am able to encrypt without --ciphertext-file file path using the below command
echo -n mytext | gcloud kms encrypt --plaintext-file=- \
--ciphertext-file=- --location=xxxx --keyring=xxx \
--key=xxxx | base64
the above command returns a response CiQALDSTqyFnlrxtK9phQqLb849IZTiIOvjsG2.....
now I want to decrypt CiQALDSTqyFnlrxtK9phQqLb849IZTiIOvjsG2......
below is what I tried but didn't work for me
echo -n CiQALDSTqyFnlrxtK9phQqLb849IZTiIOvjsG2..... | \
gcloud kms decrypt --plaintext-file=- \
--ciphertext-file=- --location=xxx --keyring=xxx \
--key=xxx | base64
got the error ERROR: (gcloud.kms.decrypt) INVALID_ARGUMENT: Decryption failed: the ciphertext is invalid.
Thanks, any help will be appreciated
The base64 command in your first example encodes the value. You have to decode the value in your second command:
echo -n CiQALDSTqyFnlrxtK9phQqLb849IZTiIOvjsG2..... | \
base64 --decode | \
gcloud kms decrypt --plaintext-file=- \
--ciphertext-file=- --location=xxx --keyring=xxx \
--key=xxx