Class: Aws::ECR::Types::EncryptionConfiguration

Inherits:

Struct

• Object
• Struct
• Aws::ECR::Types::EncryptionConfiguration

Includes:

Structure

Defined in:

lib/aws-sdk-ecr/types.rb

Overview

The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.

By default, when no encryption configuration is set or the ‘AES256` encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES256 encryption algorithm. This does not require any action on your part.

For more control over the encryption of the contents of your repository, you can use server-side encryption with Key Management Service key stored in Key Management Service (KMS) to encrypt your images. For more information, see [Amazon ECR encryption at rest] in the *Amazon Elastic Container Registry User Guide*.

[1]: docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #encryption_type ⇒ String

  The encryption type to use.

• #kms_key ⇒ String

  If you use the ‘KMS` encryption type, specify the KMS key to use for encryption.

Instance Attribute Details

#encryption_type ⇒ String

The encryption type to use.

If you use the ‘KMS` encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created.

If you use the ‘KMS_DSSE` encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the KMS Management Service key stored in KMS. Similar to the `KMS` encryption type, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you’ve already created.

If you use the ‘AES256` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.

For more information, see [Amazon ECR encryption at rest] in the *Amazon Elastic Container Registry User Guide*.

[1]: docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html

Returns:

• (String)

# File 'lib/aws-sdk-ecr/types.rb', line 1461

class EncryptionConfiguration < Struct.new(
  :encryption_type,
  :kms_key)
  SENSITIVE = []
  include Aws::Structure
end

#kms_key ⇒ String

If you use the ‘KMS` encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

Returns:

• (String)

# File 'lib/aws-sdk-ecr/types.rb', line 1461

class EncryptionConfiguration < Struct.new(
  :encryption_type,
  :kms_key)
  SENSITIVE = []
  include Aws::Structure
end