Skip to main content

Vault data encryption classes (python)

Project description

aiSSEMBLE™ Extensions Data Encryption Vault Python

PyPI PyPI - Python Version PyPI - Wheel

This module provides a package for encrypting Python based pipeline data. There are multiple encryption algorithms available. Each with their own strengths and weaknesses as outlined below.

Strategy Description
VaultRemoteEncryptionStrategy Leverages the Hashicorp Vault secrets as a service capabilities. This is a highly recommended strategy given it follows best practices and has the advantage of a large developer base working to secure the service.
VaultLocalEncryptionStrategy Leverages the Vault service to provide encryption keys (key rotation and secure storage) but allows for local encryption. This is a good option if you have to encrypt large data objects. It can also provide a performance boost over remote Vault encryption given there is no need for a roundtrip to the server for each data element.
AesCbcEncryptionStrategy A good basic 128 bit encryption strategy. To use this you only need to supply a single encryption key in the encrypt.properties file (128 bit or 16 character). This algorithm works well, but is less efficient than the AES GCM algorithm.
AesGcm96EncryptionStrategy This is a good strategy for most encryption needs. It is efficient and strong against most attacks. You can optionally use an encryption key retrieved from the Vault service with this strategy.

The following example illustrates how to perform encryption.

  1. Example usage

    • Add the following to your code

    VaultRemoteEncryptionStrategy

    # Uses remote Vault encryption
    from aissemble_encrypt.vault_remote_encryption_strategy import VaultRemoteEncryptionStrategy
    
    vault_remote = VaultRemoteEncryptionStrategy()
    
    # encrypt plain text data using Vault
    encrypted_value = vault_remote.encrypt('SOME PLAIN TEXT')
    
    # decrypt cipher text data using Vault
    decrypted_value = vault_remote.decrypt(encrypted_value)
    

    NOTE: If you are encrypting your data through a User Defined Function (udf) in PySpark you need to use the VaultLocalEncryptionStrategy (see below). Currently the remote version causes threading issues. This issue will likely be resolved in a future update to the Hashicorp Vault client

    VaultLocalEncryptionStrategy

    # Uses an encryption key retrieved from the Vault server, but performs the encryption locally.
    from aissemble_encrypt.vault_local_encryption_strategy import VaultLocalEncryptionStrategy
    
    vault_local = VaultLocalEncryptionStrategy()
    
    # encrypt plain text data using local Vault
    encrypted_value = vault_local.encrypt('SOME PLAIN TEXT')
    
    # decrypt cipher text data using local Vault
    decrypted_value = vault_local.decrypt(encrypted_value)
    

    AesCbcEncryptionStrategy

    # Uses the AES CBC encryption
    from aissemble_encrypt.aes_cbc_encryption_strategy import AesCbcEncryptionStrategy
    
    aes_cbc = AesCbcEncryptionStrategy()
    
    # encrypt plain text data using AES CBC
    encrypted_value = aes_cbc.encrypt('SOME PLAIN TEXT')
    
    # decrypt cipher text data using AES CBC
    decrypted_value = aes_cbc.decrypt(encrypted_value)
    

    AesGcm96EncryptionStrategy

    # AES GCM encryption with a 96 bit initialization vector (same algorithm as Vault)
    from aissemble_encrypt.aes_gcm_96_encryption_strategy import AesGcm96EncryptionStrategy
    
    aes_gcm_96 = AesGcm96EncryptionStrategy()
    
    # encrypt plain text data using AES GCM
    encrypted_value = aes_gcm_96.encrypt('SOME PLAIN TEXT')
    
    # decrypt cipher text data using AES CBC
    decrypted_value = aes_gcm_96.decrypt(encrypted_value)
    

AISSEMBLE Data Encryption

This package includes one security client for calling the "Secrets as a Service" encryption service.

Vault encryption

See the extensions-encryption README for more information on how to configure Vault encryption.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Built Distribution

File details

Details for the file aissemble_extensions_encryption_vault_python-1.10.0rc2.tar.gz.

File metadata

File hashes

Hashes for aissemble_extensions_encryption_vault_python-1.10.0rc2.tar.gz
Algorithm Hash digest
SHA256 88d8a4370b35a916cec8386fc0e8469f404556291e478fb16af2692cd00d6145
MD5 cb95023df46e16ad5fa277b7d5a0906e
BLAKE2b-256 abba66e48431671dc7e6a3529fc27d8c841989cd2786f5588a12cff031d01911

See more details on using hashes here.

File details

Details for the file aissemble_extensions_encryption_vault_python-1.10.0rc2-py3-none-any.whl.

File metadata

File hashes

Hashes for aissemble_extensions_encryption_vault_python-1.10.0rc2-py3-none-any.whl
Algorithm Hash digest
SHA256 c10bc21471a986c0840770f450b0785c9b71257d0ccc43e8cae3eebaf1715b9b
MD5 41050fb59df22d9fe0dd6ebd1c3e7d7d
BLAKE2b-256 702bc37380fe292b586d17ccd6b5e1daec47c67e8064789279e7e22d91609219

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page