https://qiita.com/hellfire/items/2a381b454e943e687f32#%E8%A4%87%E5%90%88%E5%8C%96%E3%81%AB%E3%81%AF%E3%81%BE%E3%82%8B
データを暗号化してDynamoDBへ保存するスクリプトです。
テーブル名とプライマリキーの部分は必要に応じて変更してください。
‘use strict’
const AWS = require(‘aws-sdk’);
const kms = new AWS.KMS({apiVersion: ‘2014-11-01’});
const dynamodb = new AWS.DynamoDB.DocumentClient();
const secretData = ‘3mJaqIONKbdw’
let params = {
KeyId: “XXXXXXXXXXXX”,
Plaintext: Buffer(secretData).toString()
};
// YOUR DynamoDB’s PRIMARY KEY DATA
const id = ‘001’
kms.encrypt(params).promise()
.then(data => {
let encript = data.CiphertextBlob;
const params = {
TableName: ‘YOUR_DYNAMODB_TABLE_NAME’,
Item: {
id,
kms_data: encript
},
}
return dynamodb.put(params).promise()
})
.then(() => console.log(‘OK’))
.catch(err => console.log(err))
‘use strict’
const AWS = require(‘aws-sdk’);
const kms = new AWS.KMS({apiVersion: ‘2014-11-01’});
const dynamodb = new AWS.DynamoDB.DocumentClient();
const id = ‘001’
const params = {
TableName: ‘YOUR_DYNAMODB_TABLE_NAME’,
Key: {
id,
},
}
dynamodb.get(params).promise()
.then(data => {
const encript = data.Item.kms_data
const param = {
CiphertextBlob: encript
};
return kms.decrypt(param).promise()
}).then(data => {
const txt = data.Plaintext;
return txt.toString(‘utf-8’, 0, txt.length);
})
.then((secret) => console.log(secret))
.catch(err => console.log(err))