How to use AWS Database Encryption SDK for client-side encryption and perform searches on encrypted attributes in DynamoDB tables

Security Blog

This article explains how to use the AWS Database Encryption SDK (DB-ESDK) to encrypt sensitive data in DynamoDB tables before storing it, and perform searches on the encrypted attributes without decrypting the entire dataset.

Specifically, the article covers:

Client-side encryption and its benefits
Overview of the AWS Database Encryption SDK (DB-ESDK)
How DB-ESDK works with DynamoDB for encryption and decryption
Setting up DB-ESDK cryptography with AWS KMS
Configuring DynamoDB tables for encryption and defining beacons for searchable encryption
Building an application to insert encrypted data into DynamoDB and query the encrypted attributes using beacons
Code examples demonstrating the setup and usage

Go to article

The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

May 7
2026

AWS Advanced JDBC Wrapper now provides client-side encryption

Sep 3
2024

Amazon DynamoDB announces support for Attribute-Based Access Control

May 14
2025

Understanding Amazon S3 client-side encryption options

Apr 16
2025

Amazon S3 Tables now support server-side encryption using AWS KMS with customer-managed keys

The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

How to use AWS Database Encryption SDK for client-side encryption and perform searches on encrypted attributes in DynamoDB tables

Related articles