class Aws::ECR::Types::EncryptionConfiguration

The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.

By default, when no encryption configuration is set or the `AES256` encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part.

For more control over the encryption of the contents of your repository, you can use server-side encryption with Key Management Service key stored in Key Management Service (KMS) to encrypt your images. For more information, see [Amazon ECR encryption at rest] in the *Amazon Elastic Container Registry User Guide*.

[1]: docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html

@note When making an API call, you may pass EncryptionConfiguration

data as a hash:

    {
      encryption_type: "AES256", # required, accepts AES256, KMS
      kms_key: "KmsKey",
    }

@!attribute [rw] encryption_type

The encryption type to use.

If you use the `KMS` encryption type, the contents of the repository
will be encrypted using server-side encryption with Key Management
Service key stored in KMS. When you use KMS to encrypt your data,
you can either use the default Amazon Web Services managed KMS key
for Amazon ECR, or specify your own KMS key, which you already
created. For more information, see [Protecting data using
server-side encryption with an KMS key stored in Key Management
Service (SSE-KMS)][1] in the *Amazon Simple Storage Service Console
Developer Guide.*.

If you use the `AES256` encryption type, Amazon ECR uses server-side
encryption with Amazon S3-managed encryption keys which encrypts the
images in the repository using an AES-256 encryption algorithm. For
more information, see [Protecting data using server-side encryption
with Amazon S3-managed encryption keys (SSE-S3)][2] in the *Amazon
Simple Storage Service Console Developer Guide.*.

[1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html
[2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
@return [String]

@!attribute [rw] kms_key

If you use the `KMS` encryption type, specify the KMS key to use for
encryption. The alias, key ID, or full ARN of the KMS key can be
specified. The key must exist in the same Region as the repository.
If no key is specified, the default Amazon Web Services managed KMS
key for Amazon ECR will be used.
@return [String]

@see docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/EncryptionConfiguration AWS API Documentation

Constants

SENSITIVE