Skip to content

Instantly share code, notes, and snippets.

@famousgarkin

famousgarkin/ansible-filter_plugins-aws_kms.py

Created June 12, 2020 05:04
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save famousgarkin/81ec2dd6b2de35b5e653d4724d3dbff4 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save famousgarkin/81ec2dd6b2de35b5e653d4724d3dbff4 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. famousgarkin created this gist Jun 12, 2020.
    21 changes: 21 additions & 0 deletions ansible-filter_plugins-aws_kms.py
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,21 @@
    # https://github.com/ansible/ansible/blob/devel/lib/ansible/plugins/filter/core.py
    # https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/kms.html

    import boto3
    import base64

    kms = boto3.client('kms', region_name='eu-central-1')

    def aws_kms_decrypt(ciphertext):
    '''
    :param ciphertext: Base64 encoded ciphertext from AWS KMS encrypt
    :return plaintext decrypted from given ciphertext
    '''
    return kms.decrypt(CiphertextBlob=base64.b64decode(ciphertext)).get('Plaintext')


    class FilterModule(object):
    def filters(self):
    return {
    'aws_kms_decrypt': aws_kms_decrypt,
    }