Encrypting data using the AWS Encryption SDK
Written by
Updated at January 26, 2024
AWS Encryption SDK is a library that simplifies the process of encrypting and decrypting data. Use it if you want to securely encrypt data without going into the details of encryption algorithms.
The Yandex Cloud provider for the AWS Encryption SDK lets you use the AWS Encryption SDK to encrypt and decrypt data with Yandex Cloud KMS keys. Data is encrypted using envelope encryption (the size of plaintext is not limited). The provider is only supported for Java.
Adding dependencies
Before you start, you need to add dependencies.
Java
Add dependencies using Apache Maven:
<dependency>
<groupId>com.yandex.cloud</groupId>
<artifactId>kms-provider-awscrypto</artifactId>
<version>2.1</version>
</dependency>
Encryption and decryption
Create a Yandex Cloud provider for the AWS Encryption SDK and use the methods of the AwsCrypto class to encrypt and decrypt data.
Java
YcKmsMasterKeyProvider provider = new YcKmsMasterKeyProvider()
.withEndpoint(endpoint)
.withCredentials(credentialProvider)
.withKeyId(keyId);
AwsCrypto awsCrypto = AwsCrypto.standard();
...
byte[] ciphertext = awsCrypto.encryptData(provider, plaintext, aad).getResult();
...
byte[] plaintext = awsCrypto.decryptData(provider, ciphertext).getResult();
Where:
endpoint:api.cloud.yandex.net:443.credentials: Determines the authentication method (for more information, see Authentication in the Yandex Cloud SDK).keyId: ID of the key in KMS.plaintext: Unencrypted text.ciphertext: Encrypted text.aad: AAD context.