encryption primitives for use with aws

Project description

murmuration

Build Status encryption primitives for use with aws kms

aes + galois counter mode encryption

from murmuration import gcm
key = 'this is my secret encryption key'
plaintext = 'the quick brown fox jumps over the lazy dog'
ciphertext = gcm.encrypt(plaintext, key, 'header')
decrypted = gcm.decrypt(ciphertext, key)
assert decrypted == plaintext

encryption using kms (for use with aws)

You can also use kms as an encryption / decryption service. This does incur kms costs and require kms setup. The region and profile parameters do not have to be specified. If they are not specified, the values will be inferred in the order specified by boto3:

Passing credentials as parameters in the boto.client() method

Passing credentials as parameters when creating a Session object

Environment variables

Shared credential file (~/.aws/credentials)

AWS config file (~/.aws/config)

Assume Role provider

Boto2 config file (/etc/boto.cfg and ~/.boto)

Instance metadata service on an Amazon EC2 instance that has an IAM role configured.

from murmuration import kms
plaintext = 'the quick brown fox jumps over the lazy dog'
key_alias = 'my kms key alias'
ciphertext = kms.encrypt(plaintext, key_alias, region='us-west-1', profile='company')
decrypted = kms.decrypt(ciphertext, region='us-west-1', profile='company')
assert decrypted == plaintext

wrapped encryption using kms (for use with aws)

You can also use wrapped kms data keys for encryption to protect the underlying kms key. Using this does functionality will incur kms costs and require kms setup. The region and profile parameters do not have to be specified.
If they are not specified, the values will be inferred in the order specified by boto3:

Passing credentials as parameters in the boto.client() method

Passing credentials as parameters when creating a Session object

Environment variables

Shared credential file (~/.aws/credentials)

AWS config file (~/.aws/config)

Assume Role provider

Boto2 config file (/etc/boto.cfg and ~/.boto)

Instance metadata service on an Amazon EC2 instance that has an IAM role configured.

from murmuration import kms_wrapped
plaintext = 'the quick brown fox jumps over the lazy dog'
key_alias = 'my kms key alias'
ciphertext = kms_wrapped.encrypt(plaintext, key_alias, region='us-west-1', profile='company')
decrypted = kms_wrapped.decrypt(ciphertext, region='us-west-1', profile='company')
assert decrypted == plaintext

Project details

Release history Release notifications

This version

0.6

Jun 23, 2019

0.5

Feb 14, 2019

0.4

Feb 14, 2019

0.3

Feb 14, 2019

0.2

Feb 10, 2019

0.1

Feb 10, 2019

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for murmuration, version 0.6
Filename, size	File type	Python version	Upload date	Hashes
Filename, size murmuration-0.6-py2.py3-none-any.whl (7.1 kB)	File type Wheel	Python version py2.py3	Upload date Jun 23, 2019	Hashes View hashes
Filename, size murmuration-0.6.tar.gz (5.6 kB)	File type Source	Python version None	Upload date Jun 23, 2019	Hashes View hashes

Hashes for murmuration-0.6-py2.py3-none-any.whl

Hashes for murmuration-0.6-py2.py3-none-any.whl
Algorithm	Hash digest
SHA256	`01b5e03b8e5425f974dc156127abe884b9f7e02e5af4fb8f5467f13c32b11067`
MD5	`8cbc651b758d218a51483ab703abb5e8`
BLAKE2-256	`0cb26d5dca836df9e8a45c7a101211c43074fa732c1fa7101fae009ff63f0ac2`

Hashes for murmuration-0.6.tar.gz

Hashes for murmuration-0.6.tar.gz
Algorithm	Hash digest
SHA256	`dc1b8d4a0b72d69b20b2ba92dd6998dacdb2f80b5f37b2631eff9c414a4fdeb6`
MD5	`aad95ca2972cdc23dd0b9c0662e6d75f`
BLAKE2-256	`6130cb94dcbc0ed0b5cffcc4fd5320ed37a230c9792a646d846b3ce32d72c43f`