Ctrlk

KMS CLI Commands

`encrypt`

Encrypts plaintext into ciphertext by using a CMK.

`decrypt`

Decrypts ciphertext that was encrypted by a KMS CMK.

`sign`

Creates a digital signature for a message or message digest by using the private key in an asymmetric CMK.
To verify the signature, use the verify operation, or use the public key in the same asymmetric CMK outside of KMS.

`create-grant`

Adds a grant to a CMK.
The grant allows the grantee principal to use the CMK when the conditions specified in the grant are met.
When setting permissions, grants are an alternative to key policies.

`revoke-grant`

Revokes the specified grant for the specified CMK.

`generate-data-key`

Generates a unique symmetric data key for client-side encryption.
This operation returns a plaintext copy of the data key and a copy that is encrypted under a CMK that you specify.

PreviousKMS Grants NextImporting key material in KMS

Last updated 4 years ago

Was this helpful?