@@ -245,11 +245,18 @@ public KmsMasterKeyProvider buildDiscovery(DiscoveryFilter filter) {
245245
246246 /**
247247 * Builds the master key provider in Strict Mode.
248- * KMS Master Key Providers in Strict Mode will only attempt to decrypt using the
249- * keys listed in {@code keyIds}.
248+ * KMS Master Key Providers in Strict Mode will only attempt to decrypt using
249+ * key ARNs listed in {@code keyIds}.
250250 * KMS Master Key Providers in Strict Mode will encrypt data keys using the keys
251251 * listed in {@code keyIds}
252252 *
253+ * In Strict Mode, one or more CMKs must be provided.
254+ * For providers that will only be used for encryption,
255+ * you can use any valid KMS key identifier.
256+ * For providers that will be used for decryption,
257+ * you must use the key ARN;
258+ * key ids, alias names, and alias ARNs are not supported.
259+ *
253260 * @param keyIds
254261 * @return
255262 */
@@ -267,11 +274,18 @@ public KmsMasterKeyProvider buildStrict(List<String> keyIds) {
267274
268275 /**
269276 * Builds the master key provider in strict mode.
270- * KMS Master Key Providers in Strict Mode will only attempt to decrypt using the
271- * keys listed in {@code keyIds}.
277+ * KMS Master Key Providers in Strict Mode will only attempt to decrypt using
278+ * key ARNs listed in {@code keyIds}.
272279 * KMS Master Key Providers in Strict Mode will encrypt data keys using the keys
273280 * listed in {@code keyIds}
274281 *
282+ * In Strict Mode, one or more CMKs must be provided.
283+ * For providers that will only be used for encryption,
284+ * you can use any valid KMS key identifier.
285+ * For providers that will be used for decryption,
286+ * you must use the key ARN;
287+ * key ids, alias names, and alias ARNs are not supported.
288+ *
275289 * @param keyIds
276290 * @return
277291 */
0 commit comments