Overview

Entidad uses the AWS KMS Connector together with the Amazon S3 Connector to enable client-side encryption/decryption of S3 objects.

Documentation

AWS KMS Connector Module for Mendix

Overview

This is a comprehensive AWS Key Management Service (KMS) connector module for Mendix applications. It provides custom Java actions, microflows and UI components that enable secure cryptographic operations using AWS KMS, including key creation, encryption, decryption, and data key generation.

Features

The current version of this module implements symmetric key encryption with AWS KMS. Specifically, the following client API actions are supported:

1. CreateKey (https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html)
2. Encrypt (https://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html)
3. Decrypt (https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html)

Configuration

In order to use the connector module, you must have a set AWS client credentials and an access policy authorizing the AWS service account to perform KMS operations. A permissions policy template can be referenced from `$Project_root/resources/templates/README.md`

• Access Key – Amazon account identifier.
• Secret Key – Amazon token used for authentication.
• Region – Amazon region where the AWS KMS service is managed.
• KeyId (optional) - GUID identifier for a client managed key to be used globally by the Mendix application. The encryption key can be created manually by an AWS KMS administrator using the Amazon Web Console, or programmatically using the CreateKey java action implemented by this module.

Dependencies

• aws-kms-client-java-1.0.0.jar (Custom Java dependency)
• AWSAuthentication
• Encryption