AWS payment-cryptography medium security documentation change
Summary
Clarified that GetKeys API returns key metadata but not cryptographic material
Security assessment
Explicitly states that cryptographic key material is not exposed through this API, which is a security control measure to prevent accidental exposure of sensitive data
Diff
diff --git a/payment-cryptography/latest/userguide/getkeys.md b/payment-cryptography/latest/userguide/getkeys.md index dfaf01551..232287697 100644 --- a//payment-cryptography/latest/userguide/getkeys.md +++ b//payment-cryptography/latest/userguide/getkeys.md @@ -7 +7 @@ -An AWS Payment Cryptography key represents a single unit of cryptographic material and can only be used for cryptographic operations for this service. The GetKeys API takes a KeyIdentifier as input and returns the immutable and mutable attributes of the key but does not contain any cryptographic material. +An AWS Payment Cryptography key represents a single unit of cryptographic material and can only be used for cryptographic operations for this service. The GetKeys API takes a KeyIdentifier as input and returns key metadata including attributes, state, and timestamps, but does not return actual cryptographic key material.