* CmpError must return custom error message (#118) (86abacc)
* Deafult entryPruningTailSize (#93) (0344e9f)
* Fix brittle concurrent test (#105) (#60) (c043162)
* fix typo in encryption materials validation (cd6b0aa), closes #84
* fix typo in encryption materials validation (89a234c)
* Forward the underlying error (#90) (bc21551)
- Fixes a runtime check in
VersionKey
Key Store API that no longer checks for the CipherText length on the output of a KMS ReEncrypt API call.
- Introduces Thread Safe Cryptographic Materials Caches (CMCs):
- Storm Tracking Cache
Safe for use in a multi threaded environment,
tries to prevent redundant or overly parallel backend calls.
See Spec changes for details. - Multi Threaded Cache
Safe for use in a multi threaded environment,
but no extra functionality
- Storm Tracking Cache
- CMCs:
- Original Cryptographic Materials Cache has been renamed to Single Threaded Cache
CreateCryptographicMaterialsCacheInput
now ONLY acceptsCacheType
,
which determines which, if any, of the three implemented CMCs will be returned.- The
DefaultCache
isStormTrackingCache
CreateAwsKmsHierarchicalKeyringInput
:- no longer has a
maxCacheSize
field - now has an optional
cache
field for aCacheType
- no longer has a
- Hierarchical Keyring's Key Store:
- The Hierarchical Keyring's Key Store's Data Structure has changed.
As such, entries persisted in the Key Store with prior versions of this library are NOT compatibale.
Instead, we recommend Creating a new DynamoDB Table for this version of the Key Store. - The Key Store's
CreateKeyInput
now takes:- An Optional
String branchKeyIdentifier
- An Optional
EncryptionContext encryptionContext
- This
encryptionContext
will be added to the Encryption Context sent to KMS prefixed withaws-crypto-ec:
- This
- An Optional
- Creating a Key now also calls KMS:ReEncrypt
CreateKeyStore
no longer creates a GSI- The Encryption Context used with KMS'
GenerateDataKeyWithoutPlaintext
no longer include's the discarded GSI'sstatus
. - More details about the Key Store's changes are avaible in our Specification:
- The Hierarchical Keyring's Key Store's Data Structure has changed.
- A variety of fixes to the libraries CI and testing
- Fixes Required Encryption Context CMM and UpdateUsageMetadata names in smithy model
- Fixes PutCacheEntry
- PutCacheEntry will now update an entry. This simplifies using the cache in concurrent situations. Rather than having the caller implement some retry logic the cache will now update the entry.
- Fixes pom.xml to include runtime version of BouncyCastle and removes bundling of BC in the jar.
- Fixes build file to correctly generate pom file with correct dependencies during release.
- Initial release of the AWS Cryptographic Material Providers Library. This release is considered a developer preview and is not intended for production use cases.