AWS SDK for Java 2.x - AWS KMS (Key Management Service)

Overview

Provides AWS KMS patterns using AWS SDK for Java 2.x. Covers key management, encryption/decryption, envelope encryption, digital signatures, and Spring Boot integration.

Instructions

1. Set Up IAM Permissions - Grant kms:* actions with least privilege
2. Create KMS Client - Instantiate KmsClient with region and credentials
3. Create Keys - Use createKey() → Verify key state is ENABLED before proceeding
4. Set Key Policies - Define key usage permissions → Test access before production
5. Encrypt Data - Use encrypt() for data <4KB; Verify ciphertext is not empty
6. Envelope Encryption - For larger data, use generateDataKey() → Verify data key generation succeeded
7. Digital Signatures - Create signing keys → Verify signatureValid=true after sign/verify
8. Key Rotation - Enable auto-rotation → Confirm rotation schedule is active

When to Use