Summary
The memory schema supports a CMK (encryptionKeyArn) and the CLI already wires it through add harness --memory-encryption-key-arn and import memory — but the standalone add memory command has no flag, creating a parity gap.
Evidence
- AWS:
CreateMemory.encryptionKeyArn.
- CLI: schema field at
src/schema/schemas/agentcore-project.ts:278; wired via HarnessPrimitive.ts:667 and import-memory.ts:81, but no flag in MemoryPrimitive.tsx.
Proposal
Add an optional --kms-key-arn <arn> flag (no default) to add memory, mapping to the existing encryptionKeyArn schema field. Use --kms-key-arn (not the harness-scoped --memory-encryption-key-arn) to match add dataset/add evaluator/add policy-engine.
Summary
The memory schema supports a CMK (
encryptionKeyArn) and the CLI already wires it throughadd harness --memory-encryption-key-arnandimport memory— but the standaloneadd memorycommand has no flag, creating a parity gap.Evidence
CreateMemory.encryptionKeyArn.src/schema/schemas/agentcore-project.ts:278; wired viaHarnessPrimitive.ts:667andimport-memory.ts:81, but no flag inMemoryPrimitive.tsx.Proposal
Add an optional
--kms-key-arn <arn>flag (no default) toadd memory, mapping to the existingencryptionKeyArnschema field. Use--kms-key-arn(not the harness-scoped--memory-encryption-key-arn) to matchadd dataset/add evaluator/add policy-engine.