{"id":18510775,"url":"https://github.com/envato/ejsonkms","last_synced_at":"2025-04-09T04:33:23.092Z","repository":{"id":48103482,"uuid":"205779336","full_name":"envato/ejsonkms","owner":"envato","description":"Integrates EJSON with AWS KMS","archived":false,"fork":false,"pushed_at":"2025-03-01T20:35:31.000Z","size":67,"stargazers_count":9,"open_issues_count":5,"forks_count":3,"subscribers_count":41,"default_branch":"main","last_synced_at":"2025-03-23T23:27:18.085Z","etag":null,"topics":["aws-kms","ejson","encryption"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/envato.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-09-02T04:55:03.000Z","updated_at":"2025-03-01T20:35:32.000Z","dependencies_parsed_at":"2023-01-31T15:15:53.232Z","dependency_job_id":"a743550f-89a3-4b2e-897a-78e29c442a3a","html_url":"https://github.com/envato/ejsonkms","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envato%2Fejsonkms","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envato%2Fejsonkms/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envato%2Fejsonkms/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envato%2Fejsonkms/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/envato","download_url":"https://codeload.github.com/envato/ejsonkms/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247980833,"owners_count":21027803,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws-kms","ejson","encryption"],"created_at":"2024-11-06T15:25:03.428Z","updated_at":"2025-04-09T04:33:22.688Z","avatar_url":"https://github.com/envato.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ejsonkms\n\n`ejsonkms` combines the [ejson library](https://github.com/Shopify/ejson) with [AWS Key Management\nService](https://aws.amazon.com/kms/) to simplify deployments on AWS. The EJSON private key is encrypted with\nKMS and stored inside the EJSON file as `_private_key_enc`. Access to decrypt secrets can be controlled with IAM\npermissions on the KMS key.\n\n## Install\n\nPrecompiled binaries can be downloaded from [releases](https://github.com/envato/ejsonkms/releases).\n\n### Go\n\n```\ngo install github.com/envato/ejsonkms/cmd/ejsonkms@latest\n\n# Move binary to somewhere on $PATH. E.g.,\nsudo cp \"${GOBIN:-$HOME/go/bin}/ejsonkms\" /usr/local/bin/\n\nejsonkms\n```\n\nThis will install the binary to `$GOBIN/ejsonkms`.\n\n## Usage\n\nGenerating an EJSON file:\n\n```\n$ ejsonkms keygen --aws-region us-east-1 --kms-key-id bc436485-5092-42b8-92a3-0aa8b93536dc -o secrets.ejson\nPrivate Key: ae5969d1fb70faab76198ee554bf91d2fffc44d027ea3d804a7c7f92876d518b\n$ cat secrets.ejson\n{\n  \"_public_key\": \"6b8280f86aff5f48773f63d60e655e2f3dd0dd7c14f5fecb5df22936e5a3be52\",\n  \"_private_key_enc\": \"S2Fybjphd3M6a21zOnVzLWVhc3QtMToxMTExMjIyMjMzMzM6a2V5L2JjNDM2NDg1LTUwOTItNDJiOC05MmEzLTBhYThiOTM1MzZkYwAAAAAycRX5OBx6xGuYOPAmDJ1FombB1lFybMP42s7PGmoa24bAesPMMZtI9V0w0p0lEgLeeSvYdsPuoPROa4bwnQxJB28eC6fHgfWgY7jgDWY9uP/tgzuWL3zuIaq+9Q==\"\n}\n```\n\nEncrypting:\n\n```\n$ ejsonkms encrypt secrets.ejson\n```\n\nDecrypting:\n\n```\n$ ejsonkms decrypt secrets.ejson\n{\n  \"_public_key\": \"6b8280f86aff5f48773f63d60e655e2f3dd0dd7c14f5fecb5df22936e5a3be52\",\n  \"_private_key_enc\": \"S2Fybjphd3M6a21zOnVzLWVhc3QtMToxMTExMjIyMjMzMzM6a2V5L2JjNDM2NDg1LTUwOTItNDJiOC05MmEzLTBhYThiOTM1MzZkYwAAAAAycRX5OBx6xGuYOPAmDJ1FombB1lFybMP42s7PGmoa24bAesPMMZtI9V0w0p0lEgLeeSvYdsPuoPROa4bwnQxJB28eC6fHgfWgY7jgDWY9uP/tgzuWL3zuIaq+9Q==\",\n  \"environment\": {\n    \"my_secret\": \"secret123\"\n  }\n}\n```\n\nExporting shell variables (from [ejson2env](https://github.com/Shopify/ejson2env)):\n\n```\n$ exports=$(ejsonkms env secrets.ejson)\n$ echo $exports\nexport my_secret=secret123\n$ eval $exports\n$ echo my_secret\nsecret123\n```\n\nNote that only secrets under the \"environment\" key will be exported using the `env` command.\n\n## pre-commit hook\n\nA [pre-commit](https://pre-commit.com/) hook is also supported to automatically run `ejsonkms encrypt` on all `.ejson` files in a repository.\n\nTo use, add the following to a `.pre-commit-config.yaml` file in your repository:\n\n```yaml\nrepos:\n  - repo: https://github.com/envato/ejsonkms\n    hooks:\n      - id: run-ejsonkms-encrypt\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenvato%2Fejsonkms","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fenvato%2Fejsonkms","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenvato%2Fejsonkms/lists"}