A client error (InvalidCiphertextException) occurred when calling the Decrypt operation:

1. Make sure your aws is configured on pc, AWS Access Key ID and AWS Secret Access Key are set. To configure it - run in console:

$ aws configure

(http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html).

2. make sure the file is correct. I had the same issue because some part of BASE64 was missed during copy-paste - so BASE64 code was incorrect. Now it works fine.I use this command for file creation where code is client_secret encoded in Base64 format (letters and numbers of code were randomly changed in example of course):

$echo ZPATMQE/c3o06DQL0FnZn1Q04Ojh8JbKh87gNohFJFvJ8L456JGFFDhtscGHDjOhbnwKDJnUnK5lkjOJHFDkGuyhgouyfk2YFhgfgffftftDTDBtdbItydbtDbtd65Hf654521JHJHFJGSJFAlc3Qhgb4/s3daa435KHGJGjhgf+as54asd54DKUGdasd54asd5DFf+a54faas65454asUHgTm+a | base64 -di > encrypted-file

3. Then I use this command in console to get the final result:

$ echo $(aws kms decrypt --ciphertext-blob fileb://encrypted-file --query Plaintext --output text | base64 -di)