What local encryption algorithm does it use?

The skill focuses on AES-256-GCM, which provides both high-speed symmetric encryption and built-in integrity checking (authenticated encryption).

How does the skill handle key rotation?

It provides implementation logic to detect key rotation events and includes strategies for re-encrypting data encryption keys with new master keys without downtime.

What is the primary benefit of envelope encryption?

Envelope encryption allows you to encrypt data of any size locally while keeping your master keys protected within AWS KMS HSMs, significantly reducing latency and API costs.

Why use this skill over direct KMS encryption?

Direct KMS encryption is limited to 4 KB of data. This skill enables encryption for large datasets and provides patterns for offline operation using cached data keys.

Does this skill help with security compliance?

Yes, it is mapped to NIST CSF 2.0 controls (PR.DS-01, PR.DS-02, PR.DS-10) and follows industry best practices for cryptographic key management.

AWS KMS Envelope Encryption Implementation

Name: AWS KMS Envelope Encryption Implementation
Author: mukul975

bymukul975

•

4,121

•

安全与测试

Implements secure envelope encryption patterns using AWS KMS to manage data encryption keys for high-performance local data security.

This skill provides a comprehensive framework for implementing envelope encryption, allowing developers to encrypt large volumes of data locally using Data Encryption Keys (DEKs) while maintaining centralized control via AWS Key Management Service (KMS). It guides users through the full lifecycle of encryption, including generating DEKs via the AWS API, performing authenticated AES-256-GCM encryption, managing encrypted DEK storage, and implementing advanced performance optimizations like key caching. By following these patterns, developers can bypass KMS data size limits, reduce network latency, and ensure compliance with security standards like NIST CSF 2.0.

主要功能

01AWS KMS GenerateDataKey API integration

024,121 GitHub stars

03Performance optimization through DEK caching

04Automated key rotation and re-encryption patterns

05Local AES-256-GCM encryption and decryption workflows

06Encrypted Data Encryption Key (DEK) management

使用场景

01Reducing KMS API costs and latency for high-throughput applications

02Encrypting large files or database fields that exceed the 4KB KMS limit

03Implementing NIST-compliant data protection for cloud-native applications

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills implementing-envelope-encryption-with-aws-kms

For use in Claude.ai and ChatGPT

主要功能

01AWS KMS GenerateDataKey API integration

024,121 GitHub stars

03Performance optimization through DEK caching

04Automated key rotation and re-encryption patterns

05Local AES-256-GCM encryption and decryption workflows

06Encrypted Data Encryption Key (DEK) management

使用场景

01Reducing KMS API costs and latency for high-throughput applications

02Encrypting large files or database fields that exceed the 4KB KMS limit

03Implementing NIST-compliant data protection for cloud-native applications

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills implementing-envelope-encryption-with-aws-kms

For use in Claude.ai and ChatGPT