# Python data encryption
This module provides a package for encrypting Python based pipeline data. There are multiple encryption algorithms
available. Each with their own strengths and weaknesses as outlined below.
| Strategy | Description |
|-------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| VaultRemoteEncryptionStrategy | Leverages the Hashicorp Vault secrets as a service capabilities. This is a highly recommended strategy given it follows best practices and has the advantage of a large developer base working to secure the service. |
| VaultLocalEncryptionStrategy | Leverages the Vault service to provide encryption keys (key rotation and secure storage) but allows for local encryption. This is a good option if you have to encrypt large data objects. It can also provide a performance boost over remote Vault encryption given there is no need for a roundtrip to the server for each data element. |
| AesCbcEncryptionStrategy | A good basic 128 bit encryption strategy. To use this you only need to supply a single encryption key in the encrypt.properties file (128 bit or 16 character). This algorithm works well, but is less efficient than the AES GCM algorithm. |
| AesGcm96EncryptionStrategy | This is a good strategy for most encryption needs. It is efficient and strong against most attacks. You can optionally use an encryption key retrieved from the Vault service with this strategy. |
The following example illustrates how to perform encryption.
1. Example usage
- Add the following to your code
#### VaultRemoteEncryptionStrategy
```
# Uses remote Vault encryption
from aiops_encrypt.vault_remote_encryption_strategy import VaultRemoteEncryptionStrategy
vault_remote = VaultRemoteEncryptionStrategy()
# encrypt plain text data using Vault
encrypted_value = vault_remote.encrypt('SOME PLAIN TEXT')
# decrypt cipher text data using Vault
decrypted_value = vault_remote.decrypt(encrypted_value)
```
_NOTE: If you are encrypting your data through a User Defined Function (udf) in PySpark you need to use
the VaultLocalEncryptionStrategy (see below). Currently the remote version causes threading issues. This issue will
likely be resolved in a future update to the Hashicorp Vault client_
#### VaultLocalEncryptionStrategy
```
# Uses an encryption key retrieved from the Vault server, but performs the encryption locally.
from aiops_encrypt.vault_local_encryption_strategy import VaultLocalEncryptionStrategy
vault_local = VaultLocalEncryptionStrategy()
# encrypt plain text data using local Vault
encrypted_value = vault_local.encrypt('SOME PLAIN TEXT')
# decrypt cipher text data using local Vault
decrypted_value = vault_local.decrypt(encrypted_value)
```
#### AesCbcEncryptionStrategy
```
# Uses the AES CBC encryption
from aiops_encrypt.aes_cbc_encryption_strategy import AesCbcEncryptionStrategy
aes_cbc = AesCbcEncryptionStrategy()
# encrypt plain text data using AES CBC
encrypted_value = aes_cbc.encrypt('SOME PLAIN TEXT')
# decrypt cipher text data using AES CBC
decrypted_value = aes_cbc.decrypt(encrypted_value)
```
#### AesGcm96EncryptionStrategy
```
# AES GCM encryption with a 96 bit initialization vector (same algorithm as Vault)
from aiops_encrypt.aes_gcm_96_encryption_strategy import AesGcm96EncryptionStrategy
aes_gcm_96 = AesGcm96EncryptionStrategy()
# encrypt plain text data using AES GCM
encrypted_value = aes_gcm_96.encrypt('SOME PLAIN TEXT')
# decrypt cipher text data using AES CBC
decrypted_value = aes_gcm_96.decrypt(encrypted_value)
```
## AISSEMBLE™ Data Encryption
This package includes one security client for calling the "Secrets as a Service" encryption service.
### Vault encryption
See the extensions-encryption [README](../../extensions-encryption/README.md#vault-encryption) for more information on how to configure Vault encryption.
Raw data
{
"_id": null,
"home_page": null,
"name": "aissemble-extensions-encryption-vault-python",
"maintainer": null,
"docs_url": null,
"requires_python": "<4,>=3.11.4",
"maintainer_email": null,
"keywords": null,
"author": "aiSSEMBLE Baseline Community",
"author_email": "aissemble@bah.com",
"download_url": "https://files.pythonhosted.org/packages/fa/11/aa05d858528c874d6eb5b3786aae90e970ace79d3f47be59abe5fc1458c1/aissemble_extensions_encryption_vault_python-1.7.0.tar.gz",
"platform": null,
"description": "# Python data encryption\n\nThis module provides a package for encrypting Python based pipeline data. There are multiple encryption algorithms\navailable. Each with their own strengths and weaknesses as outlined below. \n\n| Strategy | Description |\n|-------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| VaultRemoteEncryptionStrategy | Leverages the Hashicorp Vault secrets as a service capabilities. This is a highly recommended strategy given it follows best practices and has the advantage of a large developer base working to secure the service. |\n| VaultLocalEncryptionStrategy | Leverages the Vault service to provide encryption keys (key rotation and secure storage) but allows for local encryption. This is a good option if you have to encrypt large data objects. It can also provide a performance boost over remote Vault encryption given there is no need for a roundtrip to the server for each data element. |\n| AesCbcEncryptionStrategy | A good basic 128 bit encryption strategy. To use this you only need to supply a single encryption key in the encrypt.properties file (128 bit or 16 character). This algorithm works well, but is less efficient than the AES GCM algorithm. |\n| AesGcm96EncryptionStrategy | This is a good strategy for most encryption needs. It is efficient and strong against most attacks. You can optionally use an encryption key retrieved from the Vault service with this strategy. |\n\n\nThe following example illustrates how to perform encryption.\n\n1. Example usage\n - Add the following to your code\n #### VaultRemoteEncryptionStrategy\n ``` \n # Uses remote Vault encryption\n from aiops_encrypt.vault_remote_encryption_strategy import VaultRemoteEncryptionStrategy\n\n vault_remote = VaultRemoteEncryptionStrategy()\n\n # encrypt plain text data using Vault\n encrypted_value = vault_remote.encrypt('SOME PLAIN TEXT')\n\n # decrypt cipher text data using Vault\n decrypted_value = vault_remote.decrypt(encrypted_value)\n ``` \n \n _NOTE: If you are encrypting your data through a User Defined Function (udf) in PySpark you need to use\n the VaultLocalEncryptionStrategy (see below). Currently the remote version causes threading issues. This issue will\n likely be resolved in a future update to the Hashicorp Vault client_\n #### VaultLocalEncryptionStrategy\n ```\n # Uses an encryption key retrieved from the Vault server, but performs the encryption locally.\n from aiops_encrypt.vault_local_encryption_strategy import VaultLocalEncryptionStrategy\n \n vault_local = VaultLocalEncryptionStrategy()\n\n # encrypt plain text data using local Vault\n encrypted_value = vault_local.encrypt('SOME PLAIN TEXT')\n\n # decrypt cipher text data using local Vault\n decrypted_value = vault_local.decrypt(encrypted_value)\n ```\n\n #### AesCbcEncryptionStrategy\n ``` \n # Uses the AES CBC encryption\n from aiops_encrypt.aes_cbc_encryption_strategy import AesCbcEncryptionStrategy\n\n aes_cbc = AesCbcEncryptionStrategy()\n\n # encrypt plain text data using AES CBC\n encrypted_value = aes_cbc.encrypt('SOME PLAIN TEXT')\n\n # decrypt cipher text data using AES CBC\n decrypted_value = aes_cbc.decrypt(encrypted_value)\n ``` \n\n #### AesGcm96EncryptionStrategy\n ``` \n # AES GCM encryption with a 96 bit initialization vector (same algorithm as Vault)\n from aiops_encrypt.aes_gcm_96_encryption_strategy import AesGcm96EncryptionStrategy\n\n aes_gcm_96 = AesGcm96EncryptionStrategy()\n\n # encrypt plain text data using AES GCM\n encrypted_value = aes_gcm_96.encrypt('SOME PLAIN TEXT')\n\n # decrypt cipher text data using AES CBC\n decrypted_value = aes_gcm_96.decrypt(encrypted_value)\n ```\n## AISSEMBLE™ Data Encryption\n\nThis package includes one security client for calling the \"Secrets as a Service\" encryption service.\n\n### Vault encryption\nSee the extensions-encryption [README](../../extensions-encryption/README.md#vault-encryption) for more information on how to configure Vault encryption.\n",
"bugtrack_url": null,
"license": null,
"summary": "Vault data encryption classes (python)",
"version": "1.7.0",
"project_urls": null,
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "4114e0e9bfb2b4e5d11e6f312cd06a8a5f803f5649d66ca11af706019c31a0b8",
"md5": "c9edb1ccade74a8b5eb9f71dc7cc57bb",
"sha256": "69188e691b19d8d5c4ba70420ab0e6c5b44b9ca1978cdc1b36e39245029eb8c0"
},
"downloads": -1,
"filename": "aissemble_extensions_encryption_vault_python-1.7.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "c9edb1ccade74a8b5eb9f71dc7cc57bb",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4,>=3.11.4",
"size": 15381,
"upload_time": "2024-06-12T00:32:59",
"upload_time_iso_8601": "2024-06-12T00:32:59.030844Z",
"url": "https://files.pythonhosted.org/packages/41/14/e0e9bfb2b4e5d11e6f312cd06a8a5f803f5649d66ca11af706019c31a0b8/aissemble_extensions_encryption_vault_python-1.7.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "fa11aa05d858528c874d6eb5b3786aae90e970ace79d3f47be59abe5fc1458c1",
"md5": "00e796c6efe525ffa733adb14926f41d",
"sha256": "5590894575dac3306cbe0ad33c6ff6f91a6bfc1be2c94a84fb3a5e85bf495ace"
},
"downloads": -1,
"filename": "aissemble_extensions_encryption_vault_python-1.7.0.tar.gz",
"has_sig": false,
"md5_digest": "00e796c6efe525ffa733adb14926f41d",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "<4,>=3.11.4",
"size": 9979,
"upload_time": "2024-06-12T00:33:00",
"upload_time_iso_8601": "2024-06-12T00:33:00.413331Z",
"url": "https://files.pythonhosted.org/packages/fa/11/aa05d858528c874d6eb5b3786aae90e970ace79d3f47be59abe5fc1458c1/aissemble_extensions_encryption_vault_python-1.7.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-06-12 00:33:00",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "aissemble-extensions-encryption-vault-python"
}