You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.
Class: Aws::ECR::Types::EncryptionConfiguration
- Inherits:
-
Struct
- Object
- Struct
- Aws::ECR::Types::EncryptionConfiguration
- Defined in:
- (unknown)
Overview
When passing EncryptionConfiguration as input to an Aws::Client method, you can use a vanilla Hash:
{
encryption_type: "AES256", # required, accepts AES256, KMS
kms_key: "KmsKey",
}
The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
By default, when no encryption configuration is set or the AES256
encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part.
For more control over the encryption of the contents of your repository, you can use server-side encryption with customer master keys (CMKs) stored in AWS Key Management Service (AWS KMS) to encrypt your images. For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide.
Returned by:
Instance Attribute Summary collapse
-
#encryption_type ⇒ String
The encryption type to use.
-
#kms_key ⇒ String
If you use the
KMS
encryption type, specify the CMK to use for encryption.
Instance Attribute Details
#encryption_type ⇒ String
The encryption type to use.
If you use the KMS
encryption type, the contents of the repository
will be encrypted using server-side encryption with customer master keys
(CMKs) stored in AWS KMS. When you use AWS KMS to encrypt your data, you
can either use the default AWS managed CMK for Amazon ECR, or specify
your own CMK, which you already created. For more information, see
Protecting Data Using Server-Side Encryption with CMKs Stored in AWS
Key Management Service (SSE-KMS) in the Amazon Simple Storage
Service Console Developer Guide..
If you use the AES256
encryption type, Amazon ECR uses server-side
encryption with Amazon S3-managed encryption keys which encrypts the
images in the repository using an AES-256 encryption algorithm. For more
information, see Protecting Data Using Server-Side Encryption with
Amazon S3-Managed Encryption Keys (SSE-S3) in the Amazon Simple
Storage Service Console Developer Guide..
#kms_key ⇒ String
If you use the KMS
encryption type, specify the CMK to use for
encryption. The alias, key ID, or full ARN of the CMK can be specified.
The key must exist in the same Region as the repository. If no key is
specified, the default AWS managed CMK for Amazon ECR will be used.