Skip to content

[Question] Extending ICryptographicMaterialsCache support beyond AwsKmsHierarchicalKeyring #2110

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
GonzaloPardoVillalibre opened this issue Apr 3, 2025 · 2 comments

Comments

@GonzaloPardoVillalibre
Copy link

GonzaloPardoVillalibre commented Apr 3, 2025

Hello @lucasmcdonald3 πŸ˜‡

We're currently preparing to migrate to AWS Encryption SDK V3, primarily to leverage support for RSA public key encryption via RawRsaKeyring β€” a feature not available in V2, where MasterKeyProvider requires private key access as well.

However, we're hitting a challenge around caching. In V2, caching is enabled through CachingCryptoMaterialsManager, which requires a CryptoMaterialsManager as the backing implementation. Unfortunately, DefaultCryptoMaterialsManager only supports MasterKeyProvider, not IKeyring, which is the interface for RawRsaKeyring. Meanwhile, in V3, as far as I know, caching is only supported for AwsKmsHierarchicalKeyring.

This creates a gap β€” there's currently no native way to enable caching for keyring-based encryption, even though RawRsaKeyring is ideal for public-only scenarios like event producers.

Question: Are there any plans to introduce first-class support for caching with keyrings β€” either by extending ICryptographicMaterialsCache support beyond AwsKmsHierarchicalKeyring, or through another mechanism?

In the short term, we're okay proceeding without caching, but knowing whether this is on the roadmap would help us assess the long-term impact or explore alternative approaches.

Thanks again for all the great work on this SDK! πŸ™Œ

@lucasmcdonald3
Copy link
Contributor

Hi @GonzaloPardoVillalibre --

Yes, we will write a replacement for the deprecated CachingCryptoMaterialsManager.

We're tracking this in aws/aws-cryptographic-material-providers-library#480.

@GonzaloPardoVillalibre
Copy link
Author

Hi @lucasmcdonald3,

Lovely, thank you so much for the response! Looking forward to this feature then πŸ˜ƒ

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants