Skip to content

chore: Clarify StrictAwsKmsMasterKeyProvider docs #316

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jan 27, 2021
Merged

chore: Clarify StrictAwsKmsMasterKeyProvider docs #316

merged 2 commits into from
Jan 27, 2021

Conversation

lavaleri
Copy link
Contributor

Issue #, if available:

Description of changes: We've seen some confusion over the point that you must only use key ARNs when decrypting with the Strict KMS MK Provider. Attempting to clarify that in the code and docs.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Check any applicable:

  • Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.

@lavaleri
Copy link
Contributor Author

Note from June that saying something like "configured ARN" could be confusing for customers, as they could then think that a "Configured ARN" is a thing they need to understand. Instead, consider rewording to make it explicitly "the ARN you configured the MKP with".

farleyb-amazon
farleyb-amazon previously approved these changes Jan 25, 2021
View reviewed changes
src/aws_encryption_sdk/key_providers/kms.py Outdated
should be used for encryption and decryption. On encryption, the plaintext will be encrypted with all configured
master keys. On decryption, it only attempts to decrypt ciphertexts that have been wrapped with a CMK that
matches one of the configured CMK ARNs. If the ciphertext is encrypted with a master key that was not
explicitly configured, decryption will fail. To create a Strict Aws Kms Master Key Provider you must provide
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor: looks like we're referring to the symbol here, so I would say StrictAwsKmsMasterKeyProvider, rather than with spaces.

@lavaleri lavaleri merged commit 5075cb4 into aws:master Jan 27, 2021
@lavaleri lavaleri deleted the update-docs branch January 27, 2021 01:18
robin-aws pushed a commit to robin-aws/aws-encryption-sdk-python that referenced this pull request Apr 27, 2021
@lavaleri @robin-aws
chore: Clarify StrictAwsKmsMasterKeyProvider docs (aws#316)
abacb0c
robin-aws pushed a commit that referenced this pull request Apr 28, 2021
@lavaleri @robin-aws
chore: Clarify StrictAwsKmsMasterKeyProvider docs (#316)
f830411
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@farleyb-amazon farleyb-amazon farleyb-amazon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lavaleri @farleyb-amazon