Encrypted Client
High-level helper class to provide a familiar interface to encrypted tables.
- class dynamodb_encryption_sdk.encrypted.client.EncryptedClient(client: botocore.client.BaseClient, materials_provider: dynamodb_encryption_sdk.material_providers.CryptographicMaterialsProvider, attribute_actions: Optional[dynamodb_encryption_sdk.structures.AttributeActions] = None, auto_refresh_table_indexes: Optional[bool] = True, expect_standard_dictionaries: Optional[bool] = False)[source]
Bases:
object
High-level helper class to provide a familiar interface to encrypted tables.
>>> import boto3 >>> from dynamodb_encryption_sdk.encrypted.client import EncryptedClient >>> from dynamodb_encryption_sdk.material_providers.aws_kms import AwsKmsCryptographicMaterialsProvider >>> client = boto3.client('dynamodb') >>> aws_kms_cmp = AwsKmsCryptographicMaterialsProvider('alias/MyKmsAlias') >>> encrypted_client = EncryptedClient( ... client=client, ... materials_provider=aws_kms_cmp ... )
Note
This class provides a superset of the boto3 DynamoDB client API, so should work as a drop-in replacement once configured.
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb.html#client
If you want to provide per-request cryptographic details, the
put_item
,get_item
,query
,scan
,batch_write_item
, andbatch_get_item
methods will also accept acrypto_config
parameter, defining a customCryptoConfig
instance for this request.Warning
We do not currently support the
update_item
method.- Parameters
client (boto3.resources.base.BaseClient) – Pre-configured boto3 DynamoDB client object
materials_provider (CryptographicMaterialsProvider) – Cryptographic materials provider to use
attribute_actions (AttributeActions) – Table-level configuration of how to encrypt/sign attributes
auto_refresh_table_indexes (bool) – Should we attempt to refresh information about table indexes? Requires
dynamodb:DescribeTable
permissions on each table. (default: True)expect_standard_dictionaries (bool) – Should we expect items to be standard Python dictionaries? This should only be set to True if you are using a client obtained from a service resource or table resource (ex:
table.meta.client
). (default: False)
- update_item(**kwargs)[source]
Update item is not yet supported.
- Raises
NotImplementedError – if called
- get_paginator(operation_name)[source]
Get a paginator from the underlying client. If the paginator requested is for “scan” or “query”, the paginator returned will transparently decrypt the returned items.
- Parameters
operation_name (str) – Name of operation for which to get paginator
- Returns
Paginator for name
- Return type
botocore.paginate.Paginator
orEncryptedPaginator
- class dynamodb_encryption_sdk.encrypted.client.EncryptedPaginator(paginator: botocore.paginate.Paginator, decrypt_method: Callable, crypto_config_method: Callable)[source]
Bases:
object
Paginator that decrypts returned items before returning them.
- Parameters
paginator (botocore.paginate.Paginator) – Pre-configured boto3 DynamoDB paginator object
decrypt_method – Item decryptor method from
dynamodb_encryption_sdk.encrypted.item
crypto_config_method (callable) – Callable that returns a
CryptoConfig