AWS KMS Provider

Cryptographic materials provider for use with the AWS Key Management Service (KMS).

class dynamodb_encryption_sdk.material_providers.aws_kms.AwsKmsCryptographicMaterialsProvider(key_id, botocore_session=None, grant_tokens=None, material_description=None, regional_clients=None)[source]

Bases: dynamodb_encryption_sdk.material_providers.CryptographicMaterialsProvider

Cryptographic materials provider for use with the AWS Key Management Service (KMS).

Note

This cryptographic materials provider makes one AWS KMS API call each time encryption or decryption materials are requested. This means that one request will be made for each item that you read or write.

Parameters:
  • key_id (str) – ID of AWS KMS CMK to use
  • botocore_session (botocore.session.Session) – botocore session object (optional)
  • grant_tokens (list) – List of grant tokens to pass to KMS on CMK operations (optional)
  • material_description (dict) – Material description to use as default state for this CMP (optional)
  • regional_clients (dict) – Dictionary mapping AWS region names to pre-configured boto3 KMS clients (optional)
decryption_materials(encryption_context)[source]

Provide decryption materials.

Parameters:encryption_context (EncryptionContext) – Encryption context for request
Returns:Encryption materials
Return type:RawDecryptionMaterials
encryption_materials(encryption_context)[source]

Provide encryption materials.

Parameters:encryption_context (EncryptionContext) – Encryption context for request
Returns:Encryption materials
Return type:RawEncryptionMaterials