|
| 1 | +## DynamoDbEncryption |
| 2 | + |
| 3 | +This project implements the AWS Database Encryption SDK for DynamoDB for .NET. |
| 4 | + |
| 5 | +[Security issue notifications](./CONTRIBUTING.md#security-issue-notifications) |
| 6 | + |
| 7 | +## Using the AWS Database Encryption SDK for DynamoDB for .NET |
| 8 | + |
| 9 | +The AWS Database Encryption SDK for DynamoDB is available on [NuGet](https://www.nuget.org/) and can referenced from an existing `.csproj` through typical ways. |
| 10 | + |
| 11 | +Using the dotnet CLI: |
| 12 | +```shell |
| 13 | +dotnet add <your-project-name>.csproj package AWS.Cryptography.DbEncryptionSDK.DynamoDb |
| 14 | +``` |
| 15 | + |
| 16 | +Alternatively, you may directly modify the `.csproj` and add the AWS Database Encryption SDK for DynamoDB to `PackageReference` `ItemGroup`: |
| 17 | +```xml |
| 18 | +<PackageReference Include="AWS.Cryptography.DbEncryptionSDK.DynamoDb" /> |
| 19 | +``` |
| 20 | + |
| 21 | +The AWS Database Encryption SDK for DynamoDB targets [.NET](https://learn.microsoft.com/en-us/dotnet/fundamentals/implementations#net-5-and-later-versions) 6.0 |
| 22 | +and newer on all platforms, |
| 23 | +and [.NET Framework](https://docs.microsoft.com/en-us/dotnet/framework/) 4.8.0 and newer on Windows only. |
| 24 | + |
| 25 | +### Additional setup for macOS only |
| 26 | + |
| 27 | +If you are using macOS then you must install OpenSSL 1.1, |
| 28 | +and the OpenSSL 1.1 `lib` directory must be on the dynamic linker path at runtime. |
| 29 | +Also, if using an M1-based Mac, you must install OpenSSL and the .NET SDK for x86-64. |
| 30 | +Please refer to [the wiki](https://github.com/aws/aws-encryption-sdk-dafny/wiki/Using-the-AWS-Encryption-SDK-for-.NET-on-macOS) for detailed instructions. |
| 31 | + |
| 32 | +## Building the AWS Database Encryption SDK for DynamoDB for .NET |
| 33 | + |
| 34 | +To build, the AWS Database Encryption SDK for DynamoDB requires the most up to date version of [Dafny](https://github.com/dafny-lang/dafny) on your PATH. |
| 35 | + |
| 36 | +The AWS Database Encryption SDK for DynamoDB targets frameworks [`net48` and `net6.0`](https://docs.microsoft.com/en-us/dotnet/standard/frameworks#supported-target-frameworks). |
| 37 | +To build and test the AWS Database Encryption SDK for DynamoDB, you must install the following .NET tools: |
| 38 | + |
| 39 | +* [.NET 6.0](https://dotnet.microsoft.com/en-us/download/dotnet/6.0) or newer |
| 40 | +* [.NET Framework 4.8.0](https://docs.microsoft.com/en-us/dotnet/framework/install/) or newer (if on Windows) |
| 41 | + |
| 42 | +You will also need to ensure that you fetch all submodules using either `git clone --recursive ...` when cloning the repository or `git submodule update --init` on an existing clone. |
| 43 | + |
| 44 | +To build all source files into one dll: |
| 45 | + |
| 46 | +``` |
| 47 | +# Transpile Dafny to .NET |
| 48 | +cd DynamoDbEncryption |
| 49 | +make transpile_implementation_net |
| 50 | +# Run dotnet restore |
| 51 | +make setup_net |
| 52 | +# Run dotnet build |
| 53 | +dotnet build runtimes/net |
| 54 | +``` |
| 55 | + |
| 56 | +### (Optional) Set up the AWS Database Encryption SDK for DynamoDB to work with AWS KMS |
| 57 | + |
| 58 | +If you set up the AWS Database Encryption SDK for DynamoDB to use the AWS KMS Keyring, |
| 59 | +the AWS Database Encryption SDK for DynamoDB will make calls to AWS KMS on your behalf, |
| 60 | +using the appropriate AWS SDK. |
| 61 | + |
| 62 | +However, you must first set up AWS credentials for use with the AWS SDK. |
| 63 | +Instructions for setting up AWS credentials are available in the [AWS Docs for the AWS SDK for .NET.](https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/net-dg-config-creds.html). |
| 64 | + |
| 65 | +## Testing the AWS Database Encryption SDK for DynamoDB for .NET |
| 66 | + |
| 67 | +### Configure AWS credentials |
| 68 | + |
| 69 | +To run the test suite you must first set up AWS credentials for use with the AWS SDK. |
| 70 | +This is required in order to run the integration tests, which use a KMS Keyring against a publicly accessible KMS CMK. |
| 71 | + |
| 72 | +Instructions for setting up AWS credentials are available in the [AWS Docs for the AWS SDK for .NET](https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/net-dg-config-creds.html). |
| 73 | + |
| 74 | +### Run the tests |
| 75 | + |
| 76 | +Run the test suite with: |
| 77 | + |
| 78 | +``` |
| 79 | +cd DynamoDbEncryption |
| 80 | +make transpile_test_net |
| 81 | +# Windows/Linux |
| 82 | +make test_net |
| 83 | +# On Mac |
| 84 | +make test_net_mac_brew |
| 85 | +``` |
| 86 | + |
| 87 | +Run tests on examples, to ensure they are up to date: |
| 88 | + |
| 89 | +``` |
| 90 | +cd Examples |
| 91 | +make transpile_net |
| 92 | +cd runtimes/net |
| 93 | +dotnet run |
| 94 | +``` |
| 95 | + |
| 96 | +Please note that tests and test vectors require internet access and valid AWS credentials, since calls to KMS are made as part of the test workflow. |
| 97 | + |
| 98 | +## Other Development advice |
| 99 | + |
| 100 | +Most c# IDEs appreciate Solution files. |
| 101 | +To generate one Solution file for all the projects here, |
| 102 | +run: |
| 103 | +``` |
| 104 | +cd DynamoDbEncryption/runtimes/net |
| 105 | +dotnet new sln --name DBESDK |
| 106 | +dotnet sln add $(find . -name '*.csproj') |
| 107 | +``` |
| 108 | +Then ask your IDE to open `DBESDK.sln`. |
| 109 | + |
| 110 | +## License |
| 111 | + |
| 112 | +This library is licensed under the Apache 2.0 License. |
0 commit comments