Feature request: API to pass KMSMasterKeyProviderConfig to key providers' KMS clients
alex-chew opened this issue · 1 comments
alex-chew commented
Currently, the best way to configure the KMS clients that Master Key Providers create, is to subclass the desired provider to supply the desired KMS client configuration. This can be better handled by providing a dedicated API or argument, or to refactor the Python ESDK to use keyrings.
Context: #446
lucasmcdonald3 commented
ESDK now supports keyrings, which take in a KMS client object on creation. See an example: https://github.com/aws/aws-encryption-sdk-python/blob/master/examples/src/aws_kms_keyring_example.py
It's unlikely we will take this feature request on as-is, since MKPs are now "legacy" and will be marked as deprecated soon. Keyrings are the recommended way to encrypt data.