DynamoDB Encryption Client

The Amazon DynamoDB Encryption Client is a client-side encryption library that helps you to protect your table data before you send it to Amazon DynamoDB. Encrypting your sensitive data in transit and at rest helps ensure that your plaintext data isn’t available to any third party, including AWS.

The DynamoDB Encryption Client is designed especially for DynamoDB applications. It encrypts the attribute values in each table item using a unique encryption key. It then signs the item to protect it against unauthorized changes, such as adding or deleting attributes or swapping encrypted values. After you create and configure the required components, the DynamoDB Encryption Client transparently encrypts and signs your table items when you add them to a table. It also verifies and decrypts them when you retrieve them.

The DynamoDB Encryption Client is developed in open source. It is available in Java and Python and the language implementations are interoperable. For example, you can encrypt your data with the Java library and decrypt it with the Python library.

For information about the DynamoDB Encryption Client, see the DynamoDB Encryption Client Developer Guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS Encryption SDK

AWS Secrets Manager