[Question] Extending ICryptographicMaterialsCache support beyond AwsKmsHierarchicalKeyring #2110
Comments
|
Hi @GonzaloPardoVillalibre -- Yes, we will write a replacement for the deprecated We're tracking this in aws/aws-cryptographic-material-providers-library#480. |
|
Hi @lucasmcdonald3, Lovely, thank you so much for the response! Looking forward to this feature then π |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Hello @lucasmcdonald3 π
We're currently preparing to migrate to AWS Encryption SDK V3, primarily to leverage support for RSA public key encryption via
RawRsaKeyringβ a feature not available in V2, whereMasterKeyProviderrequires private key access as well.However, we're hitting a challenge around caching. In V2, caching is enabled through
CachingCryptoMaterialsManager, which requires aCryptoMaterialsManageras the backing implementation. Unfortunately,DefaultCryptoMaterialsManageronly supportsMasterKeyProvider, notIKeyring, which is the interface forRawRsaKeyring. Meanwhile, in V3, as far as I know, caching is only supported forAwsKmsHierarchicalKeyring.This creates a gap β there's currently no native way to enable caching for keyring-based encryption, even though
RawRsaKeyringis ideal for public-only scenarios like event producers.Question: Are there any plans to introduce first-class support for caching with keyrings β either by extending
ICryptographicMaterialsCachesupport beyondAwsKmsHierarchicalKeyring, or through another mechanism?In the short term, we're okay proceeding without caching, but knowing whether this is on the roadmap would help us assess the long-term impact or explore alternative approaches.
Thanks again for all the great work on this SDK! π
The text was updated successfully, but these errors were encountered: