Menu
AWS Encryption SDK
Developer Guide

Data Key Caching Example

This example uses data key caching with a LocalCryptoMaterialsCache to speed up an application in which data generated by multiple devices is encrypted and stored in different regions.

In this scenario, multiple data producers generate data, encrypt it, and write to a Kinesis stream in each region. AWS Lambda functions (consumers) decrypt the streams and write plaintext data to a DynamoDB table in the region. Data producers and consumers use the AWS Encryption SDK and a KMS master key provider. To reduce calls to KMS, each producer and consumer has their own LocalCryptoMaterialsCache.

You can find the source code for these examples in Java and Python. The sample also includes a AWS CloudFormation template that defines the resources for the samples.


      This diagram shows how data producers and consumers use the AWS KMS, Amazon Kinesis Streams and
        Amazon DynamoDB.

LocalCryptoMaterialsCache Results

The following table shows that LocalCryptoMaterialsCache reduces the total calls to KMS (per second per region) in this example to 1% of its original value.

Producer requests

Requests per second per client Clients per region Average requests per second per region
Generate data key (us-west-2) Encrypt data key (eu-central-1) Total (per region)
No cache 1 1 1 500 500
LocalCryptoMaterialsCache 1 rps / 100 uses 1 rps / 100 uses 1 rps / 100 uses 500 5

Consumer requests

Requests per second per client Client per region Average requests per second per region
Decrypt data key Producers Total
No cache 1 rps per producer 500 500 2 1,000
LocalCryptoMaterialsCache 1 rps per producer / 100 uses 500 5 2 10