Quick demo to test out KMS envelope encryption for database.
- AWS Lambda (Python 3.8)
- AWS KMS Customer key
- Lambda role that has access to the CMK to decrypt/encrypt/generateDataKey
NOTE: This demo is just meant to show some very basic code highlighting the envelope encryption method. It is in no way meant to be run in production (hard-coded values, no error checking, etc), but just to give ideas on how it works.
This demo shows how to generate a data key, use that key to encrypt some data, encode that data to make it safe to store in a MySQL text column, and then how to decrypt that data with the encrypted key.