These are the docs for the AWS Cryptographic Materials Providers Library for Python.
The latest full documentation can be found at Read the Docs.
Find us on GitHub.
If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our vulnerability reporting page. Please do not create a public GitHub issue.
- Python 3.11+
- cryptography >= 43.0.1
- boto3 >= 1.35.42
Note
If you have not already installed cryptography, you might need to install additional prerequisites as detailed in the cryptography installation guide for your operating system.
$ pip install aws-cryptographic-material-providers
The AWS Cryptographic Materials Providers Library (MPL) is available in multiple languages. The concepts in the Python implementation of the MPL are the same as in other languages. For more information on concepts in the MPL, see the README for all languages.
The MaterialProviders client and all provided CryptoMaterialsManagers (CMMs) are thread safe.
But keyrings that call AWS Key Management Service (KMS) and CMMs that use keyrings that call KMS MUST not be shared between threads, for reasons outlined in the boto3 docs.
(Keyrings that call KMS are identified by the string Kms in their name. ex. AwsKmsKeyring, AwsKmsMrkDiscoveryMultiKeyring, etc.)
Finally, while the provided implementations of ICryptographicMaterialsCache are thread-safe,
there is currently no thread-safe keyring implementation that supports using a cache.