kes key decrypt
Decrypt the contents of a data encryption key and return the plaintext value.
Use the plaintext value for encrypting or decrypting data using the DEK.
kes key decrypt \ <name> \ <ciphertext> \ [<context>] \ [--enclave, -e <name>] \ [--insecure,-k]
The short identifier for the key to use for the data encryption key.
The encrypted text string to decrypt.
The context value to scope the request for a data encryption key.
You create contexts in the
kubeconfig file of a Kubernetes deployment to define a set of cluster, namespace, and user configuration to use.
The short name of the KES enclave to output information about.
Directs the command to skip x.509 certificate validation during the TLS handshake with the KES server. This allows connections to KES servers using untrusted certificates (i.e. self-signed or issued by an unknown Certificate Authority).
MinIO strongly recommends against using this option in production environments.
The following two commands retrieve the ciphertext for a key using the
kes key dek command and store the text as a variable.
The second command then decrypts the ciphertext using the key
$ CIPHERTEXT=$(kes key dek my-key | jq -r .ciphertext) $ kes key decrypt my-key "$CIPHERTEXT"