{"id":14447,"library":"aws-cryptography-internal-dynamodb","title":"AWS DynamoDB Encryption Client (Internal Dependency)","description":"This library, `aws-cryptography-internal-dynamodb` (version 1.11.2), is an internal dependency of the AWS SDK for DynamoDB Encryption for Python (`aws-sdk-dynamodb-encryption`). It provides core cryptographic components but is not intended for direct installation or use by end-users. Users seeking client-side encryption for DynamoDB should install the `aws-sdk-dynamodb-encryption` package, which offers the public API and manages this internal dependency. It follows an irregular release cadence tied to the parent SDK's updates. This package requires Python >=3.11.0, <4.0.0.","status":"active","version":"1.11.2","language":"en","source_language":"en","source_url":"https://github.com/aws/aws-sdk-dynamodb-encryption-python","tags":["aws","dynamodb","encryption","security","cryptography","internal-dependency"],"install":[{"cmd":"pip install aws-cryptography-internal-dynamodb","lang":"bash","label":"Installation of the internal dependency"},{"cmd":"pip install aws-sdk-dynamodb-encryption","lang":"bash","label":"Recommended: Install the public-facing SDK"}],"dependencies":[],"imports":[{"note":"This symbol is from the parent library, `aws-sdk-dynamodb-encryption`, which depends on this internal package. Do not attempt to import from `aws-cryptography-internal-dynamodb` directly, as it does not expose public interfaces.","symbol":"EncryptedTable","correct":"from aws_dynamodb_encryption_sdk.encrypted.table import EncryptedTable"},{"note":"Similar to `EncryptedTable`, this is part of the public API provided by the `aws-sdk-dynamodb-encryption` library, not this internal dependency.","symbol":"DynamoDbEncryptionConfig","correct":"from aws_dynamodb_encryption_sdk.identifiers import DynamoDbEncryptionConfig"}],"quickstart":{"code":"import os\nimport boto3\nfrom aws_dynamodb_encryption_sdk.encrypted.table import EncryptedTable\nfrom aws_encryption_sdk.key_providers.kms import KMSKeyring\n\n# NOTE: This quickstart demonstrates usage of the PARENT library: `aws-sdk-dynamodb-encryption`.\n# This internal package (`aws-cryptography-internal-dynamodb`) is NOT for direct use.\n# Ensure you have installed the public-facing SDK: `pip install aws-sdk-dynamodb-encryption`\n\n# Configuration\nTABLE_NAME = os.environ.get('DYNAMODB_TABLE_NAME', 'my-encrypted-table')\nKMS_KEY_ARN = os.environ.get('KMS_KEY_ARN', 'arn:aws:kms:us-west-2:123456789012:key/your-kms-key-id')\nREGION = os.environ.get('AWS_REGION', 'us-west-2')\n\n# Initialize boto3 DynamoDB client\ndynamodb_client = boto3.client('dynamodb', region_name=REGION)\n\n# Create a KMS Keyring\nkeyring = KMSKeyring(key_ids=[KMS_KEY_ARN])\n\n# Create an EncryptedTable instance for your DynamoDB table\n# The master key provider is used to encrypt/decrypt data on the client side\nencrypted_table = EncryptedTable(\n    table=boto3.resource('dynamodb', region_name=REGION).Table(TABLE_NAME),\n    keyring=keyring\n)\n\n# Example: Put an item into the encrypted table\nitem_id = 'item123'\nitem_data = {'id': item_id, 'data': 'sensitive_info', 'cleartext_attribute': 'visible_data'}\nprint(f\"Putting item: {item_data}\")\nencrypted_table.put_item(Item=item_data)\n\n# Example: Get an item from the encrypted table\nretrieved_item = encrypted_table.get_item(Key={'id': item_id})['Item']\nprint(f\"Retrieved item: {retrieved_item}\")\n\n# Verify decryption (sensitive_info should be visible)\nassert retrieved_item['data'] == 'sensitive_info'\nprint(\"Item successfully encrypted and decrypted.\")\n","lang":"python","description":"This quickstart demonstrates the typical usage pattern for the AWS DynamoDB Encryption Client. Note that the imports and `EncryptedTable` class are provided by the *parent* library, `aws-sdk-dynamodb-encryption`, not `aws-cryptography-internal-dynamodb` directly. Ensure you have the `aws-sdk-dynamodb-encryption` package installed and configured with appropriate AWS credentials and a KMS key ARN. The example shows putting and getting an item, with client-side encryption and decryption handled automatically."},"warnings":[{"fix":"Always install and interact with the public-facing SDK: `aws-sdk-dynamodb-encryption`. This SDK manages its dependencies, including this package, and provides a stable, documented API.","message":"This package (`aws-cryptography-internal-dynamodb`) is an internal dependency of the AWS SDK for DynamoDB Encryption. It is not designed for direct consumption, and its internal components are subject to breaking changes without notice or adherence to semantic versioning for public APIs.","severity":"breaking","affected_versions":"All versions"},{"fix":"To use client-side encryption for DynamoDB, you MUST install the full AWS SDK for DynamoDB Encryption: `pip install aws-sdk-dynamodb-encryption`.","message":"Installing `aws-cryptography-internal-dynamodb` alone does NOT provide the AWS DynamoDB Encryption Client SDK. You will not find the main `aws_dynamodb_encryption_sdk` module or its public classes after installing only this dependency.","severity":"gotcha","affected_versions":"All versions"},{"fix":"All public interfaces (e.g., `EncryptedTable`, `KMSKeyring`) are provided by `aws_dynamodb_encryption_sdk`. Import from that module instead.","message":"Trying to import directly from `aws_cryptography_internal_dynamodb` will likely result in `ModuleNotFoundError` for intended classes or `AttributeError` for methods, as it exposes no public interfaces designed for direct user interaction.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Install the full AWS SDK for DynamoDB Encryption: `pip install aws-sdk-dynamodb-encryption`.","cause":"Attempting to import from the public DynamoDB Encryption SDK module (`aws_dynamodb_encryption_sdk`) after only installing its internal dependency (`aws-cryptography-internal-dynamodb`).","error":"ModuleNotFoundError: No module named 'aws_dynamodb_encryption_sdk'"},{"fix":"All public interfaces for DynamoDB client-side encryption are provided by `aws-sdk-dynamodb-encryption`. Install that library and import classes like `EncryptedTable` from `aws_dynamodb_encryption_sdk`.","cause":"Mistakenly attempting to use `aws-cryptography-internal-dynamodb` as if it were the public-facing DynamoDB Encryption SDK and trying to access its classes.","error":"AttributeError: module 'aws_cryptography_internal_dynamodb' has no attribute 'EncryptedTable'"}],"ecosystem":"pypi"}