AwsUtils.psm1
Function Aws-Util{ <# .SYNOPSIS Encoding and encryption tool for use with AWS .DESCRIPTION Adds a file name extension to a supplied name. Takes any strings for the file name or extension. .PARAMETER encode base 64 encodes the specified input string .PARAMETER decode base 64 decodes the specified input string .PARAMETER encrypt encrypts the specified input string with the aws encryption key of the current context. Run this command after logging in with the aws-keyhub tool. .PARAMETER decrypt decrypts an existing secret encrypted with the aws encryption key of the current context. Run this command after logging in with the aws-keyhub tool. .PARAMETER i Specifies the input string. Double quotes are optional for simple strings .PARAMETER o Saves the output to a specified file .PARAMETER f uses a file as input rather than a string #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][string]$i, [Parameter(Mandatory=$false)][string]$o, [Parameter(Mandatory=$false)][switch]$encode = $false, [Parameter(Mandatory=$false)][switch]$decode = $false, [Parameter(Mandatory=$false)][switch]$encrypt = $false, [Parameter(Mandatory=$false)][switch]$decrypt = $false, [Parameter(Mandatory=$false)][switch]$f = $false ) BEGIN { $commandHasFailedToRun = $false $processed_file_name = "processed_file" if ($o){ $processed_file_name = $o } if ($f){ Copy-Item $i infile }else { $i | Out-File -NoNewLine -NoClobber infile -Encoding utf8 } } PROCESS { if ($encrypt){ certutil -encodehex infile outfile 1 >$null 2>&1 aws kms encrypt --key-id=alias/topicus/platform --plaintext="$(cat encoded_file)" --output=text --query=CiphertextBlob | Out-File -NoNewLine -NoClobber $processed_file_name cat $processed_file_name Remove-item outfile Remove-item encoded_file } elseif ($decrypt){ certutil -decode infile decoded_string >$null 2>&1 aws kms decrypt --ciphertext-blob fileb://.\decoded_string --query Plaintext --output text > decrypted_file certutil -decode decrypted_file $processed_file_name >$null 2>&1 cat $processed_file_name Remove-item decoded_string Remove-item decrypted_file } elseif ($encode){ certutil -encodehex infile outfile 1 >$null 2>&1 $noNewLines = "$(cat outfile)"-replace "\s+", "" echo $noNewLines $noNewLines | Out-File -NoNewLine -NoClobber $processed_file_name -Encoding utf8 Remove-Item outfile } elseif ($decode){ certutil -decode infile $processed_file_name >$null 2>&1 cat $processed_file_name } else { echo "please specify the -decrypt, -encrypt, -encode or -decode flag" $commandHasFailedToRun = $true; } } END { Remove-Item infile if ($commandHasFailedToRun -eq $false){ if (!$o){ Remove-item .\processed_file } } } } Export-ModuleMember -Function 'Aws-Util' |