In the preceding screenshot, we can get the boilerplate code that aids us with this decryption. The following code block shows it adapted for our use case:
private String decryptKey(String keyName) { System.out.println("Decrypting key"); byte[] encryptedKey = Base64.decode(System.getenv(keyName)); AWSKMS client = AWSKMSClientBuilder.defaultClient(); DecryptRequest request = new DecryptRequest() .withCiphertextBlob(ByteBuffer.wrap(encryptedKey)); ByteBuffer plainTextKey = client.decrypt(request).getPlaintext(); return new String(plainTextKey.array(), Charset.forName("UTF-8")); }