amazon-s3-encryption-client-java icon indicating copy to clipboard operation
amazon-s3-encryption-client-java copied to clipboard

Published 20 hours ago verified publisher icon aws

Feature Request: Single Configuration Option for all Clients

Open kessplas opened this issue 1 year ago • 1 comments

Problem:

Multiple customers have run into issues where they have configured an AWS SDK client (usually the wrapped S3 Client), but then are unable to call KMS correctly because the KMS client instantiated by default in the KMS keyring has not had this configuration applied. (See https://github.com/aws/amazon-s3-encryption-client-java/issues/201.) The solution is to configure the KMS client and pass it to an explicitly-instantiated KMS keyring, but this is verbose, and does not match the behavior in the v1/v2 S3EC's constructor.

Having finer-grained control over the configuration is a useful feature but customers may prefer to use the same configuration for all clients.

Solution:

Provide a top-level client configuration option, most likely in the S3EncryptionClient/S3AsyncEncryptionClient builders, which is then propagated to all of the wrapped clients (S3Client, S3AsyncClient, KMS).

This works slightly differently in AWS SDK for Java v2, so we'll need some time to figure out a design which is sufficient for all configuration options.

Out of scope:

n/a?

kessplas avatar Apr 02 '24 17:04 kessplas

Do we have any update, when this feature would be available?

shringiarun avatar May 31 '24 03:05 shringiarun

This feature has been released in version 3.2.0. There is now an option to provide "top-level" credentials. You can look into this example for top-level client configuration.

rishav-karanjit avatar Aug 28 '24 18:08 rishav-karanjit