Encrypting data using the AWS Encryption SDK
Written by
Updated at March 3, 2025
AWS Encryption SDK is a library that simplifies the process of encrypting and decrypting data. Use it if you want to securely encrypt data without going into the details of encryption algorithms.
With the Yandex Cloud provider for the AWS Encryption SDK, you can use the AWS Encryption SDK to encrypt and decrypt data in Yandex Key Management Service keys. Data is encrypted using envelope encryption (the size of plaintext is not limited). The provider is only supported for Java.
Adding dependencies
Before you start, you need to add dependencies.
Java
Add dependencies using Apache Maven:
<dependency>
<groupId>com.yandex.cloud</groupId>
<artifactId>kms-provider-awscrypto</artifactId>
<version>2.1</version>
</dependency>
Encryption and decryption
Create a Yandex Cloud provider for the AWS Encryption SDK and use the methods of the AwsCrypto class to encrypt and decrypt data.
Java
YcKmsMasterKeyProvider provider = new YcKmsMasterKeyProvider()
.withEndpoint(endpoint)
.withCredentials(credentialProvider)
.withKeyId(keyId);
AwsCrypto awsCrypto = AwsCrypto.standard();
...
byte[] ciphertext = awsCrypto.encryptData(provider, plaintext, aad).getResult();
...
byte[] plaintext = awsCrypto.decryptData(provider, ciphertext).getResult();
Where:
endpoint:api.cloud.yandex.net:443.credentials: Sets the authentication method. For more information, see Authentication in the Yandex Cloud SDK.keyId: ID of the KMS key.plaintext: Unencrypted text.ciphertext: Ciphertext.aad: AAD context.