Skip to content

[Question] Extending ICryptographicMaterialsCache support beyond AwsKmsHierarchicalKeyringΒ #2110

Closed
@GonzaloPardoVillalibre

Description

@GonzaloPardoVillalibre

Hello @lucasmcdonald3 πŸ˜‡

We're currently preparing to migrate to AWS Encryption SDK V3, primarily to leverage support for RSA public key encryption via RawRsaKeyring β€” a feature not available in V2, where MasterKeyProvider requires private key access as well.

However, we're hitting a challenge around caching. In V2, caching is enabled through CachingCryptoMaterialsManager, which requires a CryptoMaterialsManager as the backing implementation. Unfortunately, DefaultCryptoMaterialsManager only supports MasterKeyProvider, not IKeyring, which is the interface for RawRsaKeyring. Meanwhile, in V3, as far as I know, caching is only supported for AwsKmsHierarchicalKeyring.

This creates a gap β€” there's currently no native way to enable caching for keyring-based encryption, even though RawRsaKeyring is ideal for public-only scenarios like event producers.

Question: Are there any plans to introduce first-class support for caching with keyrings β€” either by extending ICryptographicMaterialsCache support beyond AwsKmsHierarchicalKeyring, or through another mechanism?

In the short term, we're okay proceeding without caching, but knowing whether this is on the roadmap would help us assess the long-term impact or explore alternative approaches.

Thanks again for all the great work on this SDK! πŸ™Œ

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions