encryption primitives for use with aws
Project description
murmuration
encryption primitives for use with aws kms
aes + galois counter mode encryption
from murmuration import gcm key = 'this is my secret encryption key' plaintext = 'the quick brown fox jumps over the lazy dog' ciphertext = gcm.encrypt(plaintext, key, 'header') decrypted = gcm.decrypt(ciphertext, key) assert decrypted == plaintext
encryption using kms (for use with aws)
You can also use kms as an encryption / decryption service. This does
incur kms costs and require kms setup. The region
and profile
parameters
do not have to be specified. If they are not specified, the values will
be inferred in the order specified by boto3:
- Passing credentials as parameters in the
boto.client()
method- Passing credentials as parameters when creating a
Session
object- Environment variables
- Shared credential file (
~/.aws/credentials
)- AWS config file (
~/.aws/config
)- Assume Role provider
- Boto2 config file (
/etc/boto.cfg
and~/.boto
)- Instance metadata service on an Amazon EC2 instance that has an IAM role configured.
from murmuration import kms plaintext = 'the quick brown fox jumps over the lazy dog' key_alias = 'my kms key alias' ciphertext = kms.encrypt(plaintext, key_alias, region='us-west-1', profile='company') decrypted = kms.decrypt(ciphertext, region='us-west-1', profile='company') assert decrypted == plaintext
wrapped encryption using kms (for use with aws)
You can also use wrapped kms data keys for encryption to protect the underlying
kms key. Using this does functionality will incur kms costs and require kms
setup. The region
and profile
parameters do not have to be specified.
If they are not specified, the values will
be inferred in the order specified by boto3:
- Passing credentials as parameters in the
boto.client()
method- Passing credentials as parameters when creating a
Session
object- Environment variables
- Shared credential file (
~/.aws/credentials
)- AWS config file (
~/.aws/config
)- Assume Role provider
- Boto2 config file (
/etc/boto.cfg
and~/.boto
)- Instance metadata service on an Amazon EC2 instance that has an IAM role configured.
from murmuration import kms_wrapped plaintext = 'the quick brown fox jumps over the lazy dog' key_alias = 'my kms key alias' ciphertext = kms_wrapped.encrypt(plaintext, key_alias, region='us-west-1', profile='company') decrypted = kms_wrapped.decrypt(ciphertext, region='us-west-1', profile='company') assert decrypted == plaintext
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Filename, size | File type | Python version | Upload date | Hashes |
---|---|---|---|---|
Filename, size murmuration-0.7-py2.py3-none-any.whl (7.2 kB) | File type Wheel | Python version py2.py3 | Upload date | Hashes View |
Filename, size murmuration-0.7.tar.gz (5.7 kB) | File type Source | Python version None | Upload date | Hashes View |
Hashes for murmuration-0.7-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9bf1c1f26519831280e46712e0b19a3be889ae96a70b4201fae90350416165f5 |
|
MD5 | 2c138a17c4fd3af3af34af5c463171ef |
|
BLAKE2-256 | 42fc207e6ec49638d8bbdc4ece2f9f34eccd0b6767c0a9bab36fbc9cd775d215 |