如何使用DynamoDB加密客户端for Java加密DynamoDB列

wpcxdonn 于 2023-01-29 发布在 Java

关注(0)|答案(1)|浏览(156)

我正在尝试对保存到dynamo表中的数据进行加密。这是生产PII数据，即使对有权查看表数据的人也不应该可见。比如社会安全号码。我正在尝试遵循here的示例。
这是我的代码：

AmazonDynamoDBClient client = new AmazonDynamoDBClient();
AWSKMS kmsClient = AWSKMSClientBuilder.defaultClient();
DirectKmsMaterialProvider cmp = new DirectKmsMaterialProvider(kmsClient, "my-key-arn");
DynamoDBEncryptor encryptor = DynamoDBEncryptor.getInstance(cmp);
DynamoDBMapper mapper = new DynamoDBMapper(client, DynamoDBMapperConfig.builder().withSaveBehavior(
    SaveBehavior.PUT).build(),
    new AttributeEncryptor(encryptor));

Customer customer = new Customer();
customer.setCustomerId("some-id");

//set some other values
...

mapper.save(customer);

客户被保存到数据库中，但没有任何加密，所有内容都是可见的。我做错了什么？

Java

来源：https://stackoverflow.com/questions/75250278/how-do-i-encrypt-a-dynamodb-column-using-dynamodb-encryption-client-for-java

1条答案

按热度按时间

lnlaulya1#

您尚未加密任何内容。请执行步骤5：

final EnumSet<EncryptionFlags> signOnly = EnumSet.of(EncryptionFlags.SIGN);
final EnumSet<EncryptionFlags> encryptAndSign = EnumSet.of(EncryptionFlags.ENCRYPT, EncryptionFlags.SIGN);
final Map<String, Set<EncryptionFlags>> actions = new HashMap<>();

for (final String attributeName : record.keySet()) {
  switch (attributeName) {
    case partitionKeyName: // fall through to the next case
    case sortKeyName:
      // Partition and sort keys must not be encrypted, but should be signed
      actions.put(attributeName, signOnly);
      break;
    case "test":
      // Neither encrypted nor signed
      break;
    default:
      // Encrypt and sign all other attributes
      actions.put(attributeName, encryptAndSign);
      break;
  }
}

赞(0）回复(0）举报 2023-01-29

我来回答

如何使用DynamoDB加密客户端for Java加密DynamoDB列

1条答案

相关问题

热门标签

最新问答