Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

EncryptionConfigurationForRepositoryCreationTemplate

PDF
Focus mode
EncryptionConfigurationForRepositoryCreationTemplate - Amazon Elastic Container Registry
ContentsSee Also

The encryption configuration to associate with the repository creation template.

Contents

encryptionType

The encryption type to use.

If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS. When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created. For more information, see Protecting data using server-side encryption with an AWS KMS key stored in AWS Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide.

If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide.

Type: String

Valid Values: AES256 | KMS | KMS_DSSE

Required: Yes

kmsKey

If you use the KMS encryption type, specify the AWS KMS key to use for encryption. The full ARN of the AWS KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed AWS KMS key for Amazon ECR will be used.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 2048.

Pattern: ^$|arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key\/[a-z0-9-]+

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

On this page

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.