You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We're currently preparing to migrate to AWS Encryption SDK V3, primarily to leverage support for RSA public key encryption via RawRsaKeyring β a feature not available in V2, where MasterKeyProvider requires private key access as well.
However, we're hitting a challenge around caching. In V2, caching is enabled through CachingCryptoMaterialsManager, which requires a CryptoMaterialsManager as the backing implementation. Unfortunately, DefaultCryptoMaterialsManager only supports MasterKeyProvider, not IKeyring, which is the interface for RawRsaKeyring. Meanwhile, in V3, as far as I know, caching is only supported for AwsKmsHierarchicalKeyring.
This creates a gap β there's currently no native way to enable caching for keyring-based encryption, even though RawRsaKeyring is ideal for public-only scenarios like event producers.
Question: Are there any plans to introduce first-class support for caching with keyrings β either by extending ICryptographicMaterialsCache support beyond AwsKmsHierarchicalKeyring, or through another mechanism?
In the short term, we're okay proceeding without caching, but knowing whether this is on the roadmap would help us assess the long-term impact or explore alternative approaches.
Thanks again for all the great work on this SDK! π
The text was updated successfully, but these errors were encountered:
Uh oh!
There was an error while loading. Please reload this page.
Hello @lucasmcdonald3 π
We're currently preparing to migrate to AWS Encryption SDK V3, primarily to leverage support for RSA public key encryption via
RawRsaKeyring
β a feature not available in V2, whereMasterKeyProvider
requires private key access as well.However, we're hitting a challenge around caching. In V2, caching is enabled through
CachingCryptoMaterialsManager
, which requires aCryptoMaterialsManager
as the backing implementation. Unfortunately,DefaultCryptoMaterialsManager
only supportsMasterKeyProvider
, notIKeyring
, which is the interface forRawRsaKeyring
. Meanwhile, in V3, as far as I know, caching is only supported forAwsKmsHierarchicalKeyring
.This creates a gap β there's currently no native way to enable caching for keyring-based encryption, even though
RawRsaKeyring
is ideal for public-only scenarios like event producers.Question: Are there any plans to introduce first-class support for caching with keyrings β either by extending
ICryptographicMaterialsCache
support beyondAwsKmsHierarchicalKeyring
, or through another mechanism?In the short term, we're okay proceeding without caching, but knowing whether this is on the roadmap would help us assess the long-term impact or explore alternative approaches.
Thanks again for all the great work on this SDK! π
The text was updated successfully, but these errors were encountered: