Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Client-Side Encryption #34

Closed
millems opened this issue Jul 3, 2017 · 22 comments
Closed

Client-Side Encryption #34

millems opened this issue Jul 3, 2017 · 22 comments
Labels
1.x Parity feature-request A feature should be added or improved. p1 This is a high priority issue

Comments

@millems
Copy link
Contributor

millems commented Jul 3, 2017

Client-side encryption and signing is supported by the S3 and dynamo DB clients in 1.11.x, but not in 2.0.x. This feature is used by a large number of customers and should be supported in 2.0.x.

4/6/23 Update: The AWS crypto tools team has launched the S3 encryption client with support for the AWS SDK for Java 2.x! Check it out here:

11/17/23 Update: A new Database Encryption client was launched with support for the AWS SDK for Java 2.x, and it's also maintained by the AWS Crypto Tools team. For more info:

@NikolayAtSony
Copy link

Any update on this feature?

@millems
Copy link
Contributor Author

millems commented Nov 21, 2017

Not yet, unfortunately. It's definitely on our radar, but we're still trying to figure out when the right time is to tackle it. We know it's going to be a hard blocker for some people to migrate to V2. Can we assume that's the case for you as well?

@NikolayAtSony
Copy link

Yes, client-site encryption (or rather lack of) is a blocking issue from migration to this SDK version.

@mateuszmrozewski
Copy link

I can see that it is possible to use client side encryption through PutObjectRequest from v1. Is that the target or just a temporary solution?

@justnance justnance added feature-request A feature should be added or improved. and removed Feature Request labels Apr 19, 2019
@millems millems changed the title First-class support for client-side encryption Client-side encryption Jul 8, 2019
@millems millems changed the title Client-side encryption Client-Side Encryption (Separate Team) Jul 8, 2019
@millems millems changed the title Client-Side Encryption (Separate Team) Client-Side Encryption Jul 10, 2019
@israelstmz
Copy link

Any news regarding ETA of this feature?

@millems
Copy link
Contributor Author

millems commented Jan 2, 2020

@israelst11 Sorry, nothing to report at this time.

@KassHino
Copy link

Any updates?

@mibollma
Copy link

*bump

@millems
Copy link
Contributor Author

millems commented Sep 18, 2020

Sorry, once we have something to report, we will update this issue. Feel free to +1 the related issue here, as well: aws/aws-encryption-sdk-java#58

@cenedhryn
Copy link
Contributor

We have started work on this issue but do not yet have a release date.

@railsmith
Copy link

railsmith commented Jun 11, 2021

@cenedhryn We are using Quarkus as our microservice framework and using aws sdk version v1 to decrypt the data from DynamoDB and running into issues while running the quarkus app. Any idea when the DynamoDB Encryption Client will be ready for aws sdk version v2? Thanks!

@youngchen7
Copy link

When implementing the V2 encryption client, can we consider forwarding .withRequestCredentialsProvider() request decorators to the internal KMS client? As of V1 the internal KMS client picks up whatever was provided in builder.withCredentials() but doesn't respect .withRequestCredentialsProvider(). This would greatly help us with our use case, as well as net some perf improvements.

@robbetto
Copy link

Any update on this issue?

@bluefishcoder
Copy link

bluefishcoder commented Feb 19, 2022

Looking for this feature. Want to try client side encryption with S3AsyncClient (AWS SDK 2.17.1). Currently using AmazonS3EncryptionV2.. from SDK 1.11.9

@AndyShortt
Copy link

+1. Amazon Athena's only option for CSE is via the v1 AmazonS3EncryptionClient

@yasminetalby yasminetalby added the p1 This is a high priority issue label Nov 12, 2022
@wheezil
Copy link

wheezil commented Jan 12, 2023

Please! We recently embarked on an SDK migration, but got stymied by lack of S3 client-side encryption and had to roll it all back.

@jason-weddington
Copy link

@wheezil thanks for the feedback. We're actively working on S3 client side encryption and are nearing completion. We'll comment on this issue when it's released.

@theothermattm
Copy link

This is actually the only reason I need to use the sdk, just chiming in here that it's needed :)

@millems
Copy link
Contributor Author

millems commented Apr 6, 2023

The AWS crypto tools team has launched the S3 encryption client with support for the AWS SDK for Java 2.x!

https://docs.aws.amazon.com/amazon-s3-encryption-client/latest/developerguide/what-is-s3-encryption-client.html
https://github.com/aws/amazon-s3-encryption-client-java

There's more in the works, but check it out and cut them some issues for anything you'd like to see!

@debora-ito
Copy link
Member

debora-ito commented Jul 12, 2023

The new AWS Database Encryption SDK is out, in developer preview mode.

https://docs.aws.amazon.com/database-encryption-sdk/latest/devguide/what-is-database-encryption-sdk.html

As a reminder, libraries under developer preview are not recommended for production environments because they are subject to change. Feel free to share your feedback here or in their Github repo -
aws/aws-database-encryption-sdk-dynamodb-java

@debora-ito
Copy link
Member

The AWS Database Encryption SDK is now GA, so I'm closing this issue.

Both new S3 Encryption and Database Encryption clients are independent libraries maintained by the AWS Crypto Tools team. To contact the maintainers, please open an issue in the respective Github repo:

Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
1.x Parity feature-request A feature should be added or improved. p1 This is a high priority issue
Projects
None yet
Development

No branches or pull requests