EncryptionConfigurationForRepositoryCreationTemplate
The encryption configuration to associate with the repository creation template.
Contents
- encryptionType
-
The encryption type to use.
If you use the
KMS
encryption type, the contents of the repository will be encrypted using server-side encryption with Amazon Key Management Service key stored in Amazon KMS. When you use Amazon KMS to encrypt your data, you can either use the default Amazon managed Amazon KMS key for Amazon ECR, or specify your own Amazon KMS key, which you already created. For more information, see Protecting data using server-side encryption with an Amazon KMS key stored in Amazon Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide.If you use the
AES256
encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide.Type: String
Valid Values:
AES256 | KMS | KMS_DSSE
Required: Yes
- kmsKey
-
If you use the
KMS
encryption type, specify the Amazon KMS key to use for encryption. The full ARN of the Amazon KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon managed Amazon KMS key for Amazon ECR will be used.Type: String
Length Constraints: Minimum length of 0. Maximum length of 2048.
Pattern:
^$|arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key\/[a-z0-9-]+
Required: No
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: