@@ -294,11 +294,18 @@ public KmsMasterKeyProvider buildDiscovery(DiscoveryFilter filter) {
294294
295295 /**
296296 * Builds the master key provider in Strict Mode.
297- * KMS Master Key Providers in Strict Mode will only attempt to decrypt using the
298- * keys listed in {@code keyIds}.
297+ * KMS Master Key Providers in Strict Mode will only attempt to decrypt using
298+ * key ARNs listed in {@code keyIds}.
299299 * KMS Master Key Providers in Strict Mode will encrypt data keys using the keys
300300 * listed in {@code keyIds}
301301 *
302+ * In Strict Mode, one or more CMKs must be provided.
303+ * For providers that will only be used for encryption,
304+ * you can use any valid KMS key identifier.
305+ * For providers that will be used for decryption,
306+ * you must use the key ARN;
307+ * key ids, alias names, and alias ARNs are not supported.
308+ *
302309 * @param keyIds
303310 * @return
304311 */
@@ -324,11 +331,18 @@ public KmsMasterKeyProvider buildStrict(List<String> keyIds) {
324331
325332 /**
326333 * Builds the master key provider in strict mode.
327- * KMS Master Key Providers in Strict Mode will only attempt to decrypt using the
328- * keys listed in {@code keyIds}.
334+ * KMS Master Key Providers in Strict Mode will only attempt to decrypt using
335+ * key ARNs listed in {@code keyIds}.
329336 * KMS Master Key Providers in Strict Mode will encrypt data keys using the keys
330337 * listed in {@code keyIds}
331338 *
339+ * In Strict Mode, one or more CMKs must be provided.
340+ * For providers that will only be used for encryption,
341+ * you can use any valid KMS key identifier.
342+ * For providers that will be used for decryption,
343+ * you must use the key ARN;
344+ * key ids, alias names, and alias ARNs are not supported.
345+ *
332346 * @param keyIds
333347 * @return
334348 */
0 commit comments