0

I need to encrypt plain text passwords and other sensitive information using AWS KMSin nodejs server. Is it possible with AWS KMS.

I am new to AWS KMS i don't have much info about AWS KMS. Please suggest solution for this.

Thanks

PaulG
  • 13,871
  • 9
  • 56
  • 78
Team
  • 347
  • 1
  • 5
  • 16
  • 1
    Have you read the [documentation](https://aws.amazon.com/documentation/kms/)? – Michael - sqlbot Feb 01 '17 at 10:30
  • I read the document. But my requirement is to encrypt specific file using this AWS KMS. I didn't get any idea about thata – Team Feb 01 '17 at 10:47
  • 1
    KMS isn't used for "files" -- it can [manage/safeguard the keys](http://docs.aws.amazon.com/kms/latest/developerguide/programming-keys.html) that your application uses to encrypt files itself, and it can [encrypt/decrypt small chunks of data directly](http://docs.aws.amazon.com/kms/latest/developerguide/programming-encryption.html). It can also be leveraged by S3 to [store objects encrypted at rest](http://docs.aws.amazon.com/kms/latest/developerguide/services-s3.html) and [manage keys for other AWS services](http://docs.aws.amazon.com/kms/latest/developerguide/service-integration.html). – Michael - sqlbot Feb 01 '17 at 12:00
  • Thanks for your reply @Michael. I just read this document (http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html). But here they are telling about the encryption and decryption of plain text How can we do the encryption and decryption for files with KMS. Can you please give the details about that. – Team Feb 08 '17 at 09:00
  • The link you included is about S3, which can use KMS to store the data encrypted at rest -- that is, encrypted for storage on the S3 servers. The data is also encrypted while uploading and downloading over HTTPS, but when you download an encrypted file from S3, S3 handles the decryption and the file you receive is decrypted when you receive it. To your code, everything works the same way as if it weren't encrypted because when you download the file it's plain text even though on the physical storage media at S3 it's encrypted. The keys managed with KMS if that is how you configure it. – Michael - sqlbot Feb 08 '17 at 11:13
  • @Michael The file encryption and decryption using KMS is not possible is it right? – Team Feb 08 '17 at 11:47
  • Right. But you don't need an external service to encrypt/decrypt files in node. See [this answer](http://stackoverflow.com/a/27345933/1695906), for example. – Michael - sqlbot Feb 08 '17 at 12:05
  • @Michael-sqlbot what prevents you from calling KMS to get a data key, reading the file, encrypting its contents in memory and saving to a new file? – Viccari Apr 24 '17 at 17:11
  • @Viccari, you're right -- nothing prevents that. The issue here is that the question seems to show a lack of research. – Michael - sqlbot Apr 24 '17 at 20:02

0 Answers0