Class AwsKmsMrkAwareMasterKeyProvider.Builder
- java.lang.Object
-
- com.amazonaws.encryptionsdk.kmssdkv2.AwsKmsMrkAwareMasterKeyProvider.Builder
-
- All Implemented Interfaces:
Cloneable
- Enclosing class:
- AwsKmsMrkAwareMasterKeyProvider
public static class AwsKmsMrkAwareMasterKeyProvider.Builder extends Object implements Cloneable
-
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description AwsKmsMrkAwareMasterKeyProviderbuildDiscovery()Builds the master key provider in Discovery Mode.AwsKmsMrkAwareMasterKeyProviderbuildDiscovery(DiscoveryFilter filter)Builds the master key provider in Discovery Mode with aDiscoveryFilter.AwsKmsMrkAwareMasterKeyProvider.BuilderbuilderSupplier(Supplier<software.amazon.awssdk.services.kms.KmsClientBuilder> supplier)Configures theAwsKmsMrkAwareMasterKeyProviderto use settings from thisKmsClientBuilderto configure KMS clients.AwsKmsMrkAwareMasterKeyProviderbuildStrict(String... keyIds)Builds the master key provider in strict mode.AwsKmsMrkAwareMasterKeyProviderbuildStrict(List<String> keyIds)Builds the master key provider in Strict Mode.AwsKmsMrkAwareMasterKeyProvider.Builderclone()AwsKmsMrkAwareMasterKeyProvider.BuildercustomRegionalClientSupplier(RegionalClientSupplier regionalClientSupplier)Provides a custom factory function that will vend KMS clients.AwsKmsMrkAwareMasterKeyProvider.BuilderdefaultRegion(software.amazon.awssdk.regions.Region defaultRegion)Sets the default region.AwsKmsMrkAwareMasterKeyProvider.BuilderdiscoveryMrkRegion(software.amazon.awssdk.regions.Region discoveryMrkRegion)Sets the region contacted for multi-region keys when in Discovery mode.
-
-
-
Method Detail
-
clone
public AwsKmsMrkAwareMasterKeyProvider.Builder clone()
-
defaultRegion
public AwsKmsMrkAwareMasterKeyProvider.Builder defaultRegion(software.amazon.awssdk.regions.Region defaultRegion)
Sets the default region. This region will be used when specifying key IDs for encryption or inMasterKeyProvider.getMasterKey(String)that are not full ARNs, but are instead bare key IDs or aliases.If the default region is not specified, the AWS SDK default region will be used.
- Parameters:
defaultRegion- The default region to use.- See Also:
KmsMasterKeyProvider.Builder.defaultRegion(Region)
-
discoveryMrkRegion
public AwsKmsMrkAwareMasterKeyProvider.Builder discoveryMrkRegion(software.amazon.awssdk.regions.Region discoveryMrkRegion)
Sets the region contacted for multi-region keys when in Discovery mode. This region will be used when a multi-region key is discovered on decrypt byMasterKeyProvider.getMasterKey(String).- Parameters:
discoveryMrkRegion- The region to contact to attempt to decrypt multi-region keys.
-
customRegionalClientSupplier
public AwsKmsMrkAwareMasterKeyProvider.Builder customRegionalClientSupplier(RegionalClientSupplier regionalClientSupplier)
Provides a custom factory function that will vend KMS clients. This is provided for advanced use cases which require complete control over the client construction process.Because the regional client supplier fully controls the client construction process, it is not possible to configure the client through methods such as
builderSupplier(Supplier); if you try to use these in combination, anIllegalStateExceptionwill be thrown.Note: The AWS Encryption SDK for Java does not support the
KmsAsyncClientinterface.
-
builderSupplier
public AwsKmsMrkAwareMasterKeyProvider.Builder builderSupplier(Supplier<software.amazon.awssdk.services.kms.KmsClientBuilder> supplier)
Configures theAwsKmsMrkAwareMasterKeyProviderto use settings from thisKmsClientBuilderto configure KMS clients. Note that the region set on this builder will be ignored, but all other settings will be propagated into the regional clients.Note: The AWS Encryption SDK for Java does not support the
KmsAsyncClientinterface.
-
buildDiscovery
public AwsKmsMrkAwareMasterKeyProvider buildDiscovery()
Builds the master key provider in Discovery Mode. In Discovery Mode the KMS Master Key Provider will attempt to decrypt using any key identifier it discovers in the encrypted message. KMS Master Key Providers in Discovery Mode will not encrypt data keys.
-
buildDiscovery
public AwsKmsMrkAwareMasterKeyProvider buildDiscovery(DiscoveryFilter filter)
Builds the master key provider in Discovery Mode with aDiscoveryFilter. In Discovery Mode the KMS Master Key Provider will attempt to decrypt using any key identifier it discovers in the encrypted message that is accepted by thefilter. KMS Master Key Providers in Discovery Mode will not encrypt data keys.
-
buildStrict
public AwsKmsMrkAwareMasterKeyProvider buildStrict(List<String> keyIds)
Builds the master key provider in Strict Mode. KMS Master Key Providers in Strict Mode will only attempt to decrypt using key ARNs listed inkeyIds. KMS Master Key Providers in Strict Mode will encrypt data keys using the keys listed inkeyIdsIn Strict Mode, one or more CMKs must be provided. For Master Key Providers that will only be used for encryption, you can use any valid KMS key identifier. For providers that will be used for decryption, you must use the key ARN; key ids, alias names, and alias ARNs are not supported.
-
buildStrict
public AwsKmsMrkAwareMasterKeyProvider buildStrict(String... keyIds)
Builds the master key provider in strict mode. KMS Master Key Providers in Strict Mode will only attempt to decrypt using key ARNs listed inkeyIds. KMS Master Key Providers in Strict Mode will encrypt data keys using the keys listed inkeyIdsIn Strict Mode, one or more CMKs must be provided. For Master Key Providers that will only be used for encryption, you can use any valid KMS key identifier. For providers that will be used for decryption, you must use the key ARN; key ids, alias names, and alias ARNs are not supported.
-
-