When I used follow demo to encrypt key material, I got NullPointerException in AwsKmsClient().getAead() mothod.
String masterKeyUri = "aws-kms://arn:aws:kms:us-east-1:007084425826:key/84a65985-f868-4bfc-83c2-366618acf147";
KeysetHandle keysetHandle = KeysetHandle.read(
JsonKeysetReader.withFile(new File(keysetFilename)),
new AwsKmsClient().getAead(masterKeyUri));
I debuged and found AWSKMS client(this.client) in AwsKmsClient is null.
public Aead getAead(String uri) throws GeneralSecurityException {
if (this.keyUri != null && !this.keyUri.equals(uri)) {
throw new GeneralSecurityException(String.format("this client is bound to %s, cannot load keys bound to %s", this.keyUri, uri));
} else {
return new AwsKmsAead(this.client, Validators.validateKmsKeyUriAndRemovePrefix("aws-kms://", uri));
}
}
Do you know how to deal with this problem? or how to use AWS KMS correctly? Thanks in advance.
Sorry for the slow response. It seems that you forgot to add credentials?
Please try this and let me know if it works:
String masterKeyUri = "aws-kms://arn:aws:kms:us-east-1:007084425826:key/84a65985-f868-4bfc-83c2-366618acf147";
KeysetHandle keysetHandle = KeysetHandle.read(
JsonKeysetReader.withFile(new File(keysetFilename)),
new AwsKmsClient().withDefaultCredentials().getAead(masterKeyUri))
The API could be improved though. I'll see to it how to do that.