A sample app to encrypt/decrypt data before storing into database using AWS kms. AWS KMS uses envelop encryption.
Generate data key using below command. Refer AWS documentation for more details.
aws kms generate-data-key \
--key-id alias/MasterKeyAlias \
--key-spec AES_256- Store the data in secure place, recommended to use AWS Secrets Manager. You can not decrypt the data if data key once lost.
- AESEncryptor class is responsible encrypting and decrypting the data using data-key
https://docs.aws.amazon.com/cli/latest/reference/kms/generate-data-key.html https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#enveloping