KMS
KMS - Key Management Service¶
Enumeration:
aws kms list-aliases --region <AWS_REGION>
aws kms list-aliases --region <AWS_REGION> --profile <PROFILE_NAME>
If we find a secret encrypted via the KMS service, we can save to file the decoded base64 binary data and decrypt the blob file using the KMS service
Decrypt:
aws kms decrypt --profile <PROFILE_NAME> --ciphertext-blob fileb://<PATH_TO_FILE> --query Plaintext --output text --region <AWS_REGION>