Encrypting data using the Yandex.Cloud CLI and API
In KMS, you can encrypt and decrypt small amounts of data (up to 32 KB). For more information about available encryption methods, see Which encryption method should I choose?
Before you start
If you don't have the Yandex.Cloud command line interface yet, install and initialize it.
Encrypt data
The command encrypts the plaintext passed in the --plaintext-file
and writes the resulting ciphertext to the --ciphertext-file
.
--id
: ID of the KMS key, make sure you set either the--id
or--name
flag.--name
: Name of the KMS key, make sure you set either the--id
or--name
flag.--version-id
(optional): Version of the KMS key to be used for encryption. The primary version is used by default.--plaintext-file
: Input file with plaintext.--aad-context-file
(optional): Input file with AAD context.--ciphertext-file
: Output file with ciphertext.
$ yc kms symmetric-crypto encrypt \
--id abj76v82ficsmn446ri7 \
--plaintext-file plaintext-file \
--ciphertext-file ciphertext-file
Use the encrypt method for the SymmetricCrypto
resource.
For information about how to encrypt and decrypt data using the Yandex.Cloud SDK, see Encrypting data using the Yandex.Cloud SDK.
For information about how to encrypt and decrypt data using the AWS Encryption SDK, see Encrypting data using the AWS Encryption SDK.
For information about how to encrypt and decrypt data using Google Tink, see Encrypting data using Google Tink.
Decrypt data
The command decrypts the ciphertext passed in the --ciphertext-file
and writes the resulting plaintext to the --plaintext-file
:
id
: ID of the KMS key, make sure you set either the--id
or--name
flag.--name
: Name of the KMS key, make sure you set either the--id
or--name
flag.--ciphertext-file
: Input file with plaintext.--aad-context-file
(optional): Input file with AAD context.--plaintext-file
: Output file with ciphertext.
$ yc kms symmetric-crypto decrypt \
--id abj76v82ficsmn446ri7 \
--ciphertext-file ciphertext-file \
--plaintext-file decrypted-file
Use the decrypt method for the SymmetricCrypto
resource.
For information about how to encrypt and decrypt data using the Yandex.Cloud SDK, see Encrypting data using the Yandex.Cloud SDK.
For information about how to encrypt and decrypt data using the AWS Encryption SDK, see Encrypting data using the AWS Encryption SDK.
For information about how to encrypt and decrypt data using Google Tink, see Encrypting data using Google Tink.