AWS Cryptography Internal KMS Library
aws-cryptography-internal-kms is an internal Python library published by Amazon Web Services. It is a low-level component, likely providing performance enhancements or specific cryptographic implementations for AWS KMS operations within other AWS SDK components like `botocore` or `boto3`. It is not intended for direct use by end-user applications, lacks public documentation, and its API is subject to change without notice. The current version is 1.11.2. Its release cadence is tied to other AWS SDK component updates.
Common errors
-
ModuleNotFoundError: No module named 'aws_cryptography_internal_kms'
cause The `aws-cryptography-internal-kms` package is not installed in your Python environment.fixRun `pip install aws-cryptography-internal-kms`. However, note that this library is for internal use and direct usage is not recommended. -
AttributeError: module 'aws_cryptography_internal_kms' has no attribute 'KMSClient'
cause You are attempting to use the internal library as if it were a high-level client like `boto3`.fixUse `boto3.client('kms')` for standard AWS KMS interactions. The `aws-cryptography-internal-kms` library is not designed for direct public consumption and does not expose a 'KMSClient' attribute for end-user interaction. -
ERROR: Could not find a version that satisfies the requirement aws-cryptography-internal-kms (from versions: none)
cause Your Python version might be incompatible with the package's `Requires-Python` metadata (>=3.11.0,<4.0.0) or there might be network issues.fixEnsure you are using Python 3.11 or 3.12. Check your internet connection and PyPI accessibility. If using a custom mirror, ensure it's up to date.
Warnings
- breaking This library is NOT INTENDED FOR DIRECT USE by end-user applications. Its API is internal, unstable, and subject to change without warning, which will lead to frequent breaking changes in user code. Always use `boto3` for AWS KMS interactions.
- gotcha There is no official public documentation or support for `aws-cryptography-internal-kms`. Relying on its internal structure for custom solutions is highly discouraged as it will be unmaintainable and unsupported.
- gotcha This package primarily serves as an internal dependency for other AWS SDK components. Installing it directly or attempting to import it for application logic is usually a misstep and indicates a misunderstanding of its purpose.
- gotcha The `requires_python` constraint for this library is `>=3.11.0,<4.0.0`. Attempting to install or use it with Python versions outside this range (e.g., Python 3.10 or Python 4.x) will likely result in installation failures or runtime errors.
Install
-
pip install aws-cryptography-internal-kms
Imports
- aws_kms_client
from aws_cryptography_internal_kms import aws_kms_client
Quickstart
# This library is NOT intended for direct use by end-user applications.
# The standard and recommended way to interact with AWS KMS is via boto3.
import os
import boto3
# Ensure AWS credentials are configured (e.g., via environment variables or ~/.aws/credentials)
# For example, by setting AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION_NAME
aws_region = os.environ.get('AWS_REGION_NAME', 'us-east-1')
# Instantiate a KMS client using boto3 (the recommended approach)
kms_client = boto3.client('kms', region_name=aws_region)
try:
# Example: List up to 5 KMS keys
response = kms_client.list_keys(Limit=5)
print(f"Successfully listed {len(response['Keys'])} KMS keys using boto3.")
# print(response)
except Exception as e:
print(f"Error interacting with KMS via boto3: {e}")
print("Please ensure your AWS credentials are configured correctly.")
# Attempting to directly use aws-cryptography-internal-kms is strongly discouraged.
# from aws_cryptography_internal_kms import aws_kms_client
# print("Direct import of aws-cryptography-internal-kms components is possible ")
# print("but is not recommended due to unstable API and lack of documentation.")