Package com.amazonaws.encryptionsdk.kms

Class KmsMasterKeyProvider.Builder

    • Method Detail

      • withDefaultRegion

        public KmsMasterKeyProvider.Builder withDefaultRegion​(String defaultRegion)
        Sets the default region. This region will be used when specifying key IDs for encryption or in MasterKeyProvider.getMasterKey(String) that are not full ARNs, but are instead bare key IDs or aliases.

        If the default region is not specified, only full key ARNs will be usable.

        Parameters:
        defaultRegion - The default region to use.
        Returns:

      • withCredentials

        public KmsMasterKeyProvider.Builder withCredentials​(com.amazonaws.auth.AWSCredentialsProvider credentialsProvider)
        Configures the KmsMasterKeyProvider to use specific credentials. If a builder was previously set, this will override whatever credentials it set.
        Parameters:
        credentialsProvider -
        Returns:

      • withCredentials

        public KmsMasterKeyProvider.Builder withCredentials​(com.amazonaws.auth.AWSCredentials credentials)
        Configures the KmsMasterKeyProvider to use specific credentials. If a builder was previously set, this will override whatever credentials it set.
        Parameters:
        credentials -
        Returns:

      • withClientBuilder

        public KmsMasterKeyProvider.Builder withClientBuilder​(com.amazonaws.services.kms.AWSKMSClientBuilder builder)
        Configures the KmsMasterKeyProvider to use settings from this AWSKMSClientBuilder to configure KMS clients. Note that the region set on this builder will be ignored, but all other settings will be propagated into the regional clients.

        This method will overwrite any credentials set using withCredentials(AWSCredentialsProvider).

        Parameters:
        builder -
        Returns:

      • buildDiscovery

        public KmsMasterKeyProvider buildDiscovery()
        Builds the master key provider in Discovery Mode. In Discovery Mode the KMS Master Key Provider will attempt to decrypt using any key identifier it discovers in the encrypted message. KMS Master Key Providers in Discovery Mode will not encrypt data keys.
        Returns:

      • buildDiscovery

        public KmsMasterKeyProvider buildDiscovery​(DiscoveryFilter filter)
        Builds the master key provider in Discovery Mode with a DiscoveryFilter. In Discovery Mode the KMS Master Key Provider will attempt to decrypt using any key identifier it discovers in the encrypted message that is accepted by the filter. KMS Master Key Providers in Discovery Mode will not encrypt data keys.
        Parameters:
        filter -
        Returns:

      • buildStrict

        public KmsMasterKeyProvider buildStrict​(List<String> keyIds)
        Builds the master key provider in Strict Mode. KMS Master Key Providers in Strict Mode will only attempt to decrypt using key ARNs listed in keyIds. KMS Master Key Providers in Strict Mode will encrypt data keys using the keys listed in keyIds

        In Strict Mode, one or more CMKs must be provided. For providers that will only be used for encryption, you can use any valid KMS key identifier. For providers that will be used for decryption, you must use the key ARN; key ids, alias names, and alias ARNs are not supported.

        Parameters:
        keyIds -
        Returns:

      • buildStrict

        public KmsMasterKeyProvider buildStrict​(String... keyIds)
        Builds the master key provider in strict mode. KMS Master Key Providers in Strict Mode will only attempt to decrypt using key ARNs listed in keyIds. KMS Master Key Providers in Strict Mode will encrypt data keys using the keys listed in keyIds

        In Strict Mode, one or more CMKs must be provided. For providers that will only be used for encryption, you can use any valid KMS key identifier. For providers that will be used for decryption, you must use the key ARN; key ids, alias names, and alias ARNs are not supported.

        Parameters:
        keyIds -
        Returns:

      • snoopClientCache

        protected void snoopClientCache​(ConcurrentHashMap<String,​com.amazonaws.services.kms.AWSKMS> map)