Crate aws_esdk

Source
Expand description

The AWS Encryption SDK enables secure client-side encryption.

Running cargo test --examples for this library runs these example keyrings.

For details see the Examples or the Developer Guide

One of the most common keyrings that you can use is the AWS KMS Keyring. The AWS KMS keyring uses symmetric encryption KMS keys to generate, encrypt and decrypt data keys. You provide the KMS Key and KMS client configuration while providing the keyring.

See full example

// Initialize ESDK client and MPL client
let esdk_config = AwsEncryptionSdkConfig::builder().build()?;
let esdk_client = esdk_client::Client::from_conf(esdk_config)?;

let mpl_config = MaterialProvidersConfig::builder().build()?;
let mpl = mpl_client::Client::from_conf(mpl_config)?;

// Create KMS Keyring
let kms_keyring = mpl
    .create_aws_kms_keyring()
    // your configuration here
    .send()
    .await?;

// Encrypt
let encryption_response = esdk_client.encrypt()
    .plaintext(plaintext)
    .keyring(kms_keyring)
    .encryption_context(encryption_context)
    .send()
    .await?;

let ciphertext = encryption_response
                .ciphertext
                .expect("Unable to unwrap ciphertext from encryption response");

// Decrypt
let decryption_response = esdk_client.decrypt()
    .ciphertext(ciphertext)
    .keyring(kms_keyring)
    .encryption_context(encryption_context)
    .send()
    .await?;

let decrypted_plaintext = decryption_response
                        .plaintext
                        .expect("Unable to unwrap plaintext from decryption response");

// Demonstrate that the decrypted plaintext is identical to the original plaintext.
// (This is an example for demonstration; you do not need to do this in your own code.)
assert_eq!(decrypted_plaintext, aws_smithy_types::Blob::new(plaintext),
    "Decrypted plaintext should be identical to the original plaintext. Invalid decryption");

Re-exports§

pub use client::Client;
pub use types::aws_encryption_sdk_config::AwsEncryptionSdkConfig;

Modules§

aws_cryptography_primitives
client
Client for using encrypt and decrypt operations
com_amazonaws_kms
Rarely needed internal KMS Client, needed for ClientSupplier
error
Errors and error handling utilities.
key_store
Branch key support. See Key Stores
material_providers
Key Rings and other fundamentals.
operation
All operations that this crate can perform.
types
Types for the transform client.