.NET and Object Persistence Model

[benallred]

According to https://docs.aws.amazon.com/database-encryption-sdk/latest/devguide/ddb-net-using.html (emphasis mine)

You can use your table encryption configuration to construct a DynamoDB client that automatically encrypts and signs items client-side with your DynamoDB PutItem requests. You can use this client directly, or you can construct a document model or object persistence model.

I also see in another issue, someone using attributes such as DynamoDbEncryptionSignOnly.

I've pulled in AWS.Cryptography.DbEncryptionSDK.DynamoDb but cannot find the same attributes in .NET. I also don't see them in this repo where I do see the Java versions.

Are these attributes available for .NET? If not, are there any examples of how to do this in .NET? [1]

Thanks!

[1] I see some examples further down the linked page but they are incomplete. A Dictionary<String, DynamoDbTableEncryptionConfig> called tableConfigs is being populated but what then? How is that applied to DynamoDBContext.SaveAsync()/DynamoDBContext.LoadAsync()?

[texastony]

Howdy @benallred,

Your observation is correct; the .NET implementation does not have the same
“document model or object persistence model” the Java implementation provides.

The AWS SDK for Java includes the Enhanced DynamoDB Client,
which this product, in Java only, extends.

There is no allegory to the Enhanced DynamoDB Client in .NET.

The AWS Database Encryption SDK for DynamoDB in .NET (DB-ESDK-.NET)
offers an interceptor for the DynamoDB client (see BasicPutGetExample)
and a lower level Item Encryptor (see ItemEncryptDecryptExample).

You are also correct about the Developer Guide for .NET inline examples are incomplete.
I will work with our Docs team to correct this.
Let us know if the examples I have linked here are sufficient.

Much Obliged,
AWS Crypto Tools