Installing the AWS Encryption SDK command line interface - AWS Encryption SDK

Installing the AWS Encryption SDK command line interface

This topic explains how to install the AWS Encryption CLI. For detailed information, see the aws-encryption-sdk-cli repository on GitHub and Read the Docs.

Installing the prerequisites

The AWS Encryption CLI is built on the AWS Encryption SDK for Python. To install the AWS Encryption CLI, you need Python and pip, the Python package management tool. Python and pip are available on all supported platforms.

Install the following prerequisites before you install the AWS Encryption CLI,

Python

Python 3.6 or later is required by the AWS Encryption CLI versions 4.1.0 and later.

Earlier versions of the AWS Encryption CLI support Python 2.7 and 3.4 and later, but we recommend that you use the latest version of the AWS Encryption CLI.

Python is included in most Linux and macOS installations, but you need to upgrade to Python 3.6 or later. We recommend that you use the latest version of Python. On Windows, you have to install Python; it is not installed by default. To download and install Python, see Python downloads.

To determine whether Python is installed, at the command line, type the following.

python

To check the Python version, use the -V (uppercase V) parameter.

python -V

On Windows, after you install Python, add the path to the Python.exe file to the value of the Path environment variable.

By default, Python is installed in the all users directory or in a user profile directory ($home or %userprofile%) in the AppData\Local\Programs\Python subdirectory. To find the location of the Python.exe file on your system, check one of the following registry keys. You can use PowerShell to search the registry.

PS C:\> dir HKLM:\Software\Python\PythonCore\version\InstallPath # -or- PS C:\> dir HKCU:\Software\Python\PythonCore\version\InstallPath
pip

pip is the Python package manager. To install the AWS Encryption CLI and its dependencies, you need pip 8.1 or later. For help installing or upgrading pip, see Installation in the pip documentation.

On Linux installations, versions of pip earlier than 8.1 can't build the cryptography library that the AWS Encryption CLI requires. If you choose not to update your pip version, you can install the build tools separately. For more information, see Building cryptography on Linux.

AWS Command Line Interface

The AWS Command Line Interface (AWS CLI) is required only if you are using AWS KMS keys in AWS Key Management Service (AWS KMS) with the AWS Encryption CLI. If you are using a different master key provider, the AWS CLI is not required.

To use AWS KMS keys with the AWS Encryption CLI, you need to install and configure the AWS CLI. The configuration makes the credentials that you use to authenticate to AWS KMS available to the AWS Encryption CLI.

Installing and updating the AWS Encryption CLI

Install the latest version of the AWS Encryption CLI. When you use pip to install the AWS Encryption CLI, it automatically installs the libraries that the CLI needs, including the AWS Encryption SDK for Python, the Python cryptography library, and the AWS SDK for Python (Boto3).

Note

Versions of the AWS Encryption CLI earlier than 4.0.0 are in the end-of-support phase.

You can safely update from version 2.1.x and later to the latest version of the AWS Encryption CLI without any code or data changes. However, new security features introduced in version 2.1.x are not backward-compatible. To update from version 1.7.x or earlier, you must first update to the latest 1.x version of the AWS Encryption CLI. For details, see Migrating your AWS Encryption SDK.

New security features were originally released in AWS Encryption CLI versions 1.7.x and 2.0.x. However, AWS Encryption CLI version 1.8.x replaces version 1.7.x and AWS Encryption CLI 2.1.x replaces 2.0.x. For details, see the relevant security advisory in the aws-encryption-sdk-cli repository on GitHub.

To install the latest version of the AWS Encryption CLI
pip install aws-encryption-sdk-cli
To upgrade to the latest version of the AWS Encryption CLI
pip install --upgrade aws-encryption-sdk-cli
To find the version numbers of your AWS Encryption CLI and AWS Encryption SDK
aws-encryption-cli --version

The output lists the version numbers of both libraries.

aws-encryption-sdk-cli/2.1.0 aws-encryption-sdk/2.0.0
To upgrade to the latest version of the AWS Encryption CLI
pip install --upgrade aws-encryption-sdk-cli

Installing the AWS Encryption CLI also installs the latest version of the AWS SDK for Python (Boto3), if it's not already installed. If Boto3 is installed, the installer verifies the Boto3 version and updates it if required.

To find your installed version of Boto3
pip show boto3
To update to the latest version of Boto3
pip install --upgrade boto3

To install the version of the AWS Encryption CLI currently in development, see the aws-encryption-sdk-cli repository on GitHub.

For more details about using pip to install and upgrade Python packages, see the pip documentation.