You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.
Class: Aws::Glue::Types::ConnectionPasswordEncryption
- Inherits:
-
Struct
- Object
- Struct
- Aws::Glue::Types::ConnectionPasswordEncryption
- Defined in:
- (unknown)
Overview
When passing ConnectionPasswordEncryption as input to an Aws::Client method, you can use a vanilla Hash:
{
return_connection_password_encrypted: false, # required
aws_kms_key_id: "NameString",
}
The data structure used by the Data Catalog to encrypt the password as part of CreateConnection
or UpdateConnection
and store it in the ENCRYPTED_PASSWORD
field in the connection properties. You can enable catalog encryption or only password encryption.
When a CreationConnection
request arrives containing a password, the Data Catalog first encrypts the password using your AWS KMS key. It then encrypts the whole connection object again if catalog encryption is also enabled.
This encryption requires that you set AWS KMS key permissions to enable or restrict access on the password key according to your security requirements. For example, you might want only administrators to have decrypt permission on the password key.
Returned by:
Instance Attribute Summary collapse
-
#aws_kms_key_id ⇒ String
An AWS KMS key that is used to encrypt the connection password.
-
#return_connection_password_encrypted ⇒ Boolean
When the
ReturnConnectionPasswordEncrypted
flag is set to \"true\", passwords remain encrypted in the responses ofGetConnection
andGetConnections
.
Instance Attribute Details
#aws_kms_key_id ⇒ String
An AWS KMS key that is used to encrypt the connection password.
If connection password protection is enabled, the caller of
CreateConnection
and UpdateConnection
needs at least kms:Encrypt
permission on the specified AWS KMS key, to encrypt passwords before
storing them in the Data Catalog.
You can set the decrypt permission to enable or restrict access on the password key according to your security requirements.
#return_connection_password_encrypted ⇒ Boolean
When the ReturnConnectionPasswordEncrypted
flag is set to \"true\",
passwords remain encrypted in the responses of GetConnection
and
GetConnections
. This encryption takes effect independently from
catalog encryption.