AwsKmsClient (kafka-schema-registry-client-encryption-aws 7.6.9 API)

java.lang.Object
- io.confluent.kafka.schemaregistry.encryption.aws.AwsKmsClient

All Implemented Interfaces:

com.google.crypto.tink.KmsClient
```
public final class AwsKmsClient
extends Object
implements com.google.crypto.tink.KmsClient
```
An implementation of KmsClient for AWS KMS.

Since:

1.0.0

Field Summary

Fields
Modifier and Type Field and Description

static String PREFIX
The prefix of all keys stored in AWS KMS.

Fields
Modifier and Type	Field and Description
`static String`	`PREFIX` The prefix of all keys stored in AWS KMS.

Constructor Summary

Constructors
Constructor and Description
`AwsKmsClient()` Constructs a generic AwsKmsClient that is not bound to any specific key.
`AwsKmsClient(String uri)` Constructs a specific AwsKmsClient that is bound to a single key identified by `uri`.

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`doesSupport(String uri)`
`com.google.crypto.tink.Aead`	`getAead(String uri)`
`static void`	`register(Optional<String> keyUri, Optional<String> credentialPath)` Creates and registers a `AwsKmsClient(java.lang.String)` with the Tink runtime.
`protected static String`	`removePrefix(String expectedPrefix, String kmsKeyUri)`
`com.google.crypto.tink.KmsClient`	`withCredentials(String credentialPath)` Loads AWS credentials from a properties file.
`com.google.crypto.tink.KmsClient`	`withCredentialsProvider(software.amazon.awssdk.auth.credentials.AwsCredentialsProvider provider)` Loads AWS credentials from a provider.
`com.google.crypto.tink.KmsClient`	`withDefaultCredentials()` Loads default AWS credentials.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - PREFIX
```
public static final String PREFIX
```
    The prefix of all keys stored in AWS KMS.
    
    See Also:
    
    Constant Field Values
- Constructor Detail
  - AwsKmsClient
```
public AwsKmsClient()
```
    Constructs a generic AwsKmsClient that is not bound to any specific key. This constructor should not be used. We recommend to register the client instead.
  - AwsKmsClient
```
public AwsKmsClient(String uri)
```
    Constructs a specific AwsKmsClient that is bound to a single key identified by uri. This constructor should not be used. We recommend to register the client instead.
- Method Detail
  - doesSupport
```
public boolean doesSupport(String uri)
```
    Specified by:
    
    doesSupport in interface com.google.crypto.tink.KmsClient
    
    Returns:
    
    true either if this client is a generic one and uri starts with PREFIX, or the client is a specific one that is bound to the key identified by uri.
  - withCredentials
```
@CanIgnoreReturnValue
public com.google.crypto.tink.KmsClient withCredentials(String credentialPath)
                                                                       throws GeneralSecurityException
```
    Loads AWS credentials from a properties file.
    The AWS access key ID is expected to be in the accessKey property and the AWS secret key is expected to be in the secretKey property.
    
    Specified by:
    
    withCredentials in interface com.google.crypto.tink.KmsClient
    
    Throws:
    
    GeneralSecurityException - if the client initialization fails
  - withDefaultCredentials
```
@CanIgnoreReturnValue
public com.google.crypto.tink.KmsClient withDefaultCredentials()
                                                                              throws GeneralSecurityException
```
    Loads default AWS credentials.
    AWS credentials provider chain that looks for credentials in this order:
    - Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY
    - Java System Properties - aws.accessKeyId and aws.secretKey
    - Credential profiles file at the default location (~/.aws/credentials)
    - Instance profile credentials delivered through the Amazon EC2 metadata service
    Specified by:
    
    withDefaultCredentials in interface com.google.crypto.tink.KmsClient
    
    Throws:
    
    GeneralSecurityException - if the client initialization fails
  - withCredentialsProvider
```
@CanIgnoreReturnValue
public com.google.crypto.tink.KmsClient withCredentialsProvider(software.amazon.awssdk.auth.credentials.AwsCredentialsProvider provider)
                                                                               throws GeneralSecurityException
```
    Loads AWS credentials from a provider.
    
    Throws:
    
    GeneralSecurityException
  - removePrefix
```
protected static String removePrefix(String expectedPrefix,
                                     String kmsKeyUri)
```
  - getAead
```
public com.google.crypto.tink.Aead getAead(String uri)
                                    throws GeneralSecurityException
```
    Specified by:
    
    getAead in interface com.google.crypto.tink.KmsClient
    
    Throws:
    
    GeneralSecurityException
  - register
```
public static void register(Optional<String> keyUri,
                            Optional<String> credentialPath)
                     throws GeneralSecurityException
```
    Creates and registers a AwsKmsClient(java.lang.String) with the Tink runtime.
    If keyUri is present, it is the only key that the new client will support. Otherwise the new client supports all AWS KMS keys.
    If credentialPath is present, load the credentials from that. Otherwise use the default credentials.
    
    Throws:
    
    GeneralSecurityException

Class AwsKmsClient

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

PREFIX

Constructor Detail

AwsKmsClient

AwsKmsClient

Method Detail

doesSupport

withCredentials

withDefaultCredentials

withCredentialsProvider

removePrefix

getAead

register