aws · seebees · Jun 18, 2019 · Jun 14, 2019 · Jun 17, 2019 · Jun 17, 2019
@@ -1,32 +1,31 @@
 # AWS Encryption SDK for Javascript Node.js examples
 
-This repository holds examples for encrypt and decrypt in Node.js.
-These examples are intended to work so you can experiment with functional code.
+This repository includes examples for encrypting and decrypting in Node.js. These are not for production use.
 
-# NOTE
-The CMK's in these examples *are only* for example.  They *are public*.
-Replace these CMK's with your own.
+To run this example, the reader must have an AWS account with at least one customer managed CMK. To encrypt CMK must have kms:GenerateDataKey permission. To decrypt, the CMK must have kms:Decrypt permission. The CMKs in these examples *are only* for example. *Replace these CMK's with your own*.
 
 ## KMS Simple
 
-This is the simples example.
-It encrypts and decrypts a simple string with KMS.
+This is an example of using KMS to encrypt and decrypt a simple string. See kms_simple.ts for a more detailed explanation.
 
 ## KMS Stream
 
-An example of encrypting a file stream with KMS.
+This is an example of using KMS to encrypt and decrypt a file stream. See kms_stream.ts for a more detailed explanation.
 
 ## KMS Regional Discovery
 
-KMS Keyrings can be put in `discovery` mode.
-This means that it will attempt to connect to any region.
-This is not always what you want.
-Perhapses for performance you want to limit attempts to a set of "close" regions.
-Perhapses for policy reason you want to exclude some regions.
+This is an example of using a KMS Regional Discovery Keyring that limits the AWS Encryption SDK to CMKs in a particular AWS Region(s), as opposed to a KMS Discovery Keyring that doesn't specify any CMKs and will therefore use CMKs from any region available. See kms_regional_discovery.ts for a more detailed explanation.
 
 ## RSA Simple
 
-Sometimes you may want to use an RSA key to exchange secrets.
-This has some advantages, but comes with a heaved key management cost.
-If you can use KMS, the context guaranties are generally worth it.
-However, I still want to provide an example incase this fits your use case.
+This is an example of using RSA to encrypt and decrypt a simple string. This has some advantages for certain use cases, but we recommend that you use a keyring that protects your wrapping keys and performs cryptographic operations within a secure boundary, such as the KMS keyring, which uses AWS Key Management Service (AWS KMS) customer master keys (CMKs) that never leave AWS KMS unencrypted, rather than RSA. See rsa_simple.ts for a more detailed explanation.
+
+## How to Use
+
+Run `npm test` to see these examples in action.
+
+## License
+
+This SDK is distributed under the
+[Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0),
+see LICENSE.txt and NOTICE.txt for more information.
@@ -13,21 +13,6 @@
  * limitations under the License.
  */
 
-/*
- * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License"). You may not use
- * this file except in compliance with the License. A copy of the License is
- * located at
- *
- *     http://aws.amazon.com/apache2.0/
- *
- * or in the "license" file accompanying this file. This file is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- * implied. See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
 import { KmsKeyringNode, limitRegions, excludeRegions, getKmsClient, decrypt } from '@aws-crypto/client-node'
 
 export async function kmsRegionalDiscoveryLimitTest (ciphertext: string|Buffer) {

@@ -13,21 +13,6 @@
  * limitations under the License.
  */
 
-/*
- * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License"). You may not use
- * this file except in compliance with the License. A copy of the License is
- * located at
- *
- *     http://aws.amazon.com/apache2.0/
- *
- * or in the "license" file accompanying this file. This file is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- * implied. See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
 import { KmsKeyringNode, encrypt, decrypt } from '@aws-crypto/client-node'
 
 export async function kmsSimpleTest () {

@@ -13,21 +13,6 @@
  * limitations under the License.
  */
 
-/*
- * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License"). You may not use
- * this file except in compliance with the License. A copy of the License is
- * located at
- *
- *     http://aws.amazon.com/apache2.0/
- *
- * or in the "license" file accompanying this file. This file is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- * implied. See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
 import { RawRsaKeyringNode, encrypt, decrypt } from '@aws-crypto/client-node'
 
 import { generateKeyPair } from 'crypto'