堆栈内存溢出
  简体   繁体   English

AWS KMS解密错误Credstash

[英]AWS KMS Decrypt Error Credstash

 原文  2017-09-28 04:44:58       aws-kms/ amazon-kms/ credstash

问题描述

My aws account is in us-west-2 region. 我的aws帐户位于us-west-2地区。 and the KMS key created in that account has ARN arn:aws:kms:us-east-1::key/. 并且在该帐户中创建的KMS密钥具有ARN arn:aws:kms:us-east-1 :: key /。 In my node module, I am using Credstash to decrypt the key which is encrypted using the KMS key. 在我的节点模块中,我正在使用Credstash解密使用KMS密钥加密的密钥。 

var credstash = new Credstash({ 'table': 'tablename', 'awsOpts': { 'region':'region' } });
let secret = credstash.getSecret({name: 'keyname'}).then(result =>{
    console.log(result);
});;

I am getting below exception. 我在例外之下。 

 "The ciphertext refers to a customer master key that does not exist,
 does not exist in this region, or you are not allowed to access"

Below is the IAM policy in sls file. 以下是sls文件中的IAM策略。 

Effect: "Allow"
      Action: ["kms:Decrypt"]
      Resource: [
         Fn::Join: ["", [ "arn:aws:kms:us-east-1:accountid:key/",{"Fn::Sub": "kmskey"}]]
      ]

Any pointers to fix this issue will be of great help 任何解决此问题的建议都将有很大帮助

1 个解决方案

解决方案1
 0 已采纳  2017-10-10 05:43:39

请使用以下

new Credstash({ 'table': <table-name>, 'awsOpts' : { 'region': 'us-west-2' }, 'kmsOpts': { 'region' : 'us-east-1'}} )

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS KMS 解密:KMS 密钥是如何配置的? - AWS KMS Decrypt: How is the KMS Key configured? AWS Lambda 的 KMS 解密权限 - KMS Decrypt Permissions for AWS Lambda Boto3 AWS KMS加密和解密文件 - Boto3 AWS KMS encrypt and decrypt file 管理员无法在 AWS KMS 中加密/解密 - Administrator cannot encrypt/decrypt in AWS KMS 如何使用AWS KMS加密和解密字符串? - How to encrypt and decrypt a string using AWS KMS? 如何使用带有Java或AWSKmsClient的AWS Encryption SDK解密AWS KMS密码 - How to decrypt AWS KMS cipher with AWS Encryption SDK with Java or AWSKmsClient aws cli:aws kms使用powershell加密/解密 - aws cli: aws kms encrypt/decrypt using powershell 在 Java 中以编程方式使用 AWS KMS 解密 cypherTextBlob ? 无效密文异常 - Decrypt cypherTextBlob using AWS KMS programmatically in Java ? InvalidCiphertextException AWS KMS 如何确定解密时使用哪个密钥? - How AWS KMS determine which key to use when decrypt? 使用AWS KMS加密/解密Powershell中整个文件夹的内容 - encrypt/decrypt contents of whole folder in powershell using AWS KMS
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM