{"id":14448,"library":"aws-cryptography-internal-kms","title":"AWS Cryptography Internal KMS Library","description":"aws-cryptography-internal-kms is an internal Python library published by Amazon Web Services. It is a low-level component, likely providing performance enhancements or specific cryptographic implementations for AWS KMS operations within other AWS SDK components like `botocore` or `boto3`. It is not intended for direct use by end-user applications, lacks public documentation, and its API is subject to change without notice. The current version is 1.11.2. Its release cadence is tied to other AWS SDK component updates.","status":"active","version":"1.11.2","language":"en","source_language":"en","source_url":"https://aws.amazon.com/sdk-for-python/","tags":["aws","kms","cryptography","internal","boto3","security"],"install":[{"cmd":"pip install aws-cryptography-internal-kms","lang":"bash","label":"Install via pip"}],"dependencies":[{"reason":"Core dependency for AWS SDK interactions, likely used internally by this component.","package":"botocore","optional":false}],"imports":[{"note":"This import exposes low-level internal client functionalities, but direct usage is strongly discouraged. Use boto3 for standard KMS operations.","symbol":"aws_kms_client","correct":"from aws_cryptography_internal_kms import aws_kms_client"}],"quickstart":{"code":"# This library is NOT intended for direct use by end-user applications.\n# The standard and recommended way to interact with AWS KMS is via boto3.\n\nimport os\nimport boto3\n\n# Ensure AWS credentials are configured (e.g., via environment variables or ~/.aws/credentials)\n# For example, by setting AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION_NAME\naws_region = os.environ.get('AWS_REGION_NAME', 'us-east-1')\n\n# Instantiate a KMS client using boto3 (the recommended approach)\nkms_client = boto3.client('kms', region_name=aws_region)\n\ntry:\n    # Example: List up to 5 KMS keys\n    response = kms_client.list_keys(Limit=5)\n    print(f\"Successfully listed {len(response['Keys'])} KMS keys using boto3.\")\n    # print(response)\nexcept Exception as e:\n    print(f\"Error interacting with KMS via boto3: {e}\")\n    print(\"Please ensure your AWS credentials are configured correctly.\")\n\n# Attempting to directly use aws-cryptography-internal-kms is strongly discouraged.\n# from aws_cryptography_internal_kms import aws_kms_client\n# print(\"Direct import of aws-cryptography-internal-kms components is possible \")\n# print(\"but is not recommended due to unstable API and lack of documentation.\")\n","lang":"python","description":"This quickstart explicitly demonstrates how to interact with AWS KMS using `boto3`, which is the standard and recommended approach. The `aws-cryptography-internal-kms` library is an internal component and should not be used directly by end-user applications. The example lists KMS keys, requiring AWS credentials to be configured in the environment or via standard AWS configuration files."},"warnings":[{"fix":"Migrate any direct usage to `boto3.client('kms')` for stable, supported KMS operations.","message":"This library is NOT INTENDED FOR DIRECT USE by end-user applications. Its API is internal, unstable, and subject to change without warning, which will lead to frequent breaking changes in user code. Always use `boto3` for AWS KMS interactions.","severity":"breaking","affected_versions":"All versions"},{"fix":"Refer to the `boto3` documentation for official AWS SDK interactions.","message":"There is no official public documentation or support for `aws-cryptography-internal-kms`. Relying on its internal structure for custom solutions is highly discouraged as it will be unmaintainable and unsupported.","severity":"gotcha","affected_versions":"All versions"},{"fix":"If you need KMS functionality, ensure `boto3` is installed (`pip install boto3`) and use its well-documented API.","message":"This package primarily serves as an internal dependency for other AWS SDK components. Installing it directly or attempting to import it for application logic is usually a misstep and indicates a misunderstanding of its purpose.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Ensure your Python environment is running a compatible version (Python 3.11 or 3.12).","message":"The `requires_python` constraint for this library is `>=3.11.0,<4.0.0`. Attempting to install or use it with Python versions outside this range (e.g., Python 3.10 or Python 4.x) will likely result in installation failures or runtime errors.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Run `pip install aws-cryptography-internal-kms`. However, note that this library is for internal use and direct usage is not recommended.","cause":"The `aws-cryptography-internal-kms` package is not installed in your Python environment.","error":"ModuleNotFoundError: No module named 'aws_cryptography_internal_kms'"},{"fix":"Use `boto3.client('kms')` for standard AWS KMS interactions. The `aws-cryptography-internal-kms` library is not designed for direct public consumption and does not expose a 'KMSClient' attribute for end-user interaction.","cause":"You are attempting to use the internal library as if it were a high-level client like `boto3`.","error":"AttributeError: module 'aws_cryptography_internal_kms' has no attribute 'KMSClient'"},{"fix":"Ensure you are using Python 3.11 or 3.12. Check your internet connection and PyPI accessibility. If using a custom mirror, ensure it's up to date.","cause":"Your Python version might be incompatible with the package's `Requires-Python` metadata (>=3.11.0,<4.0.0) or there might be network issues.","error":"ERROR: Could not find a version that satisfies the requirement aws-cryptography-internal-kms (from versions: none)"}],"ecosystem":"pypi"}