Question 1

How to integrate DynamoDB encryption client with Spring Boot?

Accepted Answer

Configure a DynamoDBMapper bean with AttributeEncryptor and an EncryptionMaterialsProvider, such as KeyStoreMaterialsProvider, in your Spring configuration. Ensure you set SaveBehavior.PUT to prevent signature issues.

Question 2

DynamoDB encryption client vs AWS KMS for DynamoDB encryption?

Accepted Answer

This library provides client-side encryption at the application layer, giving you full control over keys and algorithms. AWS KMS offers server-side encryption managed by AWS, which is easier to set up but less flexible for custom compliance needs.

Question 3

What happens if I query encrypted data without all attributes?

Accepted Answer

Signature verification will fail because all encrypted or signed attributes must be included during retrieval, as stated in the known limitations. This can break queries that don't fetch full items.

Question 4

How do I migrate encrypted data when changing the schema?

Accepted Answer

You need to manually update attribute actions and potentially re-encrypt existing data, following the guidance in the 'Changing Your Data Model' section. It's a complex process that requires careful planning to avoid data loss.

Question 5

Can I use DynamoDB encryption client with DynamoDB Streams?

Accepted Answer

Yes, but encrypted attributes in streams will be in their encrypted binary form, so you'll need to decrypt them using the same library or key management setup, adding processing overhead.

Question 6

What's the difference between @DoNotEncrypt and @DoNotTouch annotations?

Accepted Answer

@DoNotEncrypt skips encryption but still signs the attribute for integrity, while @DoNotTouch excludes the attribute from both encryption and signing, useful for non-sensitive data like metadata.

aws-dynamodb-encryption-java

What is aws-dynamodb-encryption-java?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions