CHANGELOG.rst

Changelog

4.2.0 -- 2024-09-09

Deprecation

The AWS Encryption SDK CLI no longer supports Python 3.7 as of major version 4.2.x; only Python 3.8+ is supported.

4.1.0 -- 2021-10-11

Deprecation

The AWS Encryption SDK CLI no longer supports Python 3.5 as of major version 4.1.x; only Python 3.6+ is supported. Customers using Python 3.5 can still use the 3.x line of the AWS Encryption SDK CLI, which will continue to receive security updates until 2022-07-13, in accordance with our Support Policy.

Maintenance

• Python 3.10 testing and support

4.0.0 -- 2021-07-13

Deprecation

The AWS Encryption SDK CLI no longer supports Python 2 or Python 3.4 as of major version 4.x; only Python 3.5+ is supported. Customers using Python 2 or Python 3.4 can still use the 3.x line of the AWS Encryption SDK CLI, which will continue to receive security updates for the next 12 months, in accordance with our Support Policy.

3.1.0 -- 2021-07-13

Deprecation Announcement

The AWS Encryption SDK CLI is discontinuing support for Python 2. Future major versions of this library will drop support for Python 2 and begin to adopt changes that are known to break Python 2.

Support for Python 3.4 will be removed at the same time. Moving forward, we will support Python 3.5+.

Security updates will still be available for the AWS Encryption SDK CLI 3.x line for the next 12 months, in accordance with our Support Policy.

3.0.0 -- 2021-06-16

Features

• AWS KMS multi-Region Key support

  CLI now supports Multi-Region Keys (MRKs). Usage of MRKs is identical to the usage of non-MRK KMS Keys. Though a KMS Key does not have to be a MRK key for it to be used.

  See https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html for more details about AWS KMS multi-Region Keys.

  See https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/configure.html#config-mrks for more details about how the AWS Encryption SDK interoperates with AWS KMS multi-Region keys.

2.2.0 -- 2021-05-27

Features

• Improvements to the message decryption process

  See https://github.com/aws/aws-encryption-sdk-cli/security/advisories/GHSA-89v2-g37m-g3ff.

2.1.0 -- 2020-10-27

Bugfixes

• Fix for enabling or disabling discovery mode in the CLI

Breaking Changes

• The --discovery parameter is removed. It is replaced by a discovery attribute of the --wrapping-keys parameter.

2.0.0 -- 2020-09-24

New Features

• Updates to the AWS Encryption SDK. 2542b58

  This change includes fixes for issues that were reported by Thai Duong from Google's Security team, and for issues that were identified by AWS Cryptography.

  BREAKING CHANGE: AWS KMS KeyIDs must be specified explicitly or Discovery mode explicitly chosen.

  Key committing suites are now default. CommitmentPolicy requires commitment by default.

  See: Migration Guide

1.7.0 -- 2020-09-24

New Features

• Updates to the AWS Encryption SDK. c2434ba

  This change includes fixes for issues that were reported by Thai Duong from Google's Security team, and for issues that were identified by AWS Cryptography.

  See: Migration Guide

1.1.7 -- 2019-10-15

Operational

• Completely remove typing as an install requirement. #166 #167

1.1.6 -- 2019-09-30

Operational

• Update requirements to only require the typing module for Python versions earlier than 3.5. #165

1.1.5 -- 2018-08-01

Operational

• Remove base64 stream encoding/decoding logic in in favor of base64io library. #154
• Move the aws-encryption-sdk-cli repository from awslabs to aws.

1.1.4 -- 2018-01-15

Bugfixes

• Fixed config file handling of quotes in Windows #110

1.1.3 -- 2017-12-05

Bugfixes

• Blacklist pytest 3.3.0 #125 pytest-dev/pytest#2956
• Expand input and output file paths in metadata #120
• Move metadata file writer to write in binary #121
• Skip symlink tests when running tests in Windows #128

Operational

• Move integration tests away from using config files to using environment variables #62

1.1.2 -- 2017-11-22

Bugfixes

• Fixed permissions issue from installing metadata files #122

1.1.1 -- 2017-11-21

Bugfixes

• Fixed import issue with Python 3.5.0 and 3.5.1 #114

1.1.0 -- 2017-11-18

Public release

Known Issues

• Single and double quote characters break config file parsing on Windows platforms #110 #111
• typing imports fail on Python 3.5.0 and 3.5.1 #114 #115

Bugfixes

• Handle quoting in config files #35
• Allow empty custom suffix #33
• Handle non-POSIX paths in config files in non-POSIX environments #78
• Expand user (~) and environment variables in config files #89
• Parameter key-value pairs will no longer accept empty key or value elements #94

New Features

• Built-in base64 encoding and decoding #29
• Strip plaintext data keys from boto3 logs #54
• Enforce that parent directories always exist #57 #100
• Catch single-dash dummy argument catchers for long-form arguments #5
• Optionally output operation metadata #65
• Optionally encryption context enforcement on decrypt #69

Operational

• Custom master key providers now handled through setuptools entry points #30
• Default master key provider is now namespace-specific #81
• PyPI-Parker configuration and tox testenv added #36
• Custom user agent value added to generated botocore client #70
• AWS KMS master key provider configuration will no longer accept key parameter #80

1.0.2

Bugfixes

• Fixed helpstring output to show input/output as required #1
• Fixed bug when processing encrypt request with no master key provider configuration #3
• Fixed caching CMM construction failure #9

New Features

• Added support for filename expansion #4
• Added ability to specify profile and region for KMSMasterKeyProvider using AWS CLI-like syntax #6
• Reworked verbosity configuration to be more useful #10
• Addded ability to define custom output filename suffix #12

Operational

• Added mypy coverage #13

1.0.1

• Updated aws-encryption-sdk dependency to >=1.3.2 to pull in fix for #7

1.0.0

• Initial creation