You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.rst
+15
Original file line number
Diff line number
Diff line change
@@ -307,6 +307,21 @@ Processing each frame in a framed message involves a certain amount of overhead.
307
307
increasing the frame size can offer potentially significant performance gains. We recommend that you tune these values
308
308
to your use-case in order to obtain peak performance.
309
309
310
+
Thread safety
311
+
==========================
312
+
The ``EncryptionSDKClient`` and all provided ``CryptoMaterialsManager`` are thread safe.
313
+
But instances of ``BaseKMSMasterKeyProvider`` MUST not be shared between threads,
314
+
for the reasons outlined in `the boto3 docs <https://boto3.amazonaws.com/v1/documentation/api/latest/guide/resources.html#multithreading-or-multiprocessing-with-resources>`_.
315
+
316
+
Because the ``BaseKMSMaterKeyProvider`` creates a `new boto3 sessions <https://github.com/aws/aws-encryption-sdk-python/blob/08f305a9b7b5fc897d9cafac55fb98f3f2a6fe13/src/aws_encryption_sdk/key_providers/kms.py#L665-L674>`_ per region,
317
+
users do not need to create a client for every region in every thread;
318
+
a new ``BaseKMSMasterKeyProvider`` per thread is sufficient.
319
+
320
+
(The ``BaseKMSMasterKeyProvider`` is the internal parent class of all the KMS Providers.)
321
+
322
+
Finally, while the ``CryptoMaterialsCache`` is thread safe,
323
+
sharing entries in that cache across threads needs to be done carefully
324
+
(see the !Note about partition name `in the API Docs <https://aws-encryption-sdk-python.readthedocs.io/en/latest/generated/aws_encryption_sdk.materials_managers.caching.html#aws_encryption_sdk.materials_managers.caching.CachingCryptoMaterialsManager>`_).
0 commit comments