Skip to main content

Keyring-backed multi-recipient encryption provider for Swarmauri

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_mre_crypto_keyring


Swarmauri MRE Crypto Keyring

Multi-recipient encryption provider using external keyrings/HSMs.

Features

  • Uses asynchronous keyring clients that implement id, wrap_cek, and unwrap_cek to delegate CEK storage and policy enforcement to external systems.
  • Encrypts payloads with AES-256-GCM by default and automatically enables XChaCha20-Poly1305 when the cryptography dependency exposes the implementation.
  • Accepts additional authenticated data (AAD) during encryption and enforces a configurable quorum (opts['quorum_k']) before releasing the payload.
  • Supports rewrap operations to add or revoke keyrings and can rotate the payload CEK when deauthorizing recipients.
  • Requires the cryptography package at runtime, which is installed alongside this provider.

Installation

Install the package with your preferred Python packaging tool:

pip install swarmauri_mre_crypto_keyring
poetry add swarmauri_mre_crypto_keyring
uv pip install swarmauri_mre_crypto_keyring

Usage

KeyringMreCrypto delegates CEK (content-encryption key) management to user-provided keyring clients. Each client must implement id, wrap_cek, and unwrap_cek. Key references supplied to the provider should use the shape {"kind": "keyring_client", "client": <client>, "context": {...}}, where context is an optional mapping of str to bytes shared with the client during wrapping and unwrapping. The example below registers an in-memory keyring and uses it to encrypt and decrypt a payload while the default quorum of 1 is satisfied.

import asyncio
import secrets
from swarmauri_mre_crypto_keyring import KeyringMreCrypto


class MemoryKeyring:
    def __init__(self):
        self._store = {}

    def id(self) -> str:
        return "memory"

    async def wrap_cek(self, cek: bytes, *, context):
        token = secrets.token_bytes(8)
        self._store[token] = cek
        return token

    async def unwrap_cek(self, header: bytes, *, context):
        return self._store[header]


async def main():
    keyring = MemoryKeyring()
    keyref = {"kind": "keyring_client", "client": keyring}
    crypto = KeyringMreCrypto()
    env = await crypto.encrypt_for_many([keyref], b"sensitive data")
    recovered = await crypto.open_for(keyref, env)
    assert recovered == b"sensitive data"


asyncio.run(main())

The snippet encrypts b"sensitive data" for the memory keyring and recovers the original plaintext using the same keyring client.

Want to help?

If you want to contribute to swarmauri-sdk, read up on our guidelines for contributing that will help you get started.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_mre_crypto_keyring-0.3.0.dev31.tar.gz (10.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

File details

Details for the file swarmauri_mre_crypto_keyring-0.3.0.dev31.tar.gz.

File metadata

  • Download URL: swarmauri_mre_crypto_keyring-0.3.0.dev31.tar.gz
  • Upload date:
  • Size: 10.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.3 {"installer":{"name":"uv","version":"0.10.3","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_mre_crypto_keyring-0.3.0.dev31.tar.gz
Algorithm Hash digest
SHA256 909a7d42fb094c34c503e4d4724f3ce1309441f19580758bb7f33e8e9026b892
MD5 993ecedd7fcead28fc38e8d0a6083211
BLAKE2b-256 b6397c74d2a2071285b63ea8b86dfce7bbfb0b2a32b4ebcaa40ca178d0ab4051

See more details on using hashes here.

File details

Details for the file swarmauri_mre_crypto_keyring-0.3.0.dev31-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_mre_crypto_keyring-0.3.0.dev31-py3-none-any.whl
  • Upload date:
  • Size: 11.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.3 {"installer":{"name":"uv","version":"0.10.3","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_mre_crypto_keyring-0.3.0.dev31-py3-none-any.whl
Algorithm Hash digest
SHA256 fc6cafe3fc39cc54cfd85d520e8154451e55ac5c62e7878324fad7fb6c2ee7e4
MD5 ad1020587ea5b61928cdcf0326cc1801
BLAKE2b-256 774e2b2316342815d3357a668b8462994c53856d23352da4fffb956f2445fdce

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page