[Question] Migrating from 2.4.1 to 3.0.0

[mode-ankit-khandelwal]

Problem:

Hello ESDK team 🙏

1. How do we migrate from CachingCryptoMaterialsManager to ICryptographicMaterialsManager and ICryptographicMaterialsCache?
   2. How to restrict KeyRings to single keys similar to KmsMasterKeyProvider.builder().buildStrict(keyARN)?

Our existing code usage looks similar to below

OurCrypto(String keyID, String region, int cacheCapacity, int cacheMaxAgeMinutes, String accountId, RegionalClientSupplier factory) {
  this.encryptionKeyProvider = KmsMasterKeyProvider
      .builder()
      .customRegionalClientSupplier(factory)
      .defaultRegion(Region.of(region))
      .buildStrict(keyID);

  var decryptionKeyProvider = KmsMasterKeyProvider
      .builder()
      .customRegionalClientSupplier(factory)
      .defaultRegion(Region.of(region))
      .buildDiscovery(new DiscoveryFilter(PARTITION, List.of(accountId)));

  this.manager = CachingCryptoMaterialsManager.newBuilder()
      .withMasterKeyProvider(decryptionKeyProvider)
      .withCache(new LocalCryptoMaterialsCache(cacheCapacity))
      .withMaxAge(cacheMaxAgeMinutes, TimeUnit.MINUTES)
      .build();
}

[lucasmcdonald3]

Hi @mode-ankit-khandelwal,

1. You cannot use Keyrings with the CachingCMM; the ICryptographicMaterialsManager and ICryptographicMaterialsCache will not work with the legacy CachingCMM. We (AWS Crypto Tools) must release a new caching CMM in the AWS Cryptographic Material Providers Library (MPL) before you can migrate.
2. If you are only using a single key ARN, check out the AwsKmsKeyring: link. This keyring takes in a single KMS key ARN. If you need to use multiple key ARNs, check out the AwsKmsMultiKeyring: link. This keyring takes in a generator key and a list of key ARNs. (See this code example configuring and using this keyring.)

Thanks, Lucas