aissemble-extensions-encryption-vault-python


Nameaissemble-extensions-encryption-vault-python JSON
Version 1.7.0 PyPI version JSON
download
home_pageNone
SummaryVault data encryption classes (python)
upload_time2024-06-12 00:33:00
maintainerNone
docs_urlNone
authoraiSSEMBLE Baseline Community
requires_python<4,>=3.11.4
licenseNone
keywords
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            # Python data encryption

This module provides a package for encrypting Python based pipeline data.  There are multiple encryption algorithms
available.  Each with their own strengths and weaknesses as outlined below.  

| Strategy                      | Description                                                                                                                                                                                                                                                                                                                                   |
|-------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| VaultRemoteEncryptionStrategy | Leverages the Hashicorp Vault secrets as a service capabilities.  This is a highly recommended strategy given it follows best practices and has the advantage of a large developer base working to secure the service.                                                                                                                        |
| VaultLocalEncryptionStrategy  | Leverages the Vault service to provide encryption keys (key rotation and secure storage) but allows for local encryption.  This is a good option if you have to encrypt large data objects.  It can also provide a performance boost over remote Vault encryption given there is no need for a roundtrip to the server for each data element. |
| AesCbcEncryptionStrategy      | A good basic 128 bit encryption strategy.  To use this you only need to supply a single encryption key in the encrypt.properties file (128 bit or 16 character).  This algorithm works well, but is less efficient than the AES GCM algorithm.                                                                                                |
| AesGcm96EncryptionStrategy    | This is a good strategy for most encryption needs.  It is efficient and strong against most attacks.  You can optionally use an encryption key retrieved from the Vault service with this strategy.                                                                                                                                           |


The following example illustrates how to perform encryption.

1. Example usage
    - Add the following to your code
    #### VaultRemoteEncryptionStrategy
    ```         
    # Uses remote Vault encryption
    from aiops_encrypt.vault_remote_encryption_strategy import VaultRemoteEncryptionStrategy

    vault_remote = VaultRemoteEncryptionStrategy()

    # encrypt plain text data using Vault
    encrypted_value = vault_remote.encrypt('SOME PLAIN TEXT')

    # decrypt cipher text data using Vault
    decrypted_value = vault_remote.decrypt(encrypted_value)
    ```         
 
    _NOTE: If you are encrypting your data through a User Defined Function (udf) in PySpark you need to use
           the VaultLocalEncryptionStrategy (see below).  Currently the remote version causes threading issues.  This issue will
           likely be resolved in a future update to the Hashicorp Vault client_
    #### VaultLocalEncryptionStrategy
    ```
    # Uses an encryption key retrieved from the Vault server, but performs the encryption locally.
    from aiops_encrypt.vault_local_encryption_strategy import VaultLocalEncryptionStrategy
    
    vault_local = VaultLocalEncryptionStrategy()

    # encrypt plain text data using local Vault
    encrypted_value = vault_local.encrypt('SOME PLAIN TEXT')

    # decrypt cipher text data using local Vault
    decrypted_value = vault_local.decrypt(encrypted_value)
    ```

    #### AesCbcEncryptionStrategy
    ```         
    # Uses the AES CBC encryption
    from aiops_encrypt.aes_cbc_encryption_strategy import AesCbcEncryptionStrategy

    aes_cbc = AesCbcEncryptionStrategy()

    # encrypt plain text data using AES CBC
    encrypted_value = aes_cbc.encrypt('SOME PLAIN TEXT')

    # decrypt cipher text data using AES CBC
    decrypted_value = aes_cbc.decrypt(encrypted_value)
    ```   

    #### AesGcm96EncryptionStrategy
    ```         
    # AES GCM encryption with a 96 bit initialization vector (same algorithm as Vault)
    from aiops_encrypt.aes_gcm_96_encryption_strategy import AesGcm96EncryptionStrategy

    aes_gcm_96 = AesGcm96EncryptionStrategy()

    # encrypt plain text data using AES GCM
    encrypted_value = aes_gcm_96.encrypt('SOME PLAIN TEXT')

    # decrypt cipher text data using AES CBC
    decrypted_value = aes_gcm_96.decrypt(encrypted_value)
    ```
## AISSEMBLE&trade; Data Encryption

This package includes one security client for calling the "Secrets as a Service" encryption service.

### Vault encryption
See the extensions-encryption [README](../../extensions-encryption/README.md#vault-encryption) for more information on how to configure Vault encryption.

            

Raw data

            {
    "_id": null,
    "home_page": null,
    "name": "aissemble-extensions-encryption-vault-python",
    "maintainer": null,
    "docs_url": null,
    "requires_python": "<4,>=3.11.4",
    "maintainer_email": null,
    "keywords": null,
    "author": "aiSSEMBLE Baseline Community",
    "author_email": "aissemble@bah.com",
    "download_url": "https://files.pythonhosted.org/packages/fa/11/aa05d858528c874d6eb5b3786aae90e970ace79d3f47be59abe5fc1458c1/aissemble_extensions_encryption_vault_python-1.7.0.tar.gz",
    "platform": null,
    "description": "# Python data encryption\n\nThis module provides a package for encrypting Python based pipeline data.  There are multiple encryption algorithms\navailable.  Each with their own strengths and weaknesses as outlined below.  \n\n| Strategy                      | Description                                                                                                                                                                                                                                                                                                                                   |\n|-------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| VaultRemoteEncryptionStrategy | Leverages the Hashicorp Vault secrets as a service capabilities.  This is a highly recommended strategy given it follows best practices and has the advantage of a large developer base working to secure the service.                                                                                                                        |\n| VaultLocalEncryptionStrategy  | Leverages the Vault service to provide encryption keys (key rotation and secure storage) but allows for local encryption.  This is a good option if you have to encrypt large data objects.  It can also provide a performance boost over remote Vault encryption given there is no need for a roundtrip to the server for each data element. |\n| AesCbcEncryptionStrategy      | A good basic 128 bit encryption strategy.  To use this you only need to supply a single encryption key in the encrypt.properties file (128 bit or 16 character).  This algorithm works well, but is less efficient than the AES GCM algorithm.                                                                                                |\n| AesGcm96EncryptionStrategy    | This is a good strategy for most encryption needs.  It is efficient and strong against most attacks.  You can optionally use an encryption key retrieved from the Vault service with this strategy.                                                                                                                                           |\n\n\nThe following example illustrates how to perform encryption.\n\n1. Example usage\n    - Add the following to your code\n    #### VaultRemoteEncryptionStrategy\n    ```         \n    # Uses remote Vault encryption\n    from aiops_encrypt.vault_remote_encryption_strategy import VaultRemoteEncryptionStrategy\n\n    vault_remote = VaultRemoteEncryptionStrategy()\n\n    # encrypt plain text data using Vault\n    encrypted_value = vault_remote.encrypt('SOME PLAIN TEXT')\n\n    # decrypt cipher text data using Vault\n    decrypted_value = vault_remote.decrypt(encrypted_value)\n    ```         \n \n    _NOTE: If you are encrypting your data through a User Defined Function (udf) in PySpark you need to use\n           the VaultLocalEncryptionStrategy (see below).  Currently the remote version causes threading issues.  This issue will\n           likely be resolved in a future update to the Hashicorp Vault client_\n    #### VaultLocalEncryptionStrategy\n    ```\n    # Uses an encryption key retrieved from the Vault server, but performs the encryption locally.\n    from aiops_encrypt.vault_local_encryption_strategy import VaultLocalEncryptionStrategy\n    \n    vault_local = VaultLocalEncryptionStrategy()\n\n    # encrypt plain text data using local Vault\n    encrypted_value = vault_local.encrypt('SOME PLAIN TEXT')\n\n    # decrypt cipher text data using local Vault\n    decrypted_value = vault_local.decrypt(encrypted_value)\n    ```\n\n    #### AesCbcEncryptionStrategy\n    ```         \n    # Uses the AES CBC encryption\n    from aiops_encrypt.aes_cbc_encryption_strategy import AesCbcEncryptionStrategy\n\n    aes_cbc = AesCbcEncryptionStrategy()\n\n    # encrypt plain text data using AES CBC\n    encrypted_value = aes_cbc.encrypt('SOME PLAIN TEXT')\n\n    # decrypt cipher text data using AES CBC\n    decrypted_value = aes_cbc.decrypt(encrypted_value)\n    ```   \n\n    #### AesGcm96EncryptionStrategy\n    ```         \n    # AES GCM encryption with a 96 bit initialization vector (same algorithm as Vault)\n    from aiops_encrypt.aes_gcm_96_encryption_strategy import AesGcm96EncryptionStrategy\n\n    aes_gcm_96 = AesGcm96EncryptionStrategy()\n\n    # encrypt plain text data using AES GCM\n    encrypted_value = aes_gcm_96.encrypt('SOME PLAIN TEXT')\n\n    # decrypt cipher text data using AES CBC\n    decrypted_value = aes_gcm_96.decrypt(encrypted_value)\n    ```\n## AISSEMBLE&trade; Data Encryption\n\nThis package includes one security client for calling the \"Secrets as a Service\" encryption service.\n\n### Vault encryption\nSee the extensions-encryption [README](../../extensions-encryption/README.md#vault-encryption) for more information on how to configure Vault encryption.\n",
    "bugtrack_url": null,
    "license": null,
    "summary": "Vault data encryption classes (python)",
    "version": "1.7.0",
    "project_urls": null,
    "split_keywords": [],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "4114e0e9bfb2b4e5d11e6f312cd06a8a5f803f5649d66ca11af706019c31a0b8",
                "md5": "c9edb1ccade74a8b5eb9f71dc7cc57bb",
                "sha256": "69188e691b19d8d5c4ba70420ab0e6c5b44b9ca1978cdc1b36e39245029eb8c0"
            },
            "downloads": -1,
            "filename": "aissemble_extensions_encryption_vault_python-1.7.0-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "c9edb1ccade74a8b5eb9f71dc7cc57bb",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": "<4,>=3.11.4",
            "size": 15381,
            "upload_time": "2024-06-12T00:32:59",
            "upload_time_iso_8601": "2024-06-12T00:32:59.030844Z",
            "url": "https://files.pythonhosted.org/packages/41/14/e0e9bfb2b4e5d11e6f312cd06a8a5f803f5649d66ca11af706019c31a0b8/aissemble_extensions_encryption_vault_python-1.7.0-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "fa11aa05d858528c874d6eb5b3786aae90e970ace79d3f47be59abe5fc1458c1",
                "md5": "00e796c6efe525ffa733adb14926f41d",
                "sha256": "5590894575dac3306cbe0ad33c6ff6f91a6bfc1be2c94a84fb3a5e85bf495ace"
            },
            "downloads": -1,
            "filename": "aissemble_extensions_encryption_vault_python-1.7.0.tar.gz",
            "has_sig": false,
            "md5_digest": "00e796c6efe525ffa733adb14926f41d",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": "<4,>=3.11.4",
            "size": 9979,
            "upload_time": "2024-06-12T00:33:00",
            "upload_time_iso_8601": "2024-06-12T00:33:00.413331Z",
            "url": "https://files.pythonhosted.org/packages/fa/11/aa05d858528c874d6eb5b3786aae90e970ace79d3f47be59abe5fc1458c1/aissemble_extensions_encryption_vault_python-1.7.0.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-06-12 00:33:00",
    "github": false,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "lcname": "aissemble-extensions-encryption-vault-python"
}
        
Elapsed time: 0.25941s