Unclear configuration description :: KMSMasterKeyProvider

[mattsb42-aws]

In the readme description of how to configure AWS credentials for the KMSMasterKeyProvider[1], we state the following, linking to the boto3 configuration docs[2] (emphasis added).

To provide these credentials, use the standard means by which boto3 locates credentials or provide a pre-existing instance of a botocore session to the KMSMasterKeyProvider.

The intention of this portion of the documentation is to describe that if you do not provide an existing botocore session, one will be created for you using the default credential discovery procedure as described in the boto3 docs.

The current wording can be confusing because in addition to the automatic discovery procedure, the linked docs also describe how to manually provide credentials to a boto3 session or client.

We should update the wording to make the intended meaning clear.

[1] https://github.com/aws/aws-encryption-sdk-python/blob/master/README.rst#kmsmasterkeyprovider
[2] https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html

[nraval1729]

I just got bitten by this and stumbled here. @mattsb42-aws Should I create a PR to update the wording?

[mattsb42-aws]

Sorry to hear that, @nraval1729, but I'm glad you figured it out.

We would welcome a PR, yes! This will also affect the KMS keyring and the default client supplier (see keyring dev branch), but we can figure out the right wording once and reuse it in the other places.

[nraval1729]

Thanks for getting back to me @mattsb42-aws . I'll create one with the changes in a day, and we can iterate on it after your feedback.

[nraval1729]

I've created the PR (#251) @mattsb42-aws . Once we iterate on your feedback I'll create another one for the keyring branch. Thanks!

[robin-aws]

Resolved by #251 which has been merged

[robin-aws]

My mistake, missed the fact there was still more to do here.

[farleyb-amazon]

Closing this; no need to update the keyring branch.