ConnectionPasswordEncryption
The data structure used by the Data Catalog to encrypt the password as part of
CreateConnection or UpdateConnection and store it in the
ENCRYPTED_PASSWORD field in the connection properties. You can enable catalog
encryption or only password encryption.
When a CreationConnection request arrives containing a password, the Data
Catalog first encrypts the password using your AWS KMS key. It then encrypts the whole
connection object again if catalog encryption is also enabled.
This encryption requires that you set AWS KMS key permissions to enable or restrict access on the password key according to your security requirements. For example, you might want only administrators to have decrypt permission on the password key.
Contents
- ReturnConnectionPasswordEncrypted
-
When the
ReturnConnectionPasswordEncryptedflag is set to "true", passwords remain encrypted in the responses ofGetConnectionandGetConnections. This encryption takes effect independently from catalog encryption.Type: Boolean
Required: Yes
- AwsKmsKeyId
-
An AWS KMS key that is used to encrypt the connection password.
If connection password protection is enabled, the caller of
CreateConnectionandUpdateConnectionneeds at leastkms:Encryptpermission on the specified AWS KMS key, to encrypt passwords before storing them in the Data Catalog.You can set the decrypt permission to enable or restrict access on the password key according to your security requirements.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern:
[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDC00-\uDBFF\uDFFF\t]*Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
