com.amazonaws.encryptionsdk.kms

Class AwsKmsMrkAwareMasterKeyProvider.Builder

java.lang.Object

com.amazonaws.encryptionsdk.kms.AwsKmsMrkAwareMasterKeyProvider.Builder

All Implemented Interfaces:

Cloneable

Enclosing class:

AwsKmsMrkAwareMasterKeyProvider

public static class AwsKmsMrkAwareMasterKeyProvider.Builder
extends Object
implements Cloneable

Method Summary

Modifier and Type	Method and Description
AwsKmsMrkAwareMasterKeyProvider	buildDiscovery() Builds the master key provider in Discovery Mode.
AwsKmsMrkAwareMasterKeyProvider	buildDiscovery(DiscoveryFilter filter) Builds the master key provider in Discovery Mode with a DiscoveryFilter.
AwsKmsMrkAwareMasterKeyProvider	buildStrict(List<String> keyIds) Builds the master key provider in Strict Mode.
AwsKmsMrkAwareMasterKeyProvider	buildStrict(String... keyIds) Builds the master key provider in strict mode.
AwsKmsMrkAwareMasterKeyProvider.Builder	clone()
AwsKmsMrkAwareMasterKeyProvider.Builder	withClientBuilder(com.amazonaws.services.kms.AWSKMSClientBuilder builder) Configures the AwsKmsMrkAwareMasterKeyProvider to use settings from this AWSKMSClientBuilder to configure KMS clients.
AwsKmsMrkAwareMasterKeyProvider.Builder	withCredentials(com.amazonaws.auth.AWSCredentials credentials) Configures the AwsKmsMrkAwareMasterKeyProvider to use specific credentials.
AwsKmsMrkAwareMasterKeyProvider.Builder	withCredentials(com.amazonaws.auth.AWSCredentialsProvider credentialsProvider) Configures the AwsKmsMrkAwareMasterKeyProvider to use specific credentials.
AwsKmsMrkAwareMasterKeyProvider.Builder	withCustomClientFactory(KmsMasterKeyProvider.RegionalClientSupplier regionalClientSupplier) Provides a custom factory function that will vend KMS clients.
AwsKmsMrkAwareMasterKeyProvider.Builder	withDefaultRegion(String defaultRegion) Sets the default region.
AwsKmsMrkAwareMasterKeyProvider.Builder	withDiscoveryMrkRegion(String discoveryMrkRegion) Sets the region contacted for multi-region keys when in Discovery mode.

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

clone

public AwsKmsMrkAwareMasterKeyProvider.Builder clone()

Overrides:

clone in class Object

withDefaultRegion

public AwsKmsMrkAwareMasterKeyProvider.Builder withDefaultRegion(String defaultRegion)

Sets the default region. This region will be used when specifying key IDs for encryption or in MasterKeyProvider.getMasterKey(String) that are not full ARNs, but are instead bare key IDs or aliases.

If the default region is not specified, the AWS SDK default region will be used.

Parameters:

defaultRegion - The default region to use.

See Also:

KmsMasterKeyProvider.Builder.withDefaultRegion(String)

withDiscoveryMrkRegion

public AwsKmsMrkAwareMasterKeyProvider.Builder withDiscoveryMrkRegion(String discoveryMrkRegion)

Sets the region contacted for multi-region keys when in Discovery mode. This region will be used when a multi-region key is discovered on decrypt by MasterKeyProvider.getMasterKey(String).

Parameters:

discoveryMrkRegion - The region to contact to attempt to decrypt multi-region keys.

withCustomClientFactory

public AwsKmsMrkAwareMasterKeyProvider.Builder withCustomClientFactory(KmsMasterKeyProvider.RegionalClientSupplier regionalClientSupplier)

Provides a custom factory function that will vend KMS clients. This is provided for advanced use cases which require complete control over the client construction process.

Because the regional client supplier fully controls the client construction process, it is not possible to configure the client through methods such as withCredentials(AWSCredentialsProvider) or withClientBuilder(AWSKMSClientBuilder); if you try to use these in combination, an IllegalStateException will be thrown.

See Also:

KmsMasterKeyProvider.Builder.withCustomClientFactory(KmsMasterKeyProvider.RegionalClientSupplier)

withCredentials

public AwsKmsMrkAwareMasterKeyProvider.Builder withCredentials(com.amazonaws.auth.AWSCredentialsProvider credentialsProvider)

Configures the AwsKmsMrkAwareMasterKeyProvider to use specific credentials. If a builder was previously set, this will override whatever credentials it set.

See Also:

KmsMasterKeyProvider.Builder.withCredentials(AWSCredentialsProvider)

withCredentials

public AwsKmsMrkAwareMasterKeyProvider.Builder withCredentials(com.amazonaws.auth.AWSCredentials credentials)

Configures the AwsKmsMrkAwareMasterKeyProvider to use specific credentials. If a builder was previously set, this will override whatever credentials it set.

See Also:

KmsMasterKeyProvider.Builder.withCredentials(AWSCredentials)

withClientBuilder

public AwsKmsMrkAwareMasterKeyProvider.Builder withClientBuilder(com.amazonaws.services.kms.AWSKMSClientBuilder builder)

Configures the AwsKmsMrkAwareMasterKeyProvider to use settings from this AWSKMSClientBuilder to configure KMS clients. Note that the region set on this builder will be ignored, but all other settings will be propagated into the regional clients.

This method will overwrite any credentials set using withCredentials(AWSCredentialsProvider).

See Also:

KmsMasterKeyProvider.Builder.withClientBuilder(AWSKMSClientBuilder)

buildDiscovery

public AwsKmsMrkAwareMasterKeyProvider buildDiscovery()

Builds the master key provider in Discovery Mode. In Discovery Mode the KMS Master Key Provider will attempt to decrypt using any key identifier it discovers in the encrypted message. KMS Master Key Providers in Discovery Mode will not encrypt data keys.

See Also:

KmsMasterKeyProvider.Builder.buildDiscovery()

buildDiscovery

public AwsKmsMrkAwareMasterKeyProvider buildDiscovery(DiscoveryFilter filter)

Builds the master key provider in Discovery Mode with a DiscoveryFilter. In Discovery Mode the KMS Master Key Provider will attempt to decrypt using any key identifier it discovers in the encrypted message that is accepted by the filter. KMS Master Key Providers in Discovery Mode will not encrypt data keys.

See Also:

KmsMasterKeyProvider.Builder.buildDiscovery(DiscoveryFilter)

buildStrict

public AwsKmsMrkAwareMasterKeyProvider buildStrict(List<String> keyIds)

Builds the master key provider in Strict Mode. KMS Master Key Providers in Strict Mode will only attempt to decrypt using key ARNs listed in keyIds. KMS Master Key Providers in Strict Mode will encrypt data keys using the keys listed in keyIds

In Strict Mode, one or more CMKs must be provided. For Master Key Providers that will only be used for encryption, you can use any valid KMS key identifier. For providers that will be used for decryption, you must use the key ARN; key ids, alias names, and alias ARNs are not supported.

See Also:

KmsMasterKeyProvider.Builder.buildStrict(List)

buildStrict

public AwsKmsMrkAwareMasterKeyProvider buildStrict(String... keyIds)

Builds the master key provider in strict mode. KMS Master Key Providers in Strict Mode will only attempt to decrypt using key ARNs listed in keyIds. KMS Master Key Providers in Strict Mode will encrypt data keys using the keys listed in keyIds

In Strict Mode, one or more CMKs must be provided. For Master Key Providers that will only be used for encryption, you can use any valid KMS key identifier. For providers that will be used for decryption, you must use the key ARN; key ids, alias names, and alias ARNs are not supported.

See Also:

KmsMasterKeyProvider.Builder.buildStrict(String...)