├── README.md
├── ocivault-encrypt.sh
├── ocivault-decrypt.sh
└── getsecret.py


/README.md:
--------------------------------------------------------------------------------
1 | # oci-vaultoperations


--------------------------------------------------------------------------------
/ocivault-encrypt.sh:
--------------------------------------------------------------------------------
 1 | echo "Please enter the OCI Vault Cryptographic Endpoint URL"
 2 | read ENDPOINT
 3 | echo "Please enter your Master Encryption Key OCID"
 4 | read KEY
 5 | echo "Please enter the text you wish to encrypt"
 6 | read PLAIN_TEXT
 7 | oci kms crypto encrypt --key-id "$KEY" --endpoint "$ENDPOINT" --plaintext "$( echo $PLAIN_TEXT | base64 -w0 )"
 8 | echo "---------- Encrypted Text ----------"
 9 | encrypted=$(oci kms crypto encrypt --key-id "$KEY" --endpoint "$ENDPOINT" --plaintext "$( echo $PLAIN_TEXT | base64 -w0 )")
10 | export cipher=$(echo $encrypted | jq -r '.data | .ciphertext')
11 | echo $cipher
12 | echo "------------------------------------"
13 | 


--------------------------------------------------------------------------------
/ocivault-decrypt.sh:
--------------------------------------------------------------------------------
 1 | echo "Please enter the OCI Vault Cryptographic Endpoint URL"
 2 | read ENDPOINT
 3 | echo "Please enter your Master Encryption Key OCID"
 4 | read KEY
 5 | echo "Please enter the Encrypted Text (Genreated Above)"
 6 | read CIPHER_TEXT
 7 | echo "---------- Output1 ----------"
 8 | oci kms crypto decrypt --key-id "$KEY" --endpoint "$ENDPOINT" --ciphertext $CIPHER_TEXT
 9 | decrypted=$(oci kms crypto decrypt --key-id "$KEY" --endpoint "$ENDPOINT" --ciphertext $CIPHER_TEXT)
10 | export plain=$(echo $decrypted | jq -r '.data | .plaintext')
11 | echo "---------- Plain Text ----------"
12 | echo $plain | base64 --decode
13 | echo "------------------------------------"
14 | 


--------------------------------------------------------------------------------
/getsecret.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3
 2 | # coding: utf-8
 3 | # COPYRIGHT (c) 2022 ORACLE
 4 | # THIS SAMPLE CODE IS PROVIDED FOR EDUCATIONAL PURPOSES OR
 5 | # TO ASSIST YOUR DEVELOPMENT OR ADMINISTRATION EFFORTS AND
 6 | # PROVIDED "AS IS" AND IS NOT SUPPORTED BY ORACLE CORPORATION.
 7 | # License: http://www.apache.org/licenses/LICENSE-2.0.html
 8 | 
 9 | import oci
10 | import base64
11 | import sys
12 | 
13 | # Replace secret_id value below with the ocid of your secret
14 | secret_id = "ocid1.vaultsecret.oc1.<my_secret_ocid>"
15 | 
16 | # By default this will hit the auth service in the region the instance is running.
17 | signer = oci.auth.signers.InstancePrincipalsSecurityTokenSigner()
18 | 
19 | # In the base case, configuration does not need to be provided as the region and tenancy are obtained from the InstancePrincipalsSecurityTokenSigner
20 | identity_client = oci.identity.IdentityClient(config={}, signer=signer)
21 | 
22 | # Get instance principal context
23 | secret_client = oci.secrets.SecretsClient(config={}, signer=signer)
24 | 
25 | # Retrieve secret
26 | def read_secret_value(secret_client, secret_id):
27 |     response = secret_client.get_secret_bundle(secret_id)
28 |     base64_Secret_content = response.data.secret_bundle_content.content
29 |     base64_secret_bytes = base64_Secret_content.encode('ascii')
30 |     base64_message_bytes = base64.b64decode(base64_secret_bytes)
31 |     secret_content = base64_message_bytes.decode('ascii')
32 |     return secret_content
33 | 
34 | # Print secret
35 | secret_contents = read_secret_value(secret_client, secret_id)
36 | print(format(secret_contents))
37 | 


--------------------------------------------------------------------------------