feat: change from KmsKeyring to AwsKmsKeyring (#253)

* feat: rename KmsKeyring to AwsKmsKeyring

* docs: update example descriptions and comments to reference AWS KMS rather than KMS

* docs: s/a RSA/an RSA/g

Author: mattsb42-aws

examples/src/crypto_materials_manager/caching/simple_cache.py

@@ -24,7 +24,7 @@
 """
 import aws_encryption_sdk
 from aws_encryption_sdk.caches.local import LocalCryptoMaterialsCache
-from aws_encryption_sdk.keyrings.aws_kms import KmsKeyring
+from aws_encryption_sdk.keyrings.aws_kms import AwsKmsKeyring
 from aws_encryption_sdk.materials_managers.caching import CachingCryptoMaterialsManager
 
 
@@ -46,7 +46,7 @@ def run(aws_kms_cmk, source_plaintext):
     }
 
     # Create the keyring that determines how your data keys are protected.
-    keyring = KmsKeyring(generator_key_id=aws_kms_cmk)
+    keyring = AwsKmsKeyring(generator_key_id=aws_kms_cmk)
 
     # Create the caching cryptographic materials manager using your keyring.
     cmm = CachingCryptoMaterialsManager(

examples/src/crypto_materials_manager/custom/algorithm_suite_enforcement.py

@@ -24,7 +24,7 @@
 """
 import aws_encryption_sdk
 from aws_encryption_sdk.identifiers import AlgorithmSuite
-from aws_encryption_sdk.keyrings.aws_kms import KmsKeyring
+from aws_encryption_sdk.keyrings.aws_kms import AwsKmsKeyring
 from aws_encryption_sdk.keyrings.base import Keyring
 from aws_encryption_sdk.materials_managers import (
     DecryptionMaterials,
@@ -92,7 +92,7 @@ def run(aws_kms_cmk, source_plaintext):
     }
 
     # Create the keyring that determines how your data keys are protected.
-    keyring = KmsKeyring(generator_key_id=aws_kms_cmk)
+    keyring = AwsKmsKeyring(generator_key_id=aws_kms_cmk)
 
     # Create the algorithm suite restricting cryptographic materials manager using your keyring.
     cmm = RequireApprovedAlgorithmSuitesCryptoMaterialsManager(keyring=keyring)

examples/src/crypto_materials_manager/custom/requiring_encryption_context_fields.py

@@ -11,15 +11,15 @@
 
 If you are using the AWS Encryption SDK with AWS KMS,
 you can use AWS KMS to provide additional powerful controls using the encryption context.
-For more information on that, see the KMS developer guide:
+For more information on that, see the AWS KMS developer guide:
 
 https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
 
 This example shows how to create a custom cryptographic materials manager (CMM)
 that requires a particular field in the encryption context.
 """
 import aws_encryption_sdk
-from aws_encryption_sdk.keyrings.aws_kms import KmsKeyring
+from aws_encryption_sdk.keyrings.aws_kms import AwsKmsKeyring
 from aws_encryption_sdk.keyrings.base import Keyring
 from aws_encryption_sdk.materials_managers import (
     DecryptionMaterials,
@@ -87,7 +87,7 @@ def run(aws_kms_cmk, source_plaintext):
     }
 
     # Create the keyring that determines how your data keys are protected.
-    keyring = KmsKeyring(generator_key_id=aws_kms_cmk)
+    keyring = AwsKmsKeyring(generator_key_id=aws_kms_cmk)
 
     # Create the classification requiring cryptographic materials manager using your keyring.
     cmm = ClassificationRequiringCryptoMaterialsManager(keyring=keyring)

examples/src/file_streaming_defaults.py

@@ -14,7 +14,7 @@
 import filecmp
 
 import aws_encryption_sdk
-from aws_encryption_sdk.keyrings.aws_kms import KmsKeyring
+from aws_encryption_sdk.keyrings.aws_kms import AwsKmsKeyring
 
 
 def run(aws_kms_cmk, source_plaintext_filename):
@@ -40,7 +40,7 @@ def run(aws_kms_cmk, source_plaintext_filename):
     }
 
     # Create the keyring that determines how your data keys are protected.
-    keyring = KmsKeyring(generator_key_id=aws_kms_cmk)
+    keyring = AwsKmsKeyring(generator_key_id=aws_kms_cmk)
 
     # Open the files you want to work with.
     with open(source_plaintext_filename, "rb") as plaintext, open(ciphertext_filename, "wb") as ciphertext:

examples/src/in_memory_streaming_defaults.py

@@ -14,7 +14,7 @@
 import io
 
 import aws_encryption_sdk
-from aws_encryption_sdk.keyrings.aws_kms import KmsKeyring
+from aws_encryption_sdk.keyrings.aws_kms import AwsKmsKeyring
 
 
 def run(aws_kms_cmk, source_plaintext):
@@ -35,7 +35,7 @@ def run(aws_kms_cmk, source_plaintext):
     }
 
     # Create the keyring that determines how your data keys are protected.
-    keyring = KmsKeyring(generator_key_id=aws_kms_cmk)
+    keyring = AwsKmsKeyring(generator_key_id=aws_kms_cmk)
 
     ciphertext = io.BytesIO()
 

examples/src/keyring/aws_kms/__init__.py

@@ -3,5 +3,5 @@
 """
 AWS KMS keyring examples.
 
-These examples show how to use the KMS keyring.
+These examples show how to use the AWS KMS keyring.
 """

examples/src/keyring/aws_kms/custom_client_supplier.py

@@ -1,7 +1,7 @@
 # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 """
-By default, the KMS keyring uses a client supplier that
+By default, the AWS KMS keyring uses a client supplier that
 supplies a client with the same configuration for every region.
 If you need different behavior, you can write your own client supplier.
 
@@ -12,18 +12,18 @@
 like ``ap-east-1`` and ``me-south-1``.
 
 This example shows how to create a client supplier
-that will supply KMS clients with valid credentials for the target region
+that will supply AWS KMS clients with valid credentials for the target region
 even when working with regions that need different credentials.
 
 https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/choose-keyring.html#use-kms-keyring
 
-For an example of how to use the KMS keyring with CMKs in multiple regions,
+For an example of how to use the AWS KMS keyring with CMKs in multiple regions,
 see the ``keyring/aws_kms/multiple_regions`` example.
 
-For another example of how to use the KMS keyring with a custom client configuration,
+For another example of how to use the AWS KMS keyring with a custom client configuration,
 see the ``keyring/aws_kms/custom_kms_client_config`` example.
 
-For examples of how to use the KMS keyring in discovery mode on decrypt,
+For examples of how to use the AWS KMS keyring in discovery mode on decrypt,
 see the ``keyring/aws_kms/discovery_decrypt``,
 ``keyring/aws_kms/discovery_decrypt_in_region_only``,
 and ``keyring/aws_kms/discovery_decrypt_with_preferred_region`` examples.
@@ -32,7 +32,7 @@
 from botocore.session import Session
 
 import aws_encryption_sdk
-from aws_encryption_sdk.keyrings.aws_kms import KmsKeyring
+from aws_encryption_sdk.keyrings.aws_kms import AwsKmsKeyring
 from aws_encryption_sdk.keyrings.aws_kms.client_suppliers import ClientSupplier, DefaultClientSupplier
 
 try:  # Python 3.5.0 and 3.5.1 have incompatible typing modules
@@ -72,7 +72,7 @@ def __call__(self, region_name):
 
 def run(aws_kms_cmk, source_plaintext):
     # type: (str, bytes) -> None
-    """Demonstrate an encrypt/decrypt cycle using a KMS keyring with a custom client supplier.
+    """Demonstrate an encrypt/decrypt cycle using an AWS KMS keyring with a custom client supplier.
 
     :param str aws_kms_cmk: The ARN of an AWS KMS CMK that protects data keys
     :param bytes source_plaintext: Plaintext to encrypt
@@ -88,7 +88,7 @@ def run(aws_kms_cmk, source_plaintext):
     }
 
     # Create the keyring that determines how your data keys are protected.
-    keyring = KmsKeyring(generator_key_id=aws_kms_cmk, client_supplier=MultiPartitionClientSupplier())
+    keyring = AwsKmsKeyring(generator_key_id=aws_kms_cmk, client_supplier=MultiPartitionClientSupplier())
 
     # Encrypt your plaintext data.
     ciphertext, _encrypt_header = aws_encryption_sdk.encrypt(

examples/src/keyring/aws_kms/custom_kms_client_config.py

@@ -1,22 +1,22 @@
 # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 """
-By default, the KMS keyring uses the default configurations
-for all KMS clients and uses the default discoverable credentials.
+By default, the AWS KMS keyring uses the default configurations
+for all AWS KMS clients and uses the default discoverable credentials.
 If you need to change this configuration,
 you can configure the client supplier.
 
-This example shows how to use custom-configured clients with the KMS keyring.
+This example shows how to use custom-configured clients with the AWS KMS keyring.
 
 https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/choose-keyring.html#use-kms-keyring
 
-For an example of how to use the KMS keyring with CMKs in multiple regions,
+For an example of how to use the AWS KMS keyring with CMKs in multiple regions,
 see the ``keyring/aws_kms/multiple_regions`` example.
 
-For another example of how to use the KMS keyring with custom client configuration,
+For another example of how to use the AWS KMS keyring with custom client configuration,
 see the ``keyring/aws_kms/custom_client_supplier`` example.
 
-For examples of how to use the KMS keyring in discovery mode on decrypt,
+For examples of how to use the AWS KMS keyring in discovery mode on decrypt,
 see the ``keyring/aws_kms/discovery_decrypt``,
 ``keyring/aws_kms/discovery_decrypt_in_region_only``,
 and ``keyring/aws_kms/discovery_decrypt_with_preferred_region`` examples.
@@ -26,13 +26,13 @@
 
 import aws_encryption_sdk
 from aws_encryption_sdk.identifiers import USER_AGENT_SUFFIX
-from aws_encryption_sdk.keyrings.aws_kms import KmsKeyring
+from aws_encryption_sdk.keyrings.aws_kms import AwsKmsKeyring
 from aws_encryption_sdk.keyrings.aws_kms.client_suppliers import DefaultClientSupplier
 
 
 def run(aws_kms_cmk, source_plaintext):
     # type: (str, bytes) -> None
-    """Demonstrate an encrypt/decrypt cycle using a KMS keyring with custom KMS client configuration.
+    """Demonstrate an encrypt/decrypt cycle using an AWS KMS keyring with custom AWS KMS client configuration.
 
     :param str aws_kms_cmk: The ARN of an AWS KMS CMK that protects data keys
     :param bytes source_plaintext: Plaintext to encrypt
@@ -61,7 +61,7 @@ def run(aws_kms_cmk, source_plaintext):
 
     # Create the keyring that determines how your data keys are protected,
     # providing the client supplier that you created.
-    keyring = KmsKeyring(generator_key_id=aws_kms_cmk, client_supplier=client_supplier)
+    keyring = AwsKmsKeyring(generator_key_id=aws_kms_cmk, client_supplier=client_supplier)
 
     # Encrypt your plaintext data.
     ciphertext, _encrypt_header = aws_encryption_sdk.encrypt(

examples/src/keyring/aws_kms/discovery_decrypt.py

@@ -1,36 +1,36 @@
 # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 """
-When you give the KMS keyring specific key IDs it will use those CMKs and nothing else.
+When you give the AWS KMS keyring specific key IDs it will use those CMKs and nothing else.
 This is true both on encrypt and on decrypt.
 However, sometimes you need more flexibility on decrypt,
 especially when you don't know which CMKs were used to encrypt a message.
-To address this need, you can use a KMS discovery keyring.
-The KMS discovery keyring does nothing on encrypt,
-but attempts to decrypt *any* data keys that were encrypted under a KMS CMK.
+To address this need, you can use an AWS KMS discovery keyring.
+The AWS KMS discovery keyring does nothing on encrypt,
+but attempts to decrypt *any* data keys that were encrypted under an AWS KMS CMK.
 
-This example shows how to configure and use a KMS discovery keyring.
+This example shows how to configure and use an AWS KMS discovery keyring.
 
 https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/choose-keyring.html#use-kms-keyring
 
-For an example of how to use the KMS keyring with CMKs in multiple regions,
+For an example of how to use the AWS KMS keyring with CMKs in multiple regions,
 see the ``keyring/aws_kms/multiple_regions`` example.
 
-For examples of how to use the KMS keyring with custom client configurations,
+For examples of how to use the AWS KMS keyring with custom client configurations,
 see the ``keyring/aws_kms/custom_client_supplier``
 and ``keyring/aws_kms/custom_kms_client_config`` examples.
 
-For examples of how to use the KMS discovery keyring on decrypt,
+For examples of how to use the AWS KMS discovery keyring on decrypt,
 see the ``keyring/aws_kms/discovery_decrypt_in_region_only``
 and ``keyring/aws_kms/discovery_decrypt_with_preferred_region`` examples.
 """
 import aws_encryption_sdk
-from aws_encryption_sdk.keyrings.aws_kms import KmsKeyring
+from aws_encryption_sdk.keyrings.aws_kms import AwsKmsKeyring
 
 
 def run(aws_kms_cmk, source_plaintext):
     # type: (str, bytes) -> None
-    """Demonstrate configuring a KMS discovery keyring for decryption.
+    """Demonstrate configuring an AWS KMS discovery keyring for decryption.
 
     :param str aws_kms_cmk: The ARN of an AWS KMS CMK that protects data keys
     :param bytes source_plaintext: Plaintext to encrypt
@@ -46,10 +46,10 @@ def run(aws_kms_cmk, source_plaintext):
     }
 
     # Create the keyring that determines how your data keys are protected.
-    encrypt_keyring = KmsKeyring(generator_key_id=aws_kms_cmk)
+    encrypt_keyring = AwsKmsKeyring(generator_key_id=aws_kms_cmk)
 
-    # Create a KMS discovery keyring to use on decrypt.
-    decrypt_keyring = KmsKeyring(is_discovery=True)
+    # Create an AWS KMS discovery keyring to use on decrypt.
+    decrypt_keyring = AwsKmsKeyring(is_discovery=True)
 
     # Encrypt your plaintext data.
     ciphertext, _encrypt_header = aws_encryption_sdk.encrypt(
@@ -59,7 +59,7 @@ def run(aws_kms_cmk, source_plaintext):
     # Demonstrate that the ciphertext and plaintext are different.
     assert ciphertext != source_plaintext
 
-    # Decrypt your encrypted data using the KMS discovery keyring.
+    # Decrypt your encrypted data using the AWS KMS discovery keyring.
     #
     # You do not need to specify the encryption context on decrypt
     # because the header of the encrypted message includes the encryption context.

examples/src/keyring/aws_kms/discovery_decrypt_in_region_only.py

@@ -1,40 +1,40 @@
 # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 """
-When you give the KMS keyring specific key IDs it will use those CMKs and nothing else.
+When you give the AWS KMS keyring specific key IDs it will use those CMKs and nothing else.
 This is true both on encrypt and on decrypt.
 However, sometimes you need more flexibility on decrypt,
 especially when you don't know which CMKs were used to encrypt a message.
-To address this need, you can use a KMS discovery keyring.
-The KMS discovery keyring does nothing on encrypt,
-but attempts to decrypt *any* data keys that were encrypted under a KMS CMK.
+To address this need, you can use an AWS KMS discovery keyring.
+The AWS KMS discovery keyring does nothing on encrypt,
+but attempts to decrypt *any* data keys that were encrypted under an AWS KMS CMK.
 
 However, sometimes you need to be a *bit* more restrictive than that.
-To address this need, you can use a client supplier that restricts the regions a KMS keyring can talk to.
+To address this need, you can use a client supplier that restricts the regions an AWS KMS keyring can talk to.
 
-This example shows how to configure and use a KMS regional discovery keyring that is restricted to one region.
+This example shows how to configure and use an AWS KMS regional discovery keyring that is restricted to one region.
 
 https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/choose-keyring.html#use-kms-keyring
 
-For an example of how to use the KMS keyring with CMKs in multiple regions,
+For an example of how to use the AWS KMS keyring with CMKs in multiple regions,
 see the ``keyring/aws_kms/multiple_regions`` example.
 
-For examples of how to use the KMS keyring with custom client configurations,
+For examples of how to use the AWS KMS keyring with custom client configurations,
 see the ``keyring/aws_kms/custom_client_supplier``
 and ``keyring/aws_kms/custom_kms_client_config`` examples.
 
-For examples of how to use the KMS discovery keyring on decrypt,
+For examples of how to use the AWS KMS discovery keyring on decrypt,
 see the ``keyring/aws_kms/discovery_decrypt``
 and ``keyring/aws_kms/discovery_decrypt_with_preferred_region`` examples.
 """
 import aws_encryption_sdk
-from aws_encryption_sdk.keyrings.aws_kms import KmsKeyring
+from aws_encryption_sdk.keyrings.aws_kms import AwsKmsKeyring
 from aws_encryption_sdk.keyrings.aws_kms.client_suppliers import AllowRegionsClientSupplier
 
 
 def run(aws_kms_cmk, source_plaintext):
     # type: (str, bytes) -> None
-    """Demonstrate configuring a KMS discovery keyring to only work within a single region.
+    """Demonstrate configuring an AWS KMS discovery keyring to only work within a single region.
 
     :param str aws_kms_cmk: The ARN of an AWS KMS CMK that protects data keys
     :param bytes source_plaintext: Plaintext to encrypt
@@ -50,17 +50,17 @@ def run(aws_kms_cmk, source_plaintext):
     }
 
     # Create the keyring that determines how your data keys are protected.
-    encrypt_keyring = KmsKeyring(generator_key_id=aws_kms_cmk)
+    encrypt_keyring = AwsKmsKeyring(generator_key_id=aws_kms_cmk)
 
     # Extract the region from the CMK ARN.
     decrypt_region = aws_kms_cmk.split(":", 4)[3]
 
-    # Create the KMS discovery keyring that we will use on decrypt.
+    # Create the AWS KMS discovery keyring that we will use on decrypt.
     #
     # The client supplier that we specify here will only supply clients for the specified region.
     # The keyring only attempts to decrypt data keys if it can get a client for that region,
     # so this keyring will now ignore any data keys that were encrypted under a CMK in another region.
-    decrypt_keyring = KmsKeyring(
+    decrypt_keyring = AwsKmsKeyring(
         is_discovery=True, client_supplier=AllowRegionsClientSupplier(allowed_regions=[decrypt_region])
     )
 
@@ -72,7 +72,7 @@ def run(aws_kms_cmk, source_plaintext):
     # Demonstrate that the ciphertext and plaintext are different.
     assert ciphertext != source_plaintext
 
-    # Decrypt your encrypted data using the KMS discovery keyring.
+    # Decrypt your encrypted data using the AWS KMS discovery keyring.
     #
     # You do not need to specify the encryption context on decrypt
     # because the header of the encrypted message includes the encryption context.