encryption primitives for use with aws
Project description
# murmuration  encryption primitives for use with aws kms
## aes + galois counter mode encryption
`python from murmuration import gcm key = 'this is my secret encryptuion key' plaintext = 'the quick brown fox jumps over the lazy dog' ciphertext = gcm.encrypt(plaintext, key, 'header') decrypted = gcm.decrypt(ciphertext, key) assert decrypted == plaintext `
## encryption using kms (for use with aws)
You can also use kms as an encryption / decryption service. This does incur kms costs and require kms setup. The region and profile parameters do not have to be specified. If they are not specified, the values will be inferred [in the order specified by boto3](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html#configuring-credentials):
> 1. Passing credentials as parameters in the boto.client() method > 2. Passing credentials as parameters when creating a Session object > 3. Environment variables > 4. Shared credential file (~/.aws/credentials) > 5. AWS config file (~/.aws/config) > 6. Assume Role provider > 7. Boto2 config file (/etc/boto.cfg and ~/.boto) > 8. Instance metadata service on an Amazon EC2 instance > that has an IAM role configured.
`python from murmuration import kms plaintext = 'the quick brown fox jumps over the lazy dog' key_alias = 'my kms key alias' ciphertext = kms.encrypt(plaintext, key_alias, region='us-west-1', profile='company') decrypted = kms.decrypt(ciphertext, region='us-west-1', profile='company') assert decrypted == plaintext `
## wrapped encryption using kms (for use with aws)
You can also use wrapped kms data keys for encryption to protect the underlying kms key. Using this does functionality will incur kms costs and require kms setup. The region and profile parameters do not have to be specified. If they are not specified, the values will be inferred [in the order specified by boto3](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html#configuring-credentials):
> 1. Passing credentials as parameters in the boto.client() method > 2. Passing credentials as parameters when creating a Session object > 3. Environment variables > 4. Shared credential file (~/.aws/credentials) > 5. AWS config file (~/.aws/config) > 6. Assume Role provider > 7. Boto2 config file (/etc/boto.cfg and ~/.boto) > 8. Instance metadata service on an Amazon EC2 instance > that has an IAM role configured.
`python from murmuration import kms_wrapped plaintext = 'the quick brown fox jumps over the lazy dog' key_alias = 'my kms key alias' ciphertext = kms_wrapped.encrypt(plaintext, key_alias, region='us-west-1', profile='company') decrypted = kms_wrapped.decrypt(ciphertext, region='us-west-1', profile='company') assert decrypted == plaintext `
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for murmuration-0.1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | fa1604b3859842229a6fab911e2133f52e6831657bd793aa61a357355ddfeca2 |
|
| MD5 | b9c02af51cb0ff531031d2875df4ffee |
|
| BLAKE2b-256 | 97a173a4177e88acef011aa99dbf44d98d8ed5d883818a5ee5053264cace132a |
