aws-sdk-java-v2
aws-sdk-java-v2 copied to clipboard
aws
Client-Side Encryption
Client-side encryption and signing is supported by the S3 and dynamo DB clients in 1.11.x, but not in 2.0.x. This feature is used by a large number of customers and should be supported in 2.0.x.
Not yet, unfortunately. It's definitely on our radar, but we're still trying to figure out when the right time is to tackle it. We know it's going to be a hard blocker for some people to migrate to V2. Can we assume that's the case for you as well?
Yes, client-site encryption (or rather lack of) is a blocking issue from migration to this SDK version.
I can see that it is possible to use client side encryption through PutObjectRequest from v1. Is that the target or just a temporary solution?
Sorry, once we have something to report, we will update this issue. Feel free to +1 the related issue here, as well: https://github.com/aws/aws-encryption-sdk-java/issues/58
@cenedhryn We are using Quarkus as our microservice framework and using aws sdk version v1 to decrypt the data from DynamoDB and running into issues while running the quarkus app. Any idea when the DynamoDB Encryption Client will be ready for aws sdk version v2? Thanks!
When implementing the V2 encryption client, can we consider forwarding .withRequestCredentialsProvider() request decorators to the internal KMS client? As of V1 the internal KMS client picks up whatever was provided in builder.withCredentials() but doesn't respect .withRequestCredentialsProvider(). This would greatly help us with our use case, as well as net some perf improvements.
Looking for this feature. Want to try client side encryption with S3AsyncClient (AWS SDK 2.17.1). Currently using AmazonS3EncryptionV2.. from SDK 1.11.9
+1. Amazon Athena's only option for CSE is via the v1 AmazonS3EncryptionClient
Please! We recently embarked on an SDK migration, but got stymied by lack of S3 client-side encryption and had to roll it all back.
@wheezil thanks for the feedback. We're actively working on S3 client side encryption and are nearing completion. We'll comment on this issue when it's released.
This is actually the only reason I need to use the sdk, just chiming in here that it's needed :)
The AWS crypto tools team has launched the S3 encryption client with support for the AWS SDK for Java 2.x!
https://docs.aws.amazon.com/amazon-s3-encryption-client/latest/developerguide/what-is-s3-encryption-client.html https://github.com/aws/amazon-s3-encryption-client-java
There's more in the works, but check it out and cut them some issues for anything you'd like to see!
The new AWS Database Encryption SDK is out, in developer preview mode.
https://docs.aws.amazon.com/database-encryption-sdk/latest/devguide/what-is-database-encryption-sdk.html
As a reminder, libraries under developer preview are not recommended for production environments because they are subject to change. Feel free to share your feedback here or in their Github repo -
aws/aws-database-encryption-sdk-dynamodb-java
The AWS Database Encryption SDK is now GA, so I'm closing this issue.
Both new S3 Encryption and Database Encryption clients are independent libraries maintained by the AWS Crypto Tools team. To contact the maintainers, please open an issue in the respective Github repo:
- Amazon S3 Encryption client - https://github.com/aws/amazon-s3-encryption-client-java
- AWS Database Encryption SDK - https://github.com/aws/aws-database-encryption-sdk-dynamodb-java/
⚠️COMMENT VISIBILITY WARNING⚠️
Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}