add warnings to not use null and counting master keys outside of testing

Author: mattsb42-aws

decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/key_providers/counting.py

@@ -19,8 +19,7 @@
 from aws_encryption_sdk.exceptions import DecryptKeyError
 from aws_encryption_sdk.identifiers import AlgorithmSuite
 from aws_encryption_sdk.key_providers.base import MasterKey, MasterKeyConfig
-from aws_encryption_sdk.structures import EncryptedDataKey
-from aws_encryption_sdk.structures import DataKey
+from aws_encryption_sdk.structures import DataKey, EncryptedDataKey
 
 
 class CountingMasterKeyConfig(MasterKeyConfig):
@@ -40,6 +39,11 @@ class CountingMasterKey(MasterKey):
 
     Generated/decrypted data keys are of the form: ``\01\02\03\04...`` counting
     bytes up from one to the data key length required for a given algorithm suite.
+
+    .. warning::
+
+        This master key is NOT secure and should never be used for anything other than testing.
+
     """
 
     provider_id = "test_counting"

decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/key_providers/null.py

@@ -15,8 +15,7 @@
 
 from aws_encryption_sdk.identifiers import AlgorithmSuite
 from aws_encryption_sdk.key_providers.base import MasterKey, MasterKeyConfig
-from aws_encryption_sdk.structures import EncryptedDataKey
-from aws_encryption_sdk.structures import DataKey
+from aws_encryption_sdk.structures import DataKey, EncryptedDataKey
 
 
 class NullMasterKeyConfig(MasterKeyConfig):
@@ -32,7 +31,13 @@ def __init__(self) -> None:
 
 class NullMasterKey(MasterKey):
     """Master key that generates null data keys and decrypts any data key with provider id
-    "null" or "zero" as a null data key."""
+    "null" or "zero" as a null data key.
+
+    .. warning::
+
+        This master key is NOT secure and should never be used for anything other than testing.
+
+    """
 
     provider_id = "null"
     _allowed_provider_ids = (provider_id, "zero")