Posted On: Aug 10, 2017

The AWS Encryption SDK is an encryption library that helps make it easier for you to implement encryption best practices in your application. It enables you to focus on the core functionality of your application, rather than on how to best encrypt and decrypt your data. 

Data key caching lets you reuse the data keys that protect your data, instead of generating a new data key for each encryption operation. Data key caching can improve performance, reduce cost, and help you stay within service limits as your application scales. In particular, this feature might help if your application is hitting the AWS Key Management Service (KMS) requests-per-second limit and raising the limit does not solve the problem. 

Data key caching is an optional feature of the AWS Encryption SDK that you should use cautiously. Cryptographic best practices discourage excessive reuse of data keys. Use data key caching only when it is required to meet your performance goals. Then, use the data key caching security thresholds to ensure that you use the minimum amount of caching required to meet your cost and performance goals.  

For more information about data key caching in the AWS Encryption SDK, you can read the AWS Security Blog post and the data key caching section in the AWS Encryption SDK documentation.