## aiSSEMBLE™ Extensions Data Encryption Vault Python
[](https://pypi.org/project/aissemble-extensions-encryption-vault-python/)
This module provides a package for encrypting Python based pipeline data. There are multiple encryption algorithms
available. Each with their own strengths and weaknesses as outlined below.
| Strategy | Description |
|-------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| VaultRemoteEncryptionStrategy | Leverages the Hashicorp Vault secrets as a service capabilities. This is a highly recommended strategy given it follows best practices and has the advantage of a large developer base working to secure the service. |
| VaultLocalEncryptionStrategy | Leverages the Vault service to provide encryption keys (key rotation and secure storage) but allows for local encryption. This is a good option if you have to encrypt large data objects. It can also provide a performance boost over remote Vault encryption given there is no need for a roundtrip to the server for each data element. |
| AesCbcEncryptionStrategy | A good basic 128 bit encryption strategy. To use this you only need to supply a single encryption key in the encrypt.properties file (128 bit or 16 character). This algorithm works well, but is less efficient than the AES GCM algorithm. |
| AesGcm96EncryptionStrategy | This is a good strategy for most encryption needs. It is efficient and strong against most attacks. You can optionally use an encryption key retrieved from the Vault service with this strategy. |
The following example illustrates how to perform encryption.
1. Example usage
- Add the following to your code
#### VaultRemoteEncryptionStrategy
```
# Uses remote Vault encryption
from aissemble_encrypt.vault_remote_encryption_strategy import VaultRemoteEncryptionStrategy
vault_remote = VaultRemoteEncryptionStrategy()
# encrypt plain text data using Vault
encrypted_value = vault_remote.encrypt('SOME PLAIN TEXT')
# decrypt cipher text data using Vault
decrypted_value = vault_remote.decrypt(encrypted_value)
```
_NOTE: If you are encrypting your data through a User Defined Function (udf) in PySpark you need to use
the VaultLocalEncryptionStrategy (see below). Currently the remote version causes threading issues. This issue will
likely be resolved in a future update to the Hashicorp Vault client_
#### VaultLocalEncryptionStrategy
```
# Uses an encryption key retrieved from the Vault server, but performs the encryption locally.
from aissemble_encrypt.vault_local_encryption_strategy import VaultLocalEncryptionStrategy
vault_local = VaultLocalEncryptionStrategy()
# encrypt plain text data using local Vault
encrypted_value = vault_local.encrypt('SOME PLAIN TEXT')
# decrypt cipher text data using local Vault
decrypted_value = vault_local.decrypt(encrypted_value)
```
#### AesCbcEncryptionStrategy
```
# Uses the AES CBC encryption
from aissemble_encrypt.aes_cbc_encryption_strategy import AesCbcEncryptionStrategy
aes_cbc = AesCbcEncryptionStrategy()
# encrypt plain text data using AES CBC
encrypted_value = aes_cbc.encrypt('SOME PLAIN TEXT')
# decrypt cipher text data using AES CBC
decrypted_value = aes_cbc.decrypt(encrypted_value)
```
#### AesGcm96EncryptionStrategy
```
# AES GCM encryption with a 96 bit initialization vector (same algorithm as Vault)
from aissemble_encrypt.aes_gcm_96_encryption_strategy import AesGcm96EncryptionStrategy
aes_gcm_96 = AesGcm96EncryptionStrategy()
# encrypt plain text data using AES GCM
encrypted_value = aes_gcm_96.encrypt('SOME PLAIN TEXT')
# decrypt cipher text data using AES CBC
decrypted_value = aes_gcm_96.decrypt(encrypted_value)
```
## AISSEMBLE Data Encryption
This package includes one security client for calling the "Secrets as a Service" encryption service.
### Vault encryption
See the extensions-encryption [README](../../extensions-encryption/README.md#vault-encryption) for more information on how to configure Vault encryption.
Raw data
{
"_id": null,
"home_page": null,
"name": "aissemble-extensions-encryption-vault-python",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": null,
"author": "aiSSEMBLE Baseline Community",
"author_email": "aissemble@bah.com",
"download_url": "https://files.pythonhosted.org/packages/88/f6/c0dde90f30929cc2d3c6e075dff4b1748243030e9decb796ea90c85260dd/aissemble_extensions_encryption_vault_python-1.10.0.tar.gz",
"platform": null,
"description": "## aiSSEMBLE™ Extensions Data Encryption Vault Python\n\n[](https://pypi.org/project/aissemble-extensions-encryption-vault-python/)\n\n\n\nThis module provides a package for encrypting Python based pipeline data. There are multiple encryption algorithms\navailable. Each with their own strengths and weaknesses as outlined below. \n\n| Strategy | Description |\n|-------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| VaultRemoteEncryptionStrategy | Leverages the Hashicorp Vault secrets as a service capabilities. This is a highly recommended strategy given it follows best practices and has the advantage of a large developer base working to secure the service. |\n| VaultLocalEncryptionStrategy | Leverages the Vault service to provide encryption keys (key rotation and secure storage) but allows for local encryption. This is a good option if you have to encrypt large data objects. It can also provide a performance boost over remote Vault encryption given there is no need for a roundtrip to the server for each data element. |\n| AesCbcEncryptionStrategy | A good basic 128 bit encryption strategy. To use this you only need to supply a single encryption key in the encrypt.properties file (128 bit or 16 character). This algorithm works well, but is less efficient than the AES GCM algorithm. |\n| AesGcm96EncryptionStrategy | This is a good strategy for most encryption needs. It is efficient and strong against most attacks. You can optionally use an encryption key retrieved from the Vault service with this strategy. |\n\n\nThe following example illustrates how to perform encryption.\n\n1. Example usage\n - Add the following to your code\n #### VaultRemoteEncryptionStrategy\n ``` \n # Uses remote Vault encryption\n from aissemble_encrypt.vault_remote_encryption_strategy import VaultRemoteEncryptionStrategy\n\n vault_remote = VaultRemoteEncryptionStrategy()\n\n # encrypt plain text data using Vault\n encrypted_value = vault_remote.encrypt('SOME PLAIN TEXT')\n\n # decrypt cipher text data using Vault\n decrypted_value = vault_remote.decrypt(encrypted_value)\n ``` \n \n _NOTE: If you are encrypting your data through a User Defined Function (udf) in PySpark you need to use\n the VaultLocalEncryptionStrategy (see below). Currently the remote version causes threading issues. This issue will\n likely be resolved in a future update to the Hashicorp Vault client_\n #### VaultLocalEncryptionStrategy\n ```\n # Uses an encryption key retrieved from the Vault server, but performs the encryption locally.\n from aissemble_encrypt.vault_local_encryption_strategy import VaultLocalEncryptionStrategy\n \n vault_local = VaultLocalEncryptionStrategy()\n\n # encrypt plain text data using local Vault\n encrypted_value = vault_local.encrypt('SOME PLAIN TEXT')\n\n # decrypt cipher text data using local Vault\n decrypted_value = vault_local.decrypt(encrypted_value)\n ```\n\n #### AesCbcEncryptionStrategy\n ``` \n # Uses the AES CBC encryption\n from aissemble_encrypt.aes_cbc_encryption_strategy import AesCbcEncryptionStrategy\n\n aes_cbc = AesCbcEncryptionStrategy()\n\n # encrypt plain text data using AES CBC\n encrypted_value = aes_cbc.encrypt('SOME PLAIN TEXT')\n\n # decrypt cipher text data using AES CBC\n decrypted_value = aes_cbc.decrypt(encrypted_value)\n ``` \n\n #### AesGcm96EncryptionStrategy\n ``` \n # AES GCM encryption with a 96 bit initialization vector (same algorithm as Vault)\n from aissemble_encrypt.aes_gcm_96_encryption_strategy import AesGcm96EncryptionStrategy\n\n aes_gcm_96 = AesGcm96EncryptionStrategy()\n\n # encrypt plain text data using AES GCM\n encrypted_value = aes_gcm_96.encrypt('SOME PLAIN TEXT')\n\n # decrypt cipher text data using AES CBC\n decrypted_value = aes_gcm_96.decrypt(encrypted_value)\n ```\n## AISSEMBLE Data Encryption\n\nThis package includes one security client for calling the \"Secrets as a Service\" encryption service.\n\n### Vault encryption\nSee the extensions-encryption [README](../../extensions-encryption/README.md#vault-encryption) for more information on how to configure Vault encryption.\n",
"bugtrack_url": null,
"license": null,
"summary": "Vault data encryption classes (python)",
"version": "1.10.0",
"project_urls": null,
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "0e628b8c72a489ad2601aaf8e4fdce2aaeb8c4a8b31ba23cfeb2ae66e1930365",
"md5": "ed029dc0dfc3157a2f549a6db3864abf",
"sha256": "b8016fa0443dabb35ccf83c3de84feae641c3c79eb996df6ced77f3d2e18bae4"
},
"downloads": -1,
"filename": "aissemble_extensions_encryption_vault_python-1.10.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "ed029dc0dfc3157a2f549a6db3864abf",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 15684,
"upload_time": "2024-11-20T01:14:54",
"upload_time_iso_8601": "2024-11-20T01:14:54.926818Z",
"url": "https://files.pythonhosted.org/packages/0e/62/8b8c72a489ad2601aaf8e4fdce2aaeb8c4a8b31ba23cfeb2ae66e1930365/aissemble_extensions_encryption_vault_python-1.10.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "88f6c0dde90f30929cc2d3c6e075dff4b1748243030e9decb796ea90c85260dd",
"md5": "73f15e27fb0c72b157f90b3a0aa7e144",
"sha256": "34514d712576825821195aad1c95d674568d561e69bd2de461f65942cae78e2c"
},
"downloads": -1,
"filename": "aissemble_extensions_encryption_vault_python-1.10.0.tar.gz",
"has_sig": false,
"md5_digest": "73f15e27fb0c72b157f90b3a0aa7e144",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 10358,
"upload_time": "2024-11-20T01:14:56",
"upload_time_iso_8601": "2024-11-20T01:14:56.494989Z",
"url": "https://files.pythonhosted.org/packages/88/f6/c0dde90f30929cc2d3c6e075dff4b1748243030e9decb796ea90c85260dd/aissemble_extensions_encryption_vault_python-1.10.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-11-20 01:14:56",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "aissemble-extensions-encryption-vault-python"
}
JSON