Installing the AWS Encryption SDK command line interface
This topic explains how to install the AWS Encryption CLI. For detailed information, see the aws-encryption-sdk-cli
Installing the prerequisites
The AWS Encryption CLI is built on the AWS Encryption SDK for Python. To install the AWS Encryption CLI, you need
Python and pip
, the Python package management tool. Python and pip
are available on all supported platforms.
Install the following prerequisites before you install the AWS Encryption CLI,
- Python
-
Python 3.6 or later is required by the AWS Encryption CLI versions 4.1.0 and later.
Earlier versions of the AWS Encryption CLI support Python 2.7 and 3.4 and later, but we recommend that you use the latest version of the AWS Encryption CLI.
Python is included in most Linux and macOS installations, but you need to upgrade to Python 3.6 or later. We recommend that you use the latest version of Python. On Windows, you have to install Python; it is not installed by default. To download and install Python, see Python downloads
. To determine whether Python is installed, at the command line, type the following.
python
To check the Python version, use the
-V
(uppercase V) parameter.python -V
On Windows, after you install Python, add the path to the
Python.exe
file to the value of the Path environment variable.By default, Python is installed in the all users directory or in a user profile directory (
$home
or%userprofile%
) in theAppData\Local\Programs\Python
subdirectory. To find the location of thePython.exe
file on your system, check one of the following registry keys. You can use PowerShell to search the registry.PS C:\>
dir HKLM:\Software\Python\PythonCore\
# -or-version
\InstallPathPS C:\>
dir HKCU:\Software\Python\PythonCore\
version
\InstallPath - pip
-
pip
is the Python package manager. To install the AWS Encryption CLI and its dependencies, you needpip
8.1 or later. For help installing or upgradingpip
, see Installationin the pip
documentation.On Linux installations, versions of
pip
earlier than 8.1 can't build the cryptography library that the AWS Encryption CLI requires. If you choose not to update yourpip
version, you can install the build tools separately. For more information, see Building cryptography on Linux. - AWS Command Line Interface
-
The AWS Command Line Interface (AWS CLI) is required only if you are using AWS KMS keys in AWS Key Management Service (AWS KMS) with the AWS Encryption CLI. If you are using a different master key provider, the AWS CLI is not required.
To use AWS KMS keys with the AWS Encryption CLI, you need to install and configure the AWS CLI. The configuration makes the credentials that you use to authenticate to AWS KMS available to the AWS Encryption CLI.
Installing and updating the AWS Encryption CLI
Install the latest version of the AWS Encryption CLI. When you use pip
to install
the AWS Encryption CLI, it automatically installs the libraries that the CLI needs, including the
AWS Encryption SDK for Python, the Python cryptography library
Note
Versions of the AWS Encryption CLI earlier than 4.0.0 are in the end-of-support phase.
You can safely update from version 2.1.x and later to the latest version of the AWS Encryption CLI without any code or data changes. However, new security features introduced in version 2.1.x are not backward-compatible. To update from version 1.7.x or earlier, you must first update to the latest 1.x version of the AWS Encryption CLI. For details, see Migrating your AWS Encryption SDK.
New security features were originally released in AWS Encryption CLI versions 1.7.x and 2.0.x.
However, AWS Encryption CLI version 1.8.x replaces version 1.7.x and AWS Encryption CLI 2.1.x replaces 2.0.x. For details, see the relevant security advisory
- To install the latest version of the AWS Encryption CLI
-
pip install aws-encryption-sdk-cli
- To upgrade to the latest version of the AWS Encryption CLI
-
pip install --upgrade aws-encryption-sdk-cli
- To find the version numbers of your AWS Encryption CLI and AWS Encryption SDK
-
aws-encryption-cli --version
The output lists the version numbers of both libraries.
aws-encryption-sdk-cli/2.1.0 aws-encryption-sdk/2.0.0
- To upgrade to the latest version of the AWS Encryption CLI
-
pip install --upgrade aws-encryption-sdk-cli
Installing the AWS Encryption CLI also installs the latest version of the AWS SDK for Python (Boto3), if it's not already installed. If Boto3 is installed, the installer verifies the Boto3 version and updates it if required.
- To find your installed version of Boto3
pip show boto3
- To update to the latest version of Boto3
pip install --upgrade boto3
To install the version of the AWS Encryption CLI currently in development, see the aws-encryption-sdk-cli
For more details about using pip
to install and upgrade Python packages, see
the pip documentation