public class KmsMasterKeyProvider extends MasterKeyProvider<KmsMasterKey> implements KmsMethods
MasterKey
s backed by the AWS Key Management Service. This object is regional and
if you want to use keys from multiple regions, you'll need multiple copies of this object.
This component is not multi-Region key aware, and will treat every AWS KMS identifier as regionally isolated.
Modifier and Type | Class and Description |
---|---|
static class |
KmsMasterKeyProvider.Builder |
static interface |
KmsMasterKeyProvider.RegionalClientSupplier |
Modifier and Type | Method and Description |
---|---|
void |
addGrantToken(String grantToken)
Deprecated.
This method is inherently not thread safe. Use
withGrantTokens(List) or
KmsMasterKey.setGrantTokens(List) instead. KmsMasterKeyProvider s
constructed using the builder will throw an exception on attempts to modify the list of
grant tokens. |
static KmsMasterKeyProvider.Builder |
builder() |
DataKey<KmsMasterKey> |
decryptDataKey(CryptoAlgorithm algorithm,
Collection<? extends EncryptedDataKey> encryptedDataKeys,
Map<String,String> encryptionContext)
Iterates through
encryptedDataKeys and returns the first one which can be successfully
decrypted. |
String |
getDefaultProviderId()
Returns "aws-kms"
|
List<String> |
getGrantTokens()
Returns the grantTokens which this object sends to KMS when calling it.
|
KmsMasterKey |
getMasterKey(String provider,
String keyId)
Returns the specified
MasterKey if possible. |
List<KmsMasterKey> |
getMasterKeysForEncryption(MasterKeyRequest request)
Returns all CMKs provided to the constructor of this object.
|
void |
setGrantTokens(List<String> grantTokens)
Deprecated.
This method is inherently not thread safe. Use
KmsMasterKey.setGrantTokens(List) instead. KmsMasterKeyProvider s constructed using
the builder will throw an exception on attempts to modify the list of grant tokens. |
KmsMasterKeyProvider |
withGrantTokens(List<String> grantTokens)
Returns a new
KmsMasterKeyProvider that is configured identically to this one, except
with the given list of grant tokens. |
KmsMasterKeyProvider |
withGrantTokens(String... grantTokens)
Returns a new
KmsMasterKeyProvider that is configured identically to this one, except
with the given list of grant tokens. |
buildCannotDecryptDksException, buildCannotDecryptDksException, buildCannotDecryptDksException, canProvide, getMasterKey
public static KmsMasterKeyProvider.Builder builder()
public String getDefaultProviderId()
getDefaultProviderId
in class MasterKeyProvider<KmsMasterKey>
public KmsMasterKey getMasterKey(String provider, String keyId) throws UnsupportedProviderException, NoSuchMasterKeyException
MasterKeyProvider
MasterKey
if possible.getMasterKey
in class MasterKeyProvider<KmsMasterKey>
UnsupportedProviderException
- if this object cannot return MasterKey
s associated
with the given providerNoSuchMasterKeyException
- if this object cannot find (and thus construct) the MasterKey
associated with keyId
public List<KmsMasterKey> getMasterKeysForEncryption(MasterKeyRequest request)
getMasterKeysForEncryption
in class MasterKeyProvider<KmsMasterKey>
public DataKey<KmsMasterKey> decryptDataKey(CryptoAlgorithm algorithm, Collection<? extends EncryptedDataKey> encryptedDataKeys, Map<String,String> encryptionContext) throws AwsCryptoException
MasterKeyProvider
encryptedDataKeys
and returns the first one which can be successfully
decrypted.decryptDataKey
in class MasterKeyProvider<KmsMasterKey>
null
UnsupportedProviderException
- if the encryptedDataKey
is associated with an
unsupported providerCannotUnwrapDataKeyException
- if the encryptedDataKey
cannot be decryptedAwsCryptoException
@Deprecated public void setGrantTokens(List<String> grantTokens)
KmsMasterKey.setGrantTokens(List)
instead. KmsMasterKeyProvider
s constructed using
the builder will throw an exception on attempts to modify the list of grant tokens.KmsMethods
grantTokens
which should be submitted to KMS when calling it.setGrantTokens
in interface KmsMethods
public List<String> getGrantTokens()
KmsMethods
getGrantTokens
in interface KmsMethods
@Deprecated public void addGrantToken(String grantToken)
withGrantTokens(List)
or
KmsMasterKey.setGrantTokens(List)
instead. KmsMasterKeyProvider
s
constructed using the builder will throw an exception on attempts to modify the list of
grant tokens.KmsMethods
grantToken
to the list of grantTokens sent to KMS when this class calls it.addGrantToken
in interface KmsMethods
public KmsMasterKeyProvider withGrantTokens(List<String> grantTokens)
KmsMasterKeyProvider
that is configured identically to this one, except
with the given list of grant tokens. The grant token list in the returned provider is immutable
(but can be further overridden by invoking withGrantTokens again).grantTokens
- public KmsMasterKeyProvider withGrantTokens(String... grantTokens)
KmsMasterKeyProvider
that is configured identically to this one, except
with the given list of grant tokens. The grant token list in the returned provider is immutable
(but can be further overridden by invoking withGrantTokens again).grantTokens
- Copyright © 2023. All rights reserved.