search

awslabs / dynamodb-data-mapper-js

A schema-based data mapper for Amazon DynamoDB.
https://awslabs.github.io/dynamodb-data-mapper-js/
Apache License 2.0
817 stars 106 forks source link

Support for Encrypt/Decrypt Attributes #190

Open kmbro opened 4 years ago

kmbro commented 4 years ago

Feature Request/Question

The equivalent libraries in both Java and Python have encryption/decryption built in. Python repo.

Is there going to be similar support for encrypting/decrypting tables and or attributes in this library? If so, is there a timeframe for it? I am willing to help, just wanted to know where that is at before I start translating the python client into node/creating a pull request here.

Background

I tried to just encrypt individual dynamo attributes in my tables with this library encryption-sdk-javascript but it had 300+ms latencies for each individual decryption call for each record in dynamodb, so a 50 record query would take 15 seconds (about). I did the same query with the python encryption library linked above and 50 records took about 2.5 seconds. So I would love the same functionality that is in the python library here as part of this library. Something like:

// encryptedTable(tableName, materialProvider, defaultAction?)  -- defaultAction could encrypt all the attributes if wanted, or you can individually select with @encrypted
@encryptedTable('SomeTable', 'SomeKmsArn', )
export class SomeTable {
  @hashKey()
  pk: string;  

  @rangeKey()
  sk: string;

  @encrypted()
  @attribute()
  data: string;
  ...
}

Thanks!