diff --git a/tools/init_aecs/Cargo.lock b/tools/init_aecs/Cargo.lock
index 329855fb..c411abf0 100644
--- a/tools/init_aecs/Cargo.lock
+++ b/tools/init_aecs/Cargo.lock
@@ -2,10 +2,27 @@
 # It is not intended for manual editing.
 version = 3
 
+[[package]]
+name = "base64"
+version = "0.9.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "489d6c0ed21b11d038c31b6ceccca973e65d73ba3bd8ecb9a2babf5546164643"
+dependencies = [
+ "byteorder",
+ "safemem",
+]
+
+[[package]]
+name = "byteorder"
+version = "1.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610"
+
 [[package]]
 name = "init_aecs"
 version = "0.1.0"
 dependencies = [
+ "base64",
  "libc",
  "serde",
  "serde_json",
@@ -47,6 +64,12 @@ version = "1.0.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f91339c0467de62360649f8d3e185ca8de4224ff281f66000de5eb2a77a79041"
 
+[[package]]
+name = "safemem"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ef703b7cb59335eae2eb93ceb664c0eb7ea6bf567079d843e09420219668e072"
+
 [[package]]
 name = "serde"
 version = "1.0.158"
diff --git a/tools/init_aecs/Cargo.toml b/tools/init_aecs/Cargo.toml
index 6588bb09..59ac1d5d 100644
--- a/tools/init_aecs/Cargo.toml
+++ b/tools/init_aecs/Cargo.toml
@@ -10,4 +10,5 @@ edition = "2021"
 [dependencies]
 libc = "0.2.84"
 serde = { version = "1.0", features = ["derive"] }
-serde_json = "1.0"
\ No newline at end of file
+serde_json = "1.0"
+base64 = "0.9"
\ No newline at end of file
diff --git a/tools/init_aecs/src/main.rs b/tools/init_aecs/src/main.rs
index 9944b2c8..d1c015af 100644
--- a/tools/init_aecs/src/main.rs
+++ b/tools/init_aecs/src/main.rs
@@ -1,3 +1,4 @@
+extern crate base64;
 extern crate libc;
 extern crate serde;
 extern crate serde_json;
@@ -75,6 +76,9 @@ struct KmsKeys {
     key: String,
     path: String,
     service: String,
+    // Encode option, currently only support base64
+    #[serde(default)]
+    encode: Option<String>,
 }
 
 #[derive(Deserialize, Serialize, Debug)]
@@ -133,6 +137,17 @@ fn get_kms_keys(
 
         buffer.resize(buffer_len as usize, 0);
 
+        // Do decode if necessary
+        if let Some(encode) = keys.encode {
+            if encode == "base64" {
+                println!("base64 encoded key {:}", keys.key);
+                let base64_string = String::from_utf8(buffer).expect("error converting to string");
+                let mut buf = Vec::<u8>::new();
+                base64::decode_config_buf(&base64_string, base64::STANDARD, &mut buf).unwrap();
+                buffer = buf.clone();
+            }
+        }
+
         let key_info: KeyInfo = KeyInfo {
             path: keys.path.clone(),
             val_buf: buffer.clone(),