Skip to content

Commit 3c73f4d

Browse files
gliptaktexastony
gliptak
and
texastony
authored
Update README.rst
Co-authored-by: Tony Knapp <[email protected]>
1 parent a20a000 commit 3c73f4d

File tree

1 file changed

+9
-1
lines changed

1 file changed

+9
-1
lines changed

README.rst

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -309,7 +309,15 @@ to your use-case in order to obtain peak performance.
309309

310310
Thread safety
311311
==========================
312-
The clients are all thread safe, yes, with one minor qualifier. Instances of `KMSMasterKeyProvider` should not be shared between threads, for the reasons outlined in the `boto3 docs <http://boto3.readthedocs.io/en/latest/guide/resources.html#multithreading-multiprocessing>`_ . We do create `new boto3 sessions <https://github.com/awslabs/aws-encryption-sdk-python/blob/master/src/aws_encryption_sdk/key_providers/kms.py#L114>`_ for each `KMSMasterKeyProvider` instance regional client, so you don't need to worry about issues below that level. As long as you create a new `KMSMasterKeyProvider` for each thread, you should be fine.
312+
The `EncryptionSDKClient` and all provided`CryptoMaterialsManager` are thread safe.
313+
But instances of `BaseKMSMasterKeyProvider` MUST not be shared between threads,
314+
for the reasons outlined in (the boto3 docs)[https://boto3.amazonaws.com/v1/documentation/api/latest/guide/resources.html#multithreading-or-multiprocessing-with-resources].
315+
316+
Because the `BaseKMSMaterKeyProvider` creates a [new boto3 sessions](https://github.com/aws/aws-encryption-sdk-python/blob/08f305a9b7b5fc897d9cafac55fb98f3f2a6fe13/src/aws_encryption_sdk/key_providers/kms.py#L665-L674) per region,
317+
users do not need to create a client for every region in every thread;
318+
a new `BaseKMSMasterKeyProvider` per thread is sufficient.
319+
320+
(The `BaseKMSMasterKeyProvider` is the internal parent class of all the KMS Providers.)
313321

314322
If you are using data key caching, however, caches can be shared across threads without issue, though if you want to share entries in that cache across threads you will need to be careful (see explanation about `partition name <http://aws-encryption-sdk-python.readthedocs.io/en/latest/generated/aws_encryption_sdk.materials_managers.caching.html#aws_encryption_sdk.materials_managers.caching.CachingCryptoMaterialsManager>`_ ).
315323

0 commit comments

Comments
 (0)