Tenant Security Client Java

The SDK is published to Maven. Refer to their docs on how to add this library as a dependency to your existing JVM application. The minimum Java version supported by this library is Java 8 Update 152.


This is a minimal example of round tripping a document.
import java.util.Map;
import com.ironcorelabs.tenantsecurity.kms.v1.*;

// Initialize the client with a Tenant Security Proxy domain and API key.
// Typically this would be done once when the application or service initializes
TenantSecurityClient client = TenantSecurityClient.create(PROXY_ENDPOINT, API_KEY).get();

// Create a map containing your document data
Map<String, byte[]> documentMap = new HashMap<>();
documentMap.put("ssn", "000-12-2345".getBytes("UTF-8"));
documentMap.put("address", "2825-519 Stone Creek Rd, Bozeman, MT 59715".getBytes("UTF-8"));
documentMap.put("name", "Jim Bridger".getBytes("UTF-8"));

// Create metadata used to associate this document to a tenant, name the document, and
// identify the service or user making the call
DocumentMetadata metadata = new DocumentMetadata(TENANT_ID, "serviceOrUserId", "document label");

// Request a key from the KMS and use it to encrypt the document
EncryptedDocument encryptedResults = client.encrypt(documentMap, metadata).get();

/* … persist the encryptedResults.getEdek() and encryptedResults.getEncryptedFields() … */
String edek = encryptedResults.getEdek();
Map<String, byte[]> fields = encryptedResults.getEncryptedFields();
/* … retrieve the encrypted fields and EDEK from your persistence layer */

// Recreate the encrypted document from persisted data
EncryptedDocument recreated = new EncryptedDocument(fields, edek);

// Decrypt the document back to plaintext
PlaintextDocument decryptedResults = client.decrypt(recreated, metadata).get();
Map<String, byte[]> decryptedDocumentMap = decryptedResults.getDecryptedFields();
There is also a batch API that may be useful if you’re operating on many documents at once.


See the Javadocs for a more complete register of all exposed classes and methods.


The changelog can be viewed in the library repository.



Trust Center

Find Us