AWS SDK for Ruby
Developer Guide

Decrypting an Amazon S3 Bucket Object with an AWS KMS Key

The following example uses the get_object method to get the object my_item from the bucket my_bucket in the us-west-2 region.

Choose Copy to save the code locally.

Create the file decrypt_object_csekms.rb.

Add the required Amazon S3 gem.


Version 2 of the AWS SDK for Ruby didn't have service-specific gems.

require 'aws-sdk-s3' # In v2: require 'aws-sdk'

Get the AWS KMS key from the command line, Where key is an AWS KMS key ID as created in the Creating a CMK in AWS KMS example and must be the same value you used to encrypt the object.

if ARGV.empty?() puts 'You must supply a key' exit 1 end key = ARGV[0]

Set the bucket name and object name.

bucket = 'my_bucket' item = 'my_item'

Create a AWS KMS and Amazon S3 client.

kms = client = kms_key_id: key, kms_client: kms, )

Call get_object to get the object and display the result.

resp = client.get_object(bucket: bucket, key: item) puts

See the complete example on GitHub.