You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you discover a potential security issue in the AWS Encryption SDK we ask that you notify AWS Security via our vulnerability reporting page. Please do not create a public GitHub issue.
Problem:
If i want to pass additional headers with Decrypt call (e.g Confused Deputy protection). I need to provide for each account own KmsClient. Instead in SdkV2 i can call .overrideConfiguration on request (you already use it for API_NAMESPACE).
If it will be possible to add .overrideConfiguration per call encrypt/decrypt i can use the same KmsClient for all accounts.
Solution:
A description of the possible solution in terms of Encryption SDK architecture.
I see 2 options:
in AwsCrypto.decryptData/ecryptData provide additional argument with options
When construct KmsMasterKeyProvider ask for supplier for override. But there we need to send something in addition to identify context of request
Out of scope:
Is there anything the solution will intentionally NOT address?
The text was updated successfully, but these errors were encountered:
Security issue notifications
If you discover a potential security issue in the AWS Encryption SDK we ask that you notify AWS Security via our vulnerability reporting page. Please do not create a public GitHub issue.
Problem:
If i want to pass additional headers with Decrypt call (e.g Confused Deputy protection). I need to provide for each account own KmsClient. Instead in SdkV2 i can call .overrideConfiguration on request (you already use it for API_NAMESPACE).
If it will be possible to add .overrideConfiguration per call encrypt/decrypt i can use the same KmsClient for all accounts.
Solution:
A description of the possible solution in terms of Encryption SDK architecture.
I see 2 options:
Out of scope:
Is there anything the solution will intentionally NOT address?
The text was updated successfully, but these errors were encountered: