-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KMSMasterKeyProvider Breaking Change in aws_encryption_sdk #8
Comments
Now I have fixed this problem, I am seeing issues with the links being over 2048 characters. See #7 (comment). Not sure if prior to your most recent update they were shorter. I assume so. |
After making these changes, the KEY_ID env var needs to be set to the Key Arn, not ID. If that isn't done, the link will be encrypted correctly but fail to be decrypted. e.g. change |
In order to get round the 2048 character limit I had to change the algorithm used to encrypt the string from the default (which uses signing) to unsigned. This is documented at https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/troubleshooting-migration.html#configuration-conflict_1
Not sure if this is the best approach, but it worked for me. |
Hi
Version 2.0 of the aws_encryption_sdk has removed support for
aws_encryption_sdk.KMSMasterKeyProvider
. From the link below it looks like you can just replace it withaws_encryption_sdk.StrictAwsKmsMasterKeyProvider
. I am about to test this so will update this issue after that.https://aws-encryption-sdk-python.readthedocs.io/en/latest/index.html?highlight=KMSMasterKeyProvider#breaking-changes
Edit: aws_encryption_sdk.decrypt & aws_encryption_sdk.encrypt also need changed as per that link.
Thanks!
The text was updated successfully, but these errors were encountered: