kms-encryption-key-creation

#!/bin/bash

# Create a Key from AWS Console

ALIAS_NAME_KMS_KEY_ID='27c3b11a-eda4-444d-9b1d-721ed053e00d'

mkdir -p /root/secrets/mariadb
mkdir -p /root/secrets/wordpress

# Encryption


aws kms encrypt --region us-east-1 --key-id $ALIAS_NAME_KMS_KEY_ID  --plaintext abc --output text --query CiphertextBlob | base64 --decode > /root/secrets/wordpress/wordpress-database-password.txt
aws kms encrypt --region us-east-1 --key-id $ALIAS_NAME_KMS_KEY_ID  --plaintext bitnami_wordpress --output text --query CiphertextBlob | base64 --decode > /root/secrets/wordpress/wordpress-database-name.txt 
aws kms encrypt --region us-east-1 --key-id $ALIAS_NAME_KMS_KEY_ID  --plaintext asim.arain --output text --query CiphertextBlob | base64 --decode > /root/secrets/wordpress/wordpress-database-user.txt 
aws kms encrypt --region us-east-1 --key-id $ALIAS_NAME_KMS_KEY_ID  --plaintext mariadb --output text --query CiphertextBlob | base64 --decode > /root/secrets/wordpress/wordpress-database-host.txt 



# Decryption

aws kms decrypt --region us-east-1 --ciphertext-blob fileb:///root/secrets/wordpress/wordpress-database-password.txt --output text --query Plaintext | base64 --decode
aws kms decrypt --region us-east-1 --ciphertext-blob fileb:///root/secrets/wordpress/wordpress-database-name.txt --output text --query Plaintext | base64 --decode
aws kms decrypt --region us-east-1 --ciphertext-blob fileb:///root/secrets/wordpress/wordpress-database-user.txt --output text --query Plaintext | base64 --decode
aws kms decrypt --region us-east-1 --ciphertext-blob fileb:///root/secrets/wordpress/wordpress-database-host.txt  --output text --query Plaintext | base64 --decode
#END


WORDPRESS_DATABASE_PASSWORD=`aws kms decrypt --region us-east-1 --ciphertext-blob fileb:///root/secrets/wordpress/wordpress-database-password.txt --output text --query Plaintext | base64 --decode`
WORDPRESS_DATABASE_NAME=`aws kms decrypt --region us-east-1 --ciphertext-blob fileb:///root/secrets/wordpress/wordpress-database-name.txt --output text --query Plaintext | base64 --decode`
WORDPRESS_DATABASE_USER=`aws kms decrypt --region us-east-1 --ciphertext-blob fileb:///root/secrets/wordpress/wordpress-database-user.txt --output text --query Plaintext | base64 --decode`
WORDPRESS_DATABASE_HOST=`aws kms decrypt --region us-east-1 --ciphertext-blob fileb:///root/secrets/wordpress/wordpress-database-host.txt  --output text --query Plaintext | base64 --decode`


echo "\n"
echo "Credentials Decrypted"

echo " This is Wordpress Database Password            = $WORDPRESS_DATABASE_PASSWORD "
echo " This is Wordpress Database Name                = $WORDPRESS_DATABASE_NAME "
echo " This is Wordpress Database User                = $WORDPRESS_DATABASE_USER "
echo " This is Wordpress Database Host ---> POD       = $WORDPRESS_DATABASE_HOST "