aws_encryption_sdk.keyrings.multi

Resources required for Multi Keyrings.

Classes

MultiKeyring([generator, children])

Public class for Multi Keyring.

class aws_encryption_sdk.keyrings.multi.MultiKeyring(generator=None, children=NOTHING)

Bases: aws_encryption_sdk.keyrings.base.Keyring

Public class for Multi Keyring.

New in version 1.5.0.

Parameters:

• generator (Keyring) – Generator keyring used to generate data encryption key (optional)
• children (List[Keyring]) – List of keyrings used to encrypt the data encryption key (optional)

Raises:

EncryptKeyError – if encryption of data key fails for any reason

on_decrypt(decryption_materials, encrypted_data_keys)

Attempt to decrypt the encrypted data keys.

Parameters:

• decryption_materials (DecryptionMaterials) – Decryption materials for keyring to modify.
• encrypted_data_keys (List[EncryptedDataKey]) – List of encrypted data keys.

Returns:

Optionally modified decryption materials.

Return type:

DecryptionMaterials

on_encrypt(encryption_materials)

Generate a data key using generator keyring and encrypt it using any available wrapping key in any child keyring.

Parameters:encryption_materials (EncryptionMaterials) – Encryption materials for keyring to modify. Returns:Optionally modified encryption materials. Return type:EncryptionMaterials Raises:EncryptKeyError – if unable to encrypt data key.