The AWS Encryption SDK CLI no longer supports Python 3.7 as of major version 4.2.x; only Python 3.8+ is supported.
The AWS Encryption SDK CLI no longer supports Python 3.5 as of major version 4.1.x; only Python 3.6+ is supported. Customers using Python 3.5 can still use the 3.x line of the AWS Encryption SDK CLI, which will continue to receive security updates until 2022-07-13, in accordance with our Support Policy.
- Python 3.10 testing and support
The AWS Encryption SDK CLI no longer supports Python 2 or Python 3.4 as of major version 4.x; only Python 3.5+ is supported. Customers using Python 2 or Python 3.4 can still use the 3.x line of the AWS Encryption SDK CLI, which will continue to receive security updates for the next 12 months, in accordance with our Support Policy.
The AWS Encryption SDK CLI is discontinuing support for Python 2. Future major versions of this library will drop support for Python 2 and begin to adopt changes that are known to break Python 2.
Support for Python 3.4 will be removed at the same time. Moving forward, we will support Python 3.5+.
Security updates will still be available for the AWS Encryption SDK CLI 3.x line for the next 12 months, in accordance with our Support Policy.
AWS KMS multi-Region Key support
CLI now supports Multi-Region Keys (MRKs). Usage of MRKs is identical to the usage of non-MRK KMS Keys. Though a KMS Key does not have to be a MRK key for it to be used.
See https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html for more details about AWS KMS multi-Region Keys.
See https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/configure.html#config-mrks for more details about how the AWS Encryption SDK interoperates with AWS KMS multi-Region keys.
Improvements to the message decryption process
See https://github.com/aws/aws-encryption-sdk-cli/security/advisories/GHSA-89v2-g37m-g3ff.
- Fix for enabling or disabling discovery mode in the CLI
- The
--discovery
parameter is removed. It is replaced by adiscovery
attribute of the--wrapping-keys
parameter.
Updates to the AWS Encryption SDK. 2542b58
This change includes fixes for issues that were reported by Thai Duong from Google's Security team, and for issues that were identified by AWS Cryptography.
BREAKING CHANGE: AWS KMS KeyIDs must be specified explicitly or Discovery mode explicitly chosen.
Key committing suites are now default. CommitmentPolicy requires commitment by default.
See: Migration Guide
Updates to the AWS Encryption SDK. c2434ba
This change includes fixes for issues that were reported by Thai Duong from Google's Security team, and for issues that were identified by AWS Cryptography.
See: Migration Guide
- Update requirements to only require the typing module for Python versions earlier than 3.5. #165
- Remove base64 stream encoding/decoding logic in in favor of
base64io
library. #154 - Move the
aws-encryption-sdk-cli
repository fromawslabs
toaws
.
- Fixed config file handling of quotes in Windows #110
- Blacklist pytest 3.3.0 #125 pytest-dev/pytest#2956
- Expand input and output file paths in metadata #120
- Move metadata file writer to write in binary #121
- Skip symlink tests when running tests in Windows #128
- Move integration tests away from using config files to using environment variables #62
- Fixed permissions issue from installing metadata files #122
- Fixed import issue with Python 3.5.0 and 3.5.1 #114
Public release
- Single and double quote characters break config file parsing on Windows platforms #110 #111
- typing imports fail on Python 3.5.0 and 3.5.1 #114 #115
- Handle quoting in config files #35
- Allow empty custom suffix #33
- Handle non-POSIX paths in config files in non-POSIX environments #78
- Expand user (
~
) and environment variables in config files #89 - Parameter key-value pairs will no longer accept empty key or value elements #94
- Built-in base64 encoding and decoding #29
- Strip plaintext data keys from boto3 logs #54
- Enforce that parent directories always exist #57 #100
- Catch single-dash dummy argument catchers for long-form arguments #5
- Optionally output operation metadata #65
- Optionally encryption context enforcement on decrypt #69
- Custom master key providers now handled through setuptools entry points #30
- Default master key provider is now namespace-specific #81
- PyPI-Parker configuration and tox testenv added #36
- Custom user agent value added to generated botocore client #70
- AWS KMS master key provider configuration will no longer accept
key
parameter #80
- Fixed helpstring output to show input/output as required #1
- Fixed bug when processing encrypt request with no master key provider configuration #3
- Fixed caching CMM construction failure #9
- Added support for filename expansion #4
- Added ability to specify profile and region for KMSMasterKeyProvider using AWS CLI-like syntax #6
- Reworked verbosity configuration to be more useful #10
- Addded ability to define custom output filename suffix #12
- Added mypy coverage #13
- Updated aws-encryption-sdk dependency to
>=1.3.2
to pull in fix for #7
- Initial creation