Skip to main content

Keyring-backed multi-recipient encryption provider for Swarmauri

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_mre_crypto_keyring


Swarmauri MRE Crypto Keyring

Multi-recipient encryption provider using external keyrings/HSMs.

Features

  • Uses asynchronous keyring clients that implement id, wrap_cek, and unwrap_cek to delegate CEK storage and policy enforcement to external systems.
  • Encrypts payloads with AES-256-GCM by default and automatically enables XChaCha20-Poly1305 when the cryptography dependency exposes the implementation.
  • Accepts additional authenticated data (AAD) during encryption and enforces a configurable quorum (opts['quorum_k']) before releasing the payload.
  • Supports rewrap operations to add or revoke keyrings and can rotate the payload CEK when deauthorizing recipients.
  • Requires the cryptography package at runtime, which is installed alongside this provider.

Installation

Install the package with your preferred Python packaging tool:

pip install swarmauri_mre_crypto_keyring
poetry add swarmauri_mre_crypto_keyring
uv pip install swarmauri_mre_crypto_keyring

Usage

KeyringMreCrypto delegates CEK (content-encryption key) management to user-provided keyring clients. Each client must implement id, wrap_cek, and unwrap_cek. Key references supplied to the provider should use the shape {"kind": "keyring_client", "client": <client>, "context": {...}}, where context is an optional mapping of str to bytes shared with the client during wrapping and unwrapping. The example below registers an in-memory keyring and uses it to encrypt and decrypt a payload while the default quorum of 1 is satisfied.

import asyncio
import secrets
from swarmauri_mre_crypto_keyring import KeyringMreCrypto


class MemoryKeyring:
    def __init__(self):
        self._store = {}

    def id(self) -> str:
        return "memory"

    async def wrap_cek(self, cek: bytes, *, context):
        token = secrets.token_bytes(8)
        self._store[token] = cek
        return token

    async def unwrap_cek(self, header: bytes, *, context):
        return self._store[header]


async def main():
    keyring = MemoryKeyring()
    keyref = {"kind": "keyring_client", "client": keyring}
    crypto = KeyringMreCrypto()
    env = await crypto.encrypt_for_many([keyref], b"sensitive data")
    recovered = await crypto.open_for(keyref, env)
    assert recovered == b"sensitive data"


asyncio.run(main())

The snippet encrypts b"sensitive data" for the memory keyring and recovers the original plaintext using the same keyring client.

Want to help?

If you want to contribute to swarmauri-sdk, read up on our guidelines for contributing that will help you get started.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_mre_crypto_keyring-0.3.0.dev46.tar.gz (10.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

File details

Details for the file swarmauri_mre_crypto_keyring-0.3.0.dev46.tar.gz.

File metadata

  • Download URL: swarmauri_mre_crypto_keyring-0.3.0.dev46.tar.gz
  • Upload date:
  • Size: 10.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.12 {"installer":{"name":"uv","version":"0.10.12","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_mre_crypto_keyring-0.3.0.dev46.tar.gz
Algorithm Hash digest
SHA256 b61aa1501935875d99b510783fce746547441bc2503d320f0482a10854ea9403
MD5 6b5adde75a26bcf53469f60b5e572541
BLAKE2b-256 8ad4d4b4ffb8607dd3ff6818ebcca05d9558feedd0c483e58fbc305e223854a5

See more details on using hashes here.

File details

Details for the file swarmauri_mre_crypto_keyring-0.3.0.dev46-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_mre_crypto_keyring-0.3.0.dev46-py3-none-any.whl
  • Upload date:
  • Size: 11.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.12 {"installer":{"name":"uv","version":"0.10.12","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_mre_crypto_keyring-0.3.0.dev46-py3-none-any.whl
Algorithm Hash digest
SHA256 78c7a40c7f43efa7f5ffec41c5069726de6dfd8a4a52a9d4df5a61c28441aa8d
MD5 dd21bbdc1e5e7ab9dda5fb234245dc36
BLAKE2b-256 6d4abec1f86ea80d8f8e2462bba03de8c34af614e13cc7ac6fd3e40728b07530

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page