AWS Encryption SDK for Python

This topic explains how to install and use the AWS Encryption SDK for Python. For details about programming with the AWS Encryption SDK for Python, see the aws-encryption-sdk-python repository on GitHub. For API documentation, see Read the Docs.

Topics

Prerequisites
Installation
Examples

Prerequisites

Before you install the AWS Encryption SDK for Python, be sure you have the following prerequisites.

A supported version of Python

Python 3.8 or later is required by the AWS Encryption SDK for Python versions 3.2.0 and later.

Note

The AWS Cryptographic Material Providers Library (MPL) is an optional dependency for the AWS Encryption SDK for Python introduced in version 4.x. If you intend to install the MPL, you must use Python 3.11 or later.

Earlier versions of the AWS Encryption SDK support Python 2.7 and Python 3.4 and later, but we recommend that you use the latest version of the AWS Encryption SDK.

To download Python, see Python downloads.

The pip installation tool for Python

pip is included in Python 3.6 and later versions, although you might want to upgrade it. For more information about upgrading or installing pip, see Installation in the pip documentation.

Installation

Install the latest version of the AWS Encryption SDK for Python.

Note

All versions of the AWS Encryption SDK for Python earlier than 3.0.0 are in the end-of-support phase.

You can safely update from version 2.0.x and later to the latest version of the AWS Encryption SDK without any code or data changes. However, new security features introduced in version 2.0.x are not backward-compatible. To update from versions earlier than 1.7.x to version 2.0.x and later, you must first update to the latest 1.x version of the AWS Encryption SDK. For details, see Migrating your AWS Encryption SDK.

Use pip to install the AWS Encryption SDK for Python, as shown in the following examples.

To install the latest version


pip install "aws-encryption-sdk[MPL]"

The [MPL] suffix installs the AWS Cryptographic Material Providers Library (MPL). The MPL contains constructs for encrypting and decrypting your data. The MPL is an optional dependency for the AWS Encryption SDK for Python introduced in version 4.x. We highly recommend installing the MPL. However, if you do not intend to use the MPL, you can omit the [MPL] suffix.

For more details about using pip to install and upgrade packages, see Installing Packages.

The AWS Encryption SDK for Python requires the cryptography library (pyca/cryptography) on all platforms. All versions of pip automatically install and build the cryptography library on Windows. pip 8.1 and later automatically installs and builds cryptography on Linux. If you are using an earlier version of pip and your Linux environment doesn't have the tools needed to build the cryptography library, you need to install them. For more information, see Building Cryptography on Linux.

Versions 1.10.0 and 2.5.0 of the AWS Encryption SDK for Python pin the cryptography dependency between 2.5.0 and 3.3.2. Other versions of the AWS Encryption SDK for Python install the latest version of cryptography. If you require a version of cryptography later than 3.3.2, we recommend that you use the latest major version of the AWS Encryption SDK for Python.

For the latest development version of the AWS Encryption SDK for Python, go to the aws-encryption-sdk-python repository in GitHub.

After you install the AWS Encryption SDK for Python, get started by looking at the Python example code in this guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Examples