AWS Security ChangesHomeSearch

AWS payment-cryptography medium security documentation change

Service: payment-cryptography · 2025-05-31 · Security-related medium

File: payment-cryptography/latest/userguide/getkeys.md

Summary

Clarified that GetKeys API returns key metadata but not cryptographic material

Security assessment

Explicitly states that cryptographic key material is not exposed through this API, which is a security control measure to prevent accidental exposure of sensitive data

Diff

diff --git a/payment-cryptography/latest/userguide/getkeys.md b/payment-cryptography/latest/userguide/getkeys.md
index dfaf01551..232287697 100644
--- a//payment-cryptography/latest/userguide/getkeys.md
+++ b//payment-cryptography/latest/userguide/getkeys.md
@@ -7 +7 @@
-An AWS Payment Cryptography key represents a single unit of cryptographic material and can only be used for cryptographic operations for this service. The GetKeys API takes a KeyIdentifier as input and returns the immutable and mutable attributes of the key but does not contain any cryptographic material. 
+An AWS Payment Cryptography key represents a single unit of cryptographic material and can only be used for cryptographic operations for this service. The GetKeys API takes a KeyIdentifier as input and returns key metadata including attributes, state, and timestamps, but does not return actual cryptographic key material.