Merge branch 'master' into dependabot/pip/dev_requirements/setuptools-70.0.0

Author: texastony

CHANGELOG.rst

@@ -2,6 +2,24 @@
 Changelog
 *********
 
+4.0.1 -- 2025-03-26
+===================
+
+Fixes
+-----------
+* fix: Improve header serialization
+  `#747 <https://github.com/aws/aws-encryption-sdk-python/pull/747>`_
+
+  ESDK-Python <4.0.1 would truncate non-ASCII key provider IDs it wrote to message headers.
+  If a Raw or Custom MasterKeyProvider or Keyring supplied a non-ASCII key provider ID / key namespace,
+  ESDK-Python would truncate the the key provider ID it wrote to the message's header.
+  The message can be decrypted by replacing the truncated provider ID with the expected provider ID in decryption code.
+  Contact AWS for any questions about this approach.
+
+Maintenance
+-----------
+* deps: Extend supported `MPL`_ versions to include v1.10.0
+
 4.0.0 -- 2024-10-29
 ===================
 
@@ -23,6 +41,7 @@ Breaking Changes
   However, messages that are constructed with the required EC CMM are not backward compatible with ESDK <4.0.0,
   as no version of ESDK <4.0.0 supports reading messages encrypted with the required EC CMM.
   A message that is encrypted with the required EC CMM from the MPL must be decrypted with a CMM from the MPL.
+  For more information on using the required EC CMM, see `AWS Documentation <https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/configure.html#config-required-encryption-context-cmm>`_.
 
 Fixes
 -----------
@@ -425,6 +444,7 @@ Minor
 ===================
 * Initial public release
 
+.. _MPL: https://github.com/aws/aws-cryptographic-material-providers-library
 .. _breaking changes in attrs 17.1.0: https://attrs.readthedocs.io/en/stable/changelog.html
 .. _tox: https://tox.readthedocs.io/en/latest/
 .. _pylint: https://www.pylint.org/

README.rst

@@ -42,7 +42,7 @@ Required Prerequisites
 Recommended Prerequisites
 =========================
 
-* aws-cryptographic-material-providers: == 1.7.4
+* aws-cryptographic-material-providers: == 1.10.0
     * Requires Python 3.11+.
 
 Installation
@@ -246,7 +246,7 @@ sharing entries in that cache across threads needs to be done carefully
 
 **Important:** Components from the `AWS Cryptographic Material Providers Library (MPL)`_
 have separate thread safety considerations.
-For more information, see the note on thread safety in that project's README (TODO-MPL: link)
+For more information, see the note on thread safety in that project's `README <https://github.com/aws/aws-cryptographic-material-providers-library/blob/main/AwsCryptographicMaterialProviders/runtimes/python/README.rst#thread-safety>`_.
 
 
 .. _AWS Encryption SDK: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html

SUPPORT_POLICY.rst

@@ -30,6 +30,10 @@ This table describes the current support status of each major version of the AWS
       - 
       - 
     * - 3.x
+      - General Availability 
+      - Maintenance
+      - 2025-05-20
+    * - 4.x
       - General Availability 
       -
       -

codebuild/py310/decrypt_dafny_esdk_vectors.yml

@@ -28,25 +28,25 @@ phases:
         MOST_RECENT_RUN_ID=$(curl -H "Accept: application/vnd.github+json" \
           -H "Authorization: token ${GITHUB_TOKEN}" \
            -H "X-GitHub-Api-Version: 2022-11-28" \
-           "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \
+           "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \
            | jq 'first(.workflow_runs[] | select(.name=="Daily CI") | .id)')
       - |
         echo "DEBUG: Fetching artifact from run $MOST_RECENT_RUN_ID"
       - |
         MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \
           -H "Authorization: token $GITHUB_TOKEN" \
           -H "X-GitHub-Api-Version: 2022-11-28" \
-          "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \
+          "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_vector_artifact" \
           | jq '.artifacts[0].archive_download_url')
       - |
         echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL"
       - |
         curl -L -H "Accept: application/vnd.github+json" \
           -H "Authorization: token $GITHUB_TOKEN" \
           -H "X-GitHub-Api-Version: 2022-11-28" \
-          $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-latest_test_vector_artifact.zip
+          $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_vector_artifact.zip
       # This unzips to `net41.zip`.
-      - unzip ubuntu-latest_test_vector_artifact
+      - unzip ubuntu-22.04_vector_artifact
       # This unzips to `net41/`.
       - unzip net41.zip -d net41
   build:

codebuild/py310/decrypt_net_401_vectors.yml

@@ -21,7 +21,7 @@ phases:
     commands:
       # Fetch ESDK .NET v4.0.1 Test Vectors
       - VECTOR_ZIP=$CODEBUILD_SRC_DIR/v4-Net-4.0.1.zip
-      - VECTORS_URL=https://github.com/aws/aws-encryption-sdk-dafny/raw/mainline/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/v4-Net-4.0.1.zip
+      - VECTORS_URL=https://github.com/aws/aws-encryption-sdk/raw/mainline/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/v4-Net-4.0.1.zip
       - curl -s --output $VECTOR_ZIP --location $VECTORS_URL
       - UNZIPPED_VECTORS_DIR=$CODEBUILD_SRC_DIR/test_vector_handlers/net_401_vectors
       - unzip $VECTOR_ZIP -d $UNZIPPED_VECTORS_DIR

codebuild/py311/awses_local_mpl.yml

@@ -21,6 +21,8 @@ phases:
       python: 3.11
   build:
     commands:
+      # Build Python MPL TestVector runner from source      
+      - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh
       - pip install "tox < 4.0"
       - cd test_vector_handlers
       - tox

codebuild/py311/decrypt_dafny_esdk_vectors_keyrings.yml

@@ -22,31 +22,33 @@ phases:
       python: 3.11
   pre_build:
     commands:
+      # Build Python MPL TestVector runner from source      
+      - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh
       # Fetch test vectors from Dafny ESDK's most recent run
       # (Assuming the first result is most recent; seems to be correct...)
       - |
         MOST_RECENT_RUN_ID=$(curl -H "Accept: application/vnd.github+json" \
           -H "Authorization: token ${GITHUB_TOKEN}" \
            -H "X-GitHub-Api-Version: 2022-11-28" \
-           "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \
+           "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \
            | jq 'first(.workflow_runs[] | select(.name=="Daily CI") | .id)')
       - |
         echo "DEBUG: Fetching artifact from run $MOST_RECENT_RUN_ID"
       - |
         MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \
           -H "Authorization: token $GITHUB_TOKEN" \
           -H "X-GitHub-Api-Version: 2022-11-28" \
-          "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \
+          "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_vector_artifact" \
           | jq '.artifacts[0].archive_download_url')
       - |
         echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL"
       - |
         curl -L -H "Accept: application/vnd.github+json" \
           -H "Authorization: token $GITHUB_TOKEN" \
           -H "X-GitHub-Api-Version: 2022-11-28" \
-          $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-latest_test_vector_artifact.zip
+          $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_vector_artifact.zip
       # This unzips to `net41.zip`.
-      - unzip ubuntu-latest_test_vector_artifact
+      - unzip ubuntu-22.04_vector_artifact
       # This unzips to `net41/`.
       - unzip net41.zip -d net41
   build:

codebuild/py311/decrypt_dafny_esdk_vectors_masterkey.yml

@@ -28,25 +28,25 @@ phases:
         MOST_RECENT_RUN_ID=$(curl -H "Accept: application/vnd.github+json" \
           -H "Authorization: token ${GITHUB_TOKEN}" \
            -H "X-GitHub-Api-Version: 2022-11-28" \
-           "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \
+           "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \
            | jq 'first(.workflow_runs[] | select(.name=="Daily CI") | .id)')
       - |
         echo "DEBUG: Fetching artifact from run $MOST_RECENT_RUN_ID"
       - |
         MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \
           -H "Authorization: token $GITHUB_TOKEN" \
           -H "X-GitHub-Api-Version: 2022-11-28" \
-          "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \
+          "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_vector_artifact" \
           | jq '.artifacts[0].archive_download_url')
       - |
         echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL"
       - |
         curl -L -H "Accept: application/vnd.github+json" \
           -H "Authorization: token $GITHUB_TOKEN" \
           -H "X-GitHub-Api-Version: 2022-11-28" \
-          $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-latest_test_vector_artifact.zip
+          $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_vector_artifact.zip
       # This unzips to `net41.zip`.
-      - unzip ubuntu-latest_test_vector_artifact
+      - unzip ubuntu-22.04_vector_artifact
       # This unzips to `net41/`.
       - unzip net41.zip -d net41
   build:

codebuild/py311/decrypt_golden_manifest_with_keyrings.yml

@@ -18,6 +18,8 @@ phases:
       python: 3.11
   pre_build:
     commands:
+      # Build Python MPL TestVector runner from source      
+      - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh
       # Download "golden manifest"
       - curl -L -o python-2.3.0.zip https://github.com/awslabs/aws-encryption-sdk-test-vectors/raw/master/vectors/awses-decrypt/python-2.3.0.zip
       - unzip python-2.3.0.zip -d python-2.3.0

codebuild/py311/decrypt_golden_manifest_with_masterkey.yml

@@ -2,7 +2,7 @@ version: 0.2
 
 env:
   variables:
-    TOXENV: "py311-full_decrypt-mpl"
+    TOXENV: "py311-full_decrypt"
     AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >-
       arn:aws:kms:us-west-2:658956600833:key/b35311ef1-d8dc-4780-9f5a-55776cbb2f7f
     AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >-

codebuild/py311/decrypt_keyrings_with_keyrings.yml

@@ -18,6 +18,8 @@ phases:
       python: 3.11
   pre_build:
     commands:
+      # Build Python MPL TestVector runner from source      
+      - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh
       # Download previously generated vectors
       - aws s3 cp s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/311_keyrings.zip 311_keyrings.zip
       - unzip 311_keyrings.zip

codebuild/py311/decrypt_masterkey_with_keyrings.yml

@@ -18,6 +18,8 @@ phases:
       python: 3.11
   pre_build:
     commands:
+      # Build Python MPL TestVector runner from source      
+      - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh
       # Download previously generated vectors
       - aws s3 cp s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/311_masterkey.zip 311_masterkey.zip
       - unzip 311_masterkey.zip

codebuild/py311/decrypt_net_401_vectors_keyrings.yml

@@ -19,9 +19,11 @@ phases:
       python: 3.11
   pre_build:
     commands:
+      # Build Python MPL TestVector runner from source      
+      - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh
       # Fetch ESDK .NET v4.0.1 Test Vectors
       - VECTOR_ZIP=$CODEBUILD_SRC_DIR/v4-Net-4.0.1.zip
-      - VECTORS_URL=https://github.com/aws/aws-encryption-sdk-dafny/raw/mainline/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/v4-Net-4.0.1.zip
+      - VECTORS_URL=https://github.com/aws/aws-encryption-sdk/raw/mainline/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/v4-Net-4.0.1.zip
       - curl -s --output $VECTOR_ZIP --location $VECTORS_URL
       - UNZIPPED_VECTORS_DIR=$CODEBUILD_SRC_DIR/test_vector_handlers/net_401_vectors
       - unzip $VECTOR_ZIP -d $UNZIPPED_VECTORS_DIR

codebuild/py311/decrypt_net_401_vectors_masterkey.yml

@@ -31,7 +31,7 @@ phases:
 
       # Fetch ESDK .NET v4.0.1 Test Vectors
       - VECTOR_ZIP=$CODEBUILD_SRC_DIR/v4-Net-4.0.1.zip
-      - VECTORS_URL=https://github.com/aws/aws-encryption-sdk-dafny/raw/mainline/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/v4-Net-4.0.1.zip
+      - VECTORS_URL=https://github.com/aws/aws-encryption-sdk/raw/mainline/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/v4-Net-4.0.1.zip
       - curl -s --output $VECTOR_ZIP --location $VECTORS_URL
       - UNZIPPED_VECTORS_DIR=$CODEBUILD_SRC_DIR/test_vector_handlers/net_401_vectors
       - unzip $VECTOR_ZIP -d $UNZIPPED_VECTORS_DIR

codebuild/py311/encrypt_keyrings.yml

@@ -18,6 +18,8 @@ phases:
       python: 3.11
   build:
     commands:
+      # Build Python MPL TestVector runner from source      
+      - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh
       - pip install "tox < 4.0"
       - cd test_vector_handlers
       - |

codebuild/py311/generate_decrypt_vectors_keyrings.yml

@@ -18,6 +18,8 @@ phases:
       python: 3.11
   build:
     commands:
+      # Build Python MPL TestVector runner from source      
+      - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh
       - pip install "tox < 4.0"
       - cd test_vector_handlers
       - |

codebuild/py312/awses_local_mpl.yml

@@ -23,6 +23,8 @@ phases:
       python: 3.12
   build:
     commands:
+      # Build Python MPL TestVector runner from source      
+      - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh
       - cd /root/.pyenv/plugins/python-build/../.. && git pull && cd -
       - pyenv install --skip-existing 3.12.0
       - pyenv local 3.12.0

codebuild/py312/decrypt_dafny_esdk_vectors_keyrings.yml

@@ -22,31 +22,33 @@ phases:
       python: 3.12
   pre_build:
     commands:
+      # Build Python MPL TestVector runner from source      
+      - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh
       # Fetch test vectors from Dafny ESDK's most recent run
       # (Assuming the first result is most recent; seems to be correct...)
       - |
         MOST_RECENT_RUN_ID=$(curl -H "Accept: application/vnd.github+json" \
           -H "Authorization: token ${GITHUB_TOKEN}" \
            -H "X-GitHub-Api-Version: 2022-11-28" \
-           "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \
+           "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \
            | jq 'first(.workflow_runs[] | select(.name=="Daily CI") | .id)')
       - |
         echo "DEBUG: Fetching artifact from run $MOST_RECENT_RUN_ID"
       - |
         MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \
           -H "Authorization: token $GITHUB_TOKEN" \
           -H "X-GitHub-Api-Version: 2022-11-28" \
-          "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \
+          "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_vector_artifact" \
           | jq '.artifacts[0].archive_download_url')
       - |
         echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL"
       - |
         curl -L -H "Accept: application/vnd.github+json" \
           -H "Authorization: token $GITHUB_TOKEN" \
           -H "X-GitHub-Api-Version: 2022-11-28" \
-          $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-latest_test_vector_artifact.zip
+          $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_vector_artifact.zip
       # This unzips to `net41.zip`.
-      - unzip ubuntu-latest_test_vector_artifact
+      - unzip ubuntu-22.04_vector_artifact
       # This unzips to `net41/`.
       - unzip net41.zip -d net41
   build:

codebuild/py312/decrypt_dafny_esdk_vectors_masterkey.yml

@@ -28,25 +28,25 @@ phases:
         MOST_RECENT_RUN_ID=$(curl -H "Accept: application/vnd.github+json" \
           -H "Authorization: token ${GITHUB_TOKEN}" \
            -H "X-GitHub-Api-Version: 2022-11-28" \
-           "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \
+           "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \
            | jq 'first(.workflow_runs[] | select(.name=="Daily CI") | .id)')
       - |
         echo "DEBUG: Fetching artifact from run $MOST_RECENT_RUN_ID"
       - |
         MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \
           -H "Authorization: token $GITHUB_TOKEN" \
           -H "X-GitHub-Api-Version: 2022-11-28" \
-          "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \
+          "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_vector_artifact" \
           | jq '.artifacts[0].archive_download_url')
       - |
         echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL"
       - |
         curl -L -H "Accept: application/vnd.github+json" \
           -H "Authorization: token $GITHUB_TOKEN" \
           -H "X-GitHub-Api-Version: 2022-11-28" \
-          $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-latest_test_vector_artifact.zip
+          $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_vector_artifact.zip
       # This unzips to `net41.zip`.
-      - unzip ubuntu-latest_test_vector_artifact
+      - unzip ubuntu-22.04_vector_artifact
       # This unzips to `net41/`.
       - unzip net41.zip -d net41
   build:

codebuild/py312/decrypt_golden_manifest_with_keyrings.yml

@@ -18,6 +18,8 @@ phases:
       python: 3.12
   pre_build:
     commands:
+      # Build Python MPL TestVector runner from source      
+      - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh
       # Download "golden manifest"
       - curl -L -o python-2.3.0.zip https://github.com/awslabs/aws-encryption-sdk-test-vectors/raw/master/vectors/awses-decrypt/python-2.3.0.zip
       - unzip python-2.3.0.zip -d python-2.3.0

codebuild/py312/decrypt_golden_manifest_with_masterkey.yml

@@ -2,7 +2,7 @@ version: 0.2
 
 env:
   variables:
-    TOXENV: "py312-full_decrypt-mpl"
+    TOXENV: "py312-full_decrypt"
     AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >-
       arn:aws:kms:us-west-2:658956600833:key/b35311ef1-d8dc-4780-9f5a-55776cbb2f7f
     AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >-

codebuild/py312/decrypt_hkeyring_with_keyrings.yml

@@ -18,6 +18,8 @@ phases:
       python: 3.12
   pre_build:
     commands:
+      # Build Python MPL TestVector runner from source      
+      - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh
       # Download previously generated vectors
       # This manifest has coverage for both HKeyring and required encryption context CMM
       - aws s3 cp s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/312_hkeyring_reccmm_manifest.zip 312_hkeyring_reccmm_manifest.zip

codebuild/py312/decrypt_hkeyring_with_masterkey.yml

@@ -2,7 +2,7 @@ version: 0.2
 
 env:
   variables:
-    TOXENV: "py312-full_decrypt-mpl"
+    TOXENV: "py312-full_decrypt"
     AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >-
       arn:aws:kms:us-west-2:658956600833:key/b35311ef1-d8dc-4780-9f5a-55776cbb2f7f
     AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >-