmetric_decrypt(
    kms_client,
    blob: bytes,
):
    """
    Use KMS key to decrypt a short text.

    :param blob: binary data to decrypt

    :rtype: bytes
    """
    return kms_client.decrypt(CiphertextBlob=blob)["Plaintext"]