1. Docs

Tenant Security Client Java

The SDK is published to Maven. Refer to their docs on how to add this library as a dependency to your existing JVM application. The minimum Java version supported by this library is Java 8 Update 152.


This is a minimal example of round tripping a document.

import java.util.Map; import com.ironcorelabs.tenantsecurity.kms.v1.*; // Initialize the client with a Tenant Security Proxy domain and API key. // Typically this would be done once when the application or service initializes TenantSecurityClient client = TenantSecurityClient.create(PROXY_ENDPOINT, API_KEY).get(); // Create a map containing your document data Map<String, byte[]> documentMap = new HashMap<>(); documentMap.put("ssn", "000-12-2345".getBytes("UTF-8")); documentMap.put("address", "2825-519 Stone Creek Rd, Bozeman, MT 59715".getBytes("UTF-8")); documentMap.put("name", "Jim Bridger".getBytes("UTF-8")); // Create metadata used to associate this document to a tenant, name the document, and // identify the service or user making the call DocumentMetadata metadata = new DocumentMetadata(TENANT_ID, "serviceOrUserId", "document label"); // Request a key from the KMS and use it to encrypt the document EncryptedDocument encryptedResults = client.encrypt(documentMap, metadata).get(); /* … persist the encryptedResults.getEdek() and encryptedResults.getEncryptedFields() … */ String edek = encryptedResults.getEdek(); Map<String, byte[]> fields = encryptedResults.getEncryptedFields(); /* … retrieve the encrypted fields and EDEK from your persistence layer */ // Recreate the encrypted document from persisted data EncryptedDocument recreated = new EncryptedDocument(fields, edek); // Decrypt the document back to plaintext PlaintextDocument decryptedResults = client.decrypt(recreated, metadata).get(); Map<String, byte[]> decryptedDocumentMap = decryptedResults.getDecryptedFields();

There is also a batch API that may be useful if you’re operating on many documents at once.


Examples of using the Tenant Security Client SDK to protect sensitive data can be found on GitHub.


See the Javadocs for a more complete register of all exposed classes and methods.


The changelog can be viewed in the library repository.

Was this page helpful?