added README; minor fix

Author: RitvikKapila

examples/src/migration/README.rst

@@ -0,0 +1,16 @@
+##################
+Migration Examples
+##################
+
+The native Python ESDK now uses the `AWS Cryptographic Material Providers Library`_,
+which introduces keyrings in place of the Master Key Provider. The MPL abstracts lower
+level cryptographic materials management of encryption and decryption materials.
+
+This directory contains some examples to migrate from the legacy Master Key Providers
+to keyrings. Here is the list of examples:
+1. Migration to AWS KMS Keyring from AWS KMS Master Key Provider
+2. Migration to Raw AES Keyring from Raw AES Master Key Provider
+3. Migration to Raw RSA Keyring from Raw RSA Master Key Provider
+4. Setting a 'CommitmentPolicy' during migration
+
+.. _AWS Cryptographic Material Providers Library: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html

examples/src/migration/migration_to_aws_kms_keyring_from_aws_kms_master_key_provider_example.py

@@ -20,7 +20,6 @@
 For more information on how to use KMS keyrings, see
 https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-kms-keyring.html
 """
-
 import boto3
 from aws_cryptographic_materialproviders.mpl import AwsCryptographicMaterialProviders
 from aws_cryptographic_materialproviders.mpl.config import MaterialProvidersConfig

examples/src/migration/migration_to_raw_aes_keyring_from_raw_aes_master_key_provider_example.py

@@ -24,6 +24,7 @@
 For more information on how to use Raw AES keyrings, see
 https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-raw-aes-keyring.html
 """
+import secrets
 
 from aws_cryptographic_materialproviders.mpl import AwsCryptographicMaterialProviders
 from aws_cryptographic_materialproviders.mpl.config import MaterialProvidersConfig
@@ -46,8 +47,7 @@
     "the data you are handling": "is what you think it is",
 }
 
-DEFAULT_AES_256_STATIC_KEY = \
-    b'_\xcf"\x82\x03\x12\x9d\x00\x8a\xed\xaf\xe4\x80\x1d\x00t\xa6P\xac\xb6\xfe\xc5\xf6/{\xe7\xaaO\x01\x13W\x85'
+DEFAULT_AES_256_STATIC_KEY = secrets.token_bytes(32)
 
 DEFAULT_KEY_NAME_SPACE = "Some managed raw keys"
 

examples/src/migration/migration_to_raw_rsa_keyring_from_raw_rsa_master_key_provider_example.py

@@ -28,20 +28,6 @@
 For more information on how to use Raw RSA keyrings, see
 https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-raw-rsa-keyring.html
 """
-
-
-import aws_encryption_sdk
-from aws_cryptographic_materialproviders.mpl import AwsCryptographicMaterialProviders
-from aws_cryptographic_materialproviders.mpl.config import MaterialProvidersConfig
-from aws_cryptographic_materialproviders.mpl.models import CreateRawRsaKeyringInput, PaddingScheme
-from aws_cryptographic_materialproviders.mpl.references import IKeyring
-import aws_encryption_sdk
-from aws_encryption_sdk.identifiers import EncryptionKeyType, WrappingAlgorithm
-from aws_encryption_sdk.internal.crypto.wrapping_keys import WrappingKey
-from aws_encryption_sdk.key_providers.raw import RawMasterKeyProvider
-from typing import Dict  # noqa pylint: disable=wrong-import-order
-import sys
-
 from aws_cryptographic_materialproviders.mpl import AwsCryptographicMaterialProviders
 from aws_cryptographic_materialproviders.mpl.config import MaterialProvidersConfig
 from aws_cryptographic_materialproviders.mpl.models import CreateRawRsaKeyringInput, PaddingScheme
@@ -54,7 +40,9 @@
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy
 from aws_encryption_sdk.exceptions import AWSEncryptionSDKClientError
-
+from aws_encryption_sdk.identifiers import EncryptionKeyType, WrappingAlgorithm
+from aws_encryption_sdk.internal.crypto.wrapping_keys import WrappingKey
+from aws_encryption_sdk.key_providers.raw import RawMasterKeyProvider
 
 EXAMPLE_DATA: bytes = b"Hello World"