From c6f8796d6d8e10e4affaa84942fedc4f4bcc1684 Mon Sep 17 00:00:00 2001
From: Max Esser <max@esser.codes>
Date: Sat, 12 Jul 2025 14:09:48 -0500
Subject: [PATCH 1/2] Update key_encryption.py

`kms_client.encrypt` returns type `bytes`. Updated method signatures for encrypt and decrypt. The "Plaintext" returned from `kms_client.decrypt` is also `bytes`, but it should be decoded to `str` to match the parameter type of the encrypt method.
---
 python/example_code/kms/key_encryption.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/python/example_code/kms/key_encryption.py b/python/example_code/kms/key_encryption.py
index d2faa2a40ec..bc85e96d136 100644
--- a/python/example_code/kms/key_encryption.py
+++ b/python/example_code/kms/key_encryption.py
@@ -35,7 +35,7 @@ def from_client(cls) -> "KeyEncrypt":
     # snippet-end:[python.example_code.kms.KeyEncrypt.decl]
 
     # snippet-start:[python.example_code.kms.Encrypt]
-    def encrypt(self, key_id: str, text: str) -> str:
+    def encrypt(self, key_id: str, text: str) -> bytes:
         """
         Encrypts text by using the specified key.
 
@@ -64,7 +64,7 @@ def encrypt(self, key_id: str, text: str) -> str:
     # snippet-end:[python.example_code.kms.Encrypt]
 
     # snippet-start:[python.example_code.kms.Decrypt]
-    def decrypt(self, key_id: str, cipher_text: str) -> bytes:
+    def decrypt(self, key_id: str, cipher_text: bytes) -> str:
         """
         Decrypts text previously encrypted with a key.
 
@@ -75,7 +75,7 @@ def decrypt(self, key_id: str, cipher_text: str) -> bytes:
         try:
             return self.kms_client.decrypt(KeyId=key_id, CiphertextBlob=cipher_text)[
                 "Plaintext"
-            ]
+            ].decode()
         except ClientError as err:
             logger.error(
                 "Couldn't decrypt your ciphertext. Here's why: %s",

From fed1c20fe121fd13b2821a495521ed16b442cbbd Mon Sep 17 00:00:00 2001
From: Max Esser <max@esser.codes>
Date: Sat, 26 Jul 2025 15:40:30 -0500
Subject: [PATCH 2/2] Update key_encryption.py

I removed the redundant call to decode() on line 201. The call to decode() should be inside the decrypt() function, making its signature the inverse of encrypt(). Since encode() is called from encrypt(), it makes sense that decode() would be called in decrypt().
---
 python/example_code/kms/key_encryption.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/python/example_code/kms/key_encryption.py b/python/example_code/kms/key_encryption.py
index bc85e96d136..ed036458b72 100644
--- a/python/example_code/kms/key_encryption.py
+++ b/python/example_code/kms/key_encryption.py
@@ -198,7 +198,7 @@ def key_encryption(kms_client):
         answer = input("Ready to decrypt your ciphertext (y/n)? ")
         if answer.lower() == "y":
             decrypted_text = key_encrypt.decrypt(key_id, cipher_text)
-            print(f"Your plaintext is {decrypted_text.decode()}")
+            print(f"Your plaintext is {decrypted_text}")
             print("-" * 88)
             key_encrypt.re_encrypt(key_id, cipher_text)
         else: