Allow to pass overrideConfiguration per request

### Security issue notifications

If you discover a potential security issue in the AWS Encryption SDK we ask that you notify AWS Security via our [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public GitHub issue.

### Problem:

If i want to pass additional headers with Decrypt call (e.g Confused Deputy protection). I need to provide for each account own KmsClient. Instead in SdkV2 i can call .overrideConfiguration on request (you already use it for API_NAMESPACE).

If it will be possible to add .overrideConfiguration per call encrypt/decrypt i can use the same KmsClient for all accounts.

### Solution:

A description of the possible solution in terms of Encryption SDK architecture.

I see 2 options:
1. in AwsCrypto.decryptData/ecryptData provide additional argument with options
2. When construct KmsMasterKeyProvider ask for supplier for override. But there we need to send something in addition to identify context of request

### Out of scope:

Is there anything the solution will intentionally NOT address?

[//]: #  (NOTE: If you believe this might be a security issue, please email aws-security@amazon.com instead of creating a GitHub issue. For more details, see the AWS Vulnerability Reporting Guide: https://aws.amazon.com/security/vulnerability-reporting/ )


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow to pass overrideConfiguration per request #2107

Security issue notifications

Problem:

Solution:

Out of scope:

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Allow to pass overrideConfiguration per request #2107

Description

Security issue notifications

Problem:

Solution:

Out of scope:

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions