Skip to content

Commit 681dcb0

Browse files
rishav-karanjitrishav-karanjit
committed
auto commit
1 parent 38befdd commit 681dcb0

File tree

1 file changed

+16
-4
lines changed

1 file changed

+16
-4
lines changed

Examples/runtimes/go/migration/PlaintextToAWSDBE/awsdbe/migrationexamplestep1.go

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,18 @@
11
package awsdbe
22

33
import (
4-
// Standard imports
54
"context"
65
"reflect"
76

8-
// AWS SDK imports
9-
107
"github.com/aws/aws-sdk-go-v2/aws"
118
"github.com/aws/aws-sdk-go-v2/config"
129
"github.com/aws/aws-sdk-go-v2/service/dynamodb"
1310
"github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
1411

1512
"github.com/aws/aws-database-encryption-sdk-dynamodb/releases/go/dynamodb-esdk/dbesdkmiddleware"
1613
"github.com/aws/aws-database-encryption-sdk-dynamodb/releases/go/dynamodb-esdk/examples/utils"
14+
15+
dbesdkdynamodbencryptiontypes "github.com/aws/aws-database-encryption-sdk-dynamodb/releases/go/dynamodb-esdk/awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes"
1716
)
1817

1918
/*
@@ -43,7 +42,20 @@ func MigrationStep1(kmsKeyID, ddbTableName, partitionKeyValue, sortKeyValue stri
4342
// 1. Configure your Keyring, attribute actions,
4443
// allowedUnsignedAttributes, and encryption configuration for table.
4544
// This is common across all the steps.
46-
listOfTableConfigs := configureTable(kmsKeyID, ddbTableName)
45+
46+
// Note that while we still are not writing encrypted items,
47+
// and our key will not be used to encrypt items in this example,
48+
// our configuration specifies that we may read encrypted items,
49+
// and we should expect to be able to decrypt and process any encrypted items.
50+
// To that end, we must fully define our encryption configuration in
51+
// this step.
52+
53+
// This `PlaintextOverrideForcePlaintextWriteAllowPlaintextRead` means:
54+
// - Write: Items are forced to be written as plaintext.
55+
// Items may not be written as encrypted items.
56+
// - Read: Items are allowed to be read as plaintext.
57+
// Items are allowed to be read as encrypted items.
58+
listOfTableConfigs := configureTable(kmsKeyID, ddbTableName, dbesdkdynamodbencryptiontypes.PlaintextOverrideForcePlaintextWriteAllowPlaintextRead)
4759

4860
// 2. Create DynamoDB client with dbEsdkMiddleware
4961
dbEsdkMiddleware, err := dbesdkmiddleware.NewDBEsdkMiddleware(listOfTableConfigs)

0 commit comments

Comments
 (0)