kdrakon / scala-credstash

Scala implementation of a credstash client

Version Matrix


Build Status Maven Central

A lightweight and read-only implementation of the credstash client. Now you can read your KMS encrypted data directly from DynamoDB into your Scala code.

Note: No longer supported


  • As credstash utilises 128 bit AES encryption, your Java runtime needs the JCE Unlimited Strength Jurisdiction Policy Files or not be limited by it.
  • The necessary configuration needed for credstash (AWS credentials, KMS, a DynamoDB, etc.). See their dependencies listing and setup guide here.


Create a SimpleCredStashClient using AWS' KMS and DynamoDB clients:

  val creds = new DefaultAWSCredentialsProviderChain()
  val kmsClient: AWSKMSClient = 
    new AWSKMSClient(creds).withRegion(Region.getRegion(Regions.AP_SOUTHEAST_2))

  val dynamoClient: AmazonDynamoDBClient = 
    new AmazonDynamoDBClient(creds).withRegion(Region.getRegion(Regions.AP_SOUTHEAST_2))

  val credstash = SimpleCredStashClient(kmsClient, dynamoClient)

You can then read a String value or other type using a custom CredStashValueReader:

val password = credstash.get("password")

import io.policarp.scala.credstash.reader.Readers._
val timeout = credstash.as[Int]("timeout")