Posted On: Jul 28, 2023

Today, we announce the general availability of AWS Database Encryption SDK, an upgrade to the existing Amazon DynamoDB Encryption Client, which enables you to include client-side encryption in your DynamoDB workloads. 

The AWS Database Encryption SDK allows you more easily perform attribute-level encryption, enabling you to encrypt specific attribute values before storing them in your DynamoDB table. This lets you protect sensitive data in-transit and at-rest, as data cannot be exposed unless decrypted by your application. It also lets you easily search on encrypted attributes without decrypting the entire database beforehand. This lets you find the right information quickly to download to your application while your data remains securely encrypted within the database.

The AWS Database Encryption SDK makes it easy to let your customers bring their own encryption key to your application, giving them direct ownership over their data by controlling the encryption key. Designed with multi-tenancy in mind, you can use different encryption key providers across a single database table to safely isolate data. In conjunction with AWS Key Management Service (KMS), you can use KMS key policies to enforce clear separation between the authorized users who can access specific encrypted attributes and those who cannot.

The AWS Database Encryption SDK is compatible with Amazon DynamoDB and is available in Java at aws-database-encryption-sdk-dynamodb-java GitHub repository. To learn more, see What is AWS Database Encryption SDK in the developer guide.