risclog.cryptography 1.3

The CryptographyManager is a tool designed to securely encrypt and decrypt messages and data. It uses modern encryption techniques to protect confidential information.

risclog.cryptography

The CryptographyManager is a tool designed to securely encrypt and decrypt messages and data. It uses modern encryption techniques to protect confidential information.

• Free software: MIT license

• Documentation: https://pypi.org/project/risclog.cryptography.

Requirements

To use the CryptographyManager, ensure you have the following:

• Python 3.9 or later

• The cryptography library, which can be installed using pip install cryptography.

Installation

Download the code for the CryptographyManager into your Python environment or add it directly to your Python project. Make sure that all dependencies are installed.

Example for installing the cryptography library:

$ pip install risclog.cryptography

Usage

Initialization

To use the CryptographyManager, you will need a password and a “salt” (a random string to enhance security).

from risclog.cryptography import CryptographyManager

password = "my_secure_password"
salt = "my_secure_salt"

# Initialize the CryptographyManager
crypto_manager = CryptographyManager(password=password, salt=salt)

Encryption

To encrypt a message, use the encrypt method. This is particularly useful for protecting sensitive data like passwords or personal information.

1. Input the text you want to encrypt.

2. Call the encrypt method.

message = "This is a secret message"
encrypted_message = crypto_manager.encrypt(message)

print(f"Encrypted message: {encrypted_message}")

Decryption

To decrypt an encrypted message, use the decrypt method:

1. Call the decrypt method with the encrypted message.

2. The original message will be restored.

decrypted_message = crypto_manager.decrypt(encrypted_message)

print(f"Decrypted message: {decrypted_message}")

Airflow-Fernet Compatibility

For values that must be encrypted with Airflow’s native Fernet key from AIRFLOW__CORE__FERNET_KEY, use AirflowFernetCryptographyManager. This API does not use password/salt derivation and produces native gAAAA... tokens.

from risclog.cryptography import AirflowFernetCryptographyManager

crypto = AirflowFernetCryptographyManager.from_env()
token = crypto.encrypt("secret")
plain = crypto.decrypt(token)

Troubleshooting

Wrong password or salt: If you try to decrypt a message with a different password or salt than what was used for encryption, you will get an error. Make sure to use the same password and salt.

Invalid messages: Encryption requires valid strings or bytes. Ensure the text is correctly formatted.

Event-loop issues (with async): If you’re using the encryption in an asynchronous environment (e.g., web applications), the manager will automatically detect if an event loop is running and adjust accordingly.

Security Tips

Password security: Choose a strong and secure password. A weak password can compromise the security of the encryption.

Use salt: Whenever possible, use a salt to make brute-force attacks more difficult. The salt should be unique for each user or message.

Key storage: Safeguard the password and salt securely. If they are lost, encrypted data cannot be recovered.

Tests

Run tests:

$ ./pytest

Credits

This package was created with Cookiecutter and the risclog-solution/risclog-cookiecutter-pypackage project template.

This package uses AppEnv for running tests inside this package.

Change log for risclog.cryptography

1.3 (2026-05-08)

• Added AirflowFernetCryptographyManager for native Airflow-Fernet compatible gAAAA... tokens using AIRFLOW__CORE__FERNET_KEY.

• Kept the existing CryptographyManager password/salt API unchanged.

1.2 (2026-01-19)

• Fixed type annotations for encrypt() and decrypt() methods to accurately reflect dual-mode behavior: return `Coroutine` when called from within a running event loop, or direct result when called outside an event loop

• Added comprehensive docstrings to encrypt() and decrypt() public methods explaining the dual-mode behavior and coroutine requirements

• Removed unnecessary # type: ignore comments from encrypt() and decrypt() methods

1.1 (2024-09-13)

• added default salt. Can be used with a single instance

1.0 (2024-09-11)

• initial release