Skip to main content

Keyring-backed multi-recipient encryption provider for Swarmauri

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_mre_crypto_keyring


Swarmauri MRE Crypto Keyring

Multi-recipient encryption provider using external keyrings/HSMs.

Features

  • Uses asynchronous keyring clients that implement id, wrap_cek, and unwrap_cek to delegate CEK storage and policy enforcement to external systems.
  • Encrypts payloads with AES-256-GCM by default and automatically enables XChaCha20-Poly1305 when the cryptography dependency exposes the implementation.
  • Accepts additional authenticated data (AAD) during encryption and enforces a configurable quorum (opts['quorum_k']) before releasing the payload.
  • Supports rewrap operations to add or revoke keyrings and can rotate the payload CEK when deauthorizing recipients.
  • Requires the cryptography package at runtime, which is installed alongside this provider.

Installation

Install the package with your preferred Python packaging tool:

pip install swarmauri_mre_crypto_keyring
poetry add swarmauri_mre_crypto_keyring
uv pip install swarmauri_mre_crypto_keyring

Usage

KeyringMreCrypto delegates CEK (content-encryption key) management to user-provided keyring clients. Each client must implement id, wrap_cek, and unwrap_cek. Key references supplied to the provider should use the shape {"kind": "keyring_client", "client": <client>, "context": {...}}, where context is an optional mapping of str to bytes shared with the client during wrapping and unwrapping. The example below registers an in-memory keyring and uses it to encrypt and decrypt a payload while the default quorum of 1 is satisfied.

import asyncio
import secrets
from swarmauri_mre_crypto_keyring import KeyringMreCrypto


class MemoryKeyring:
    def __init__(self):
        self._store = {}

    def id(self) -> str:
        return "memory"

    async def wrap_cek(self, cek: bytes, *, context):
        token = secrets.token_bytes(8)
        self._store[token] = cek
        return token

    async def unwrap_cek(self, header: bytes, *, context):
        return self._store[header]


async def main():
    keyring = MemoryKeyring()
    keyref = {"kind": "keyring_client", "client": keyring}
    crypto = KeyringMreCrypto()
    env = await crypto.encrypt_for_many([keyref], b"sensitive data")
    recovered = await crypto.open_for(keyref, env)
    assert recovered == b"sensitive data"


asyncio.run(main())

The snippet encrypts b"sensitive data" for the memory keyring and recovers the original plaintext using the same keyring client.

Want to help?

If you want to contribute to swarmauri-sdk, read up on our guidelines for contributing that will help you get started.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_mre_crypto_keyring-0.3.0.dev36.tar.gz (10.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

File details

Details for the file swarmauri_mre_crypto_keyring-0.3.0.dev36.tar.gz.

File metadata

  • Download URL: swarmauri_mre_crypto_keyring-0.3.0.dev36.tar.gz
  • Upload date:
  • Size: 10.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.4 {"installer":{"name":"uv","version":"0.10.4","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_mre_crypto_keyring-0.3.0.dev36.tar.gz
Algorithm Hash digest
SHA256 267fea5ccfb105aee3f29ada050354e51ebed97838e63c2b9d9f9e621a319d8c
MD5 2ff32d56c653945823794d20970d0a23
BLAKE2b-256 ffb314aedb6f0dab4f9cb572d52b71d189ca4b2dc3d13559ad3d680386ebd84f

See more details on using hashes here.

File details

Details for the file swarmauri_mre_crypto_keyring-0.3.0.dev36-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_mre_crypto_keyring-0.3.0.dev36-py3-none-any.whl
  • Upload date:
  • Size: 11.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.4 {"installer":{"name":"uv","version":"0.10.4","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_mre_crypto_keyring-0.3.0.dev36-py3-none-any.whl
Algorithm Hash digest
SHA256 40ad1873b46b5993f078f14e40207ab5ce184d26f37853317154f848d90c3173
MD5 72112174c10081c385961357dbca7d6e
BLAKE2b-256 61ae6b0f35bd87689835b8382352da712395a88b612a2bf149c6596400742559

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page