aws-dynamodb-encryption-java
aws-dynamodb-encryption-java copied to clipboard
aws
Amazon DynamoDB Encryption Client for Java
Bumps [aws-java-sdk-bom](https://github.com/aws/aws-sdk-java) from 1.12.351 to 1.12.407. Changelog Sourced from aws-java-sdk-bom's changelog. 1.12.407 2023-02-14 AWS DataSync Features With this launch, we are giving customers the ability to use older SMB protocol...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
There is no simple support for AWS KMS grant tokens. Customers can extend `DirectKmsMaterialProvider` and override the `generateDataKey` or the appropriate AWS KMS call. see https://github.com/aws/aws-dynamodb-encryption-java/blob/41ad9bf0e06b9da8dab83cb9d804d3eb68ef29f5/sdk1/src/main/java/com/amazonaws/services/dynamodbv2/datamodeling/encryption/providers/DirectKmsMaterialProvider.java#L250
### Problem: The AWS docs mention "rotating cryptographic material" here: https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/most-recent-provider.html However it could be more clear what "call the provider store's Create New Provider operation with the material name...
This line throws a null pointer exception if you attempt to decrypt a record where the amzn-ddb-map-desc attribute has been manually removed: https://github.com/aws/aws-dynamodb-encryption-java/blob/master/sdk1/src/main/java/com/amazonaws/services/dynamodbv2/datamodeling/encryption/providers/DirectKmsMaterialProvider.java#L126 We should check this earlier and throw...
### Problem: The correct behavior of the DirectKMSMaterialProvider is to use the configured CMK on encrypt, and to let KMS determine the correct CMK to use on Decrypt (this is...
### Problem: If a user attempts to use a CachingMostRecentProvider to decrypt a record that *does* contain a mat-desc, but that mat-desc does not contain the key value "amzn-ddb-meta-id," they...
https://github.com/aws/aws-dynamodb-encryption-java/blob/master/sdk1/src/main/java/com/amazonaws/services/dynamodbv2/datamodeling/encryption/EncryptionContext.java#L220 https://github.com/aws/aws-dynamodb-encryption-java/blob/master/sdk2/src/main/java/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/EncryptionContext.java#L182 A safe `toString()` method for `EncryptionContext` would be extremely useful for logging within material providers, and we can get there by excluding attributeValues from being printed. Since it...
This depends on #23 We should allow automatic rotation to be configured in the `MetaStore` such that an attempt to use an overly old key automatically (and silently) triggers creation...
Currently the library encrypts and signs every field in all entities by _default_ unless `@DoNotEncrypt` or `@DoNotTouch` are applied to fields or types. The feedback I'd like to provide is...
