AWS KMS Provider
Cryptographic materials provider for use with the AWS Key Management Service (KMS).
- class dynamodb_encryption_sdk.material_providers.aws_kms.AwsKmsCryptographicMaterialsProvider(key_id: str, botocore_session: Optional[botocore.session.Session] = None, grant_tokens: Optional[Tuple[str]] = None, material_description: Optional[Dict[str, str]] = None, regional_clients: Optional[Dict[str, botocore.client.BaseClient]] = None)[source]
Bases:
dynamodb_encryption_sdk.material_providers.CryptographicMaterialsProviderCryptographic materials provider for use with the AWS Key Management Service (KMS).
Note
This cryptographic materials provider makes one AWS KMS API call each time encryption or decryption materials are requested. This means that one request will be made for each item that you read or write.
- Parameters
key_id (str) – ID of AWS KMS CMK to use
botocore_session (botocore.session.Session) – botocore session object (optional)
grant_tokens (list) – List of grant tokens to pass to KMS on CMK operations (optional)
material_description (dict) – Material description to use as default state for this CMP (optional)
regional_clients (dict) – Dictionary mapping AWS region names to pre-configured boto3 KMS clients (optional)
- decryption_materials(encryption_context: dynamodb_encryption_sdk.structures.EncryptionContext) dynamodb_encryption_sdk.materials.raw.RawDecryptionMaterials[source]
Provide decryption materials.
- Parameters
encryption_context (EncryptionContext) – Encryption context for request
- Returns
Encryption materials
- Return type
- encryption_materials(encryption_context: dynamodb_encryption_sdk.structures.EncryptionContext) dynamodb_encryption_sdk.materials.raw.RawEncryptionMaterials[source]
Provide encryption materials.
- Parameters
encryption_context (EncryptionContext) – Encryption context for request
- Returns
Encryption materials
- Return type