maciejwalkowiak
commented
10 months ago Zalando made a library to integrate KMS with Spring Boot https://github.com/zalando/spring-cloud-config-aws-kms (does not seem active anymore). Can you show some examples how you would like KMS integration to work? Because I am not entirely sure if I understand your use case.
danielrohe
Type: Feature
Is your feature request related to a problem? Please describe. Looking for AWS KMS integration. There is a use case where a public key alias stored on a dynamodb record. A new public key per record. There will be CRUD operations. For POST calls, it needs to read public key from a record, then encrypt data. For GET calls, decrypt this data using AWS KMS provider.
I didn't find out of the box option in
spring-cloud-aws, so planning to create a customer service. Before creating a custom service, wanted to have some understanding whether, is there an option for this use case?Describe the solution you'd like Ability to integrate KMS service for encryption and decryption. For this use case the strategy is per request. However, the solution can be configurable based on different strategies.
Examples which I could think of (some maybe incorrect):
Describe alternatives you've considered Manually creating a KMS service (spring component) and manage these cases. This will have some side effect where this encryption and decryption (cross cutting) logic will sit at application level. So components which are using this service as dependency will need to cover it's cases. Possible duplication of exception handling and they need to cover in unit tests. Another option to use Spring AoP, which I think a possible option. This application is WebFlux type. The data to be encrypt/decrypt is just a couple of fields, so my understanding AoP may cause excess conversions from and to Mono/Flux. I could be wrong here.
Happy to provide more information as per request