## aiSSEMBLE™ Extensions Data Encryption Vault Python
[](https://pypi.org/project/aissemble-extensions-encryption-vault-python/)
This module provides a package for encrypting Python based pipeline data. There are multiple encryption algorithms
available. Each with their own strengths and weaknesses as outlined below.
| Strategy | Description |
|-------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| VaultRemoteEncryptionStrategy | Leverages the Hashicorp Vault secrets as a service capabilities. This is a highly recommended strategy given it follows best practices and has the advantage of a large developer base working to secure the service. |
| VaultLocalEncryptionStrategy | Leverages the Vault service to provide encryption keys (key rotation and secure storage) but allows for local encryption. This is a good option if you have to encrypt large data objects. It can also provide a performance boost over remote Vault encryption given there is no need for a roundtrip to the server for each data element. |
| AesCbcEncryptionStrategy | A good basic 128 bit encryption strategy. To use this you only need to supply a single encryption key in the encrypt.properties file (128 bit or 16 character). This algorithm works well, but is less efficient than the AES GCM algorithm. |
| AesGcm96EncryptionStrategy | This is a good strategy for most encryption needs. It is efficient and strong against most attacks. You can optionally use an encryption key retrieved from the Vault service with this strategy. |
The following example illustrates how to perform encryption.
1. Example usage
- Add the following to your code
#### VaultRemoteEncryptionStrategy
```
# Uses remote Vault encryption
from aissemble_encrypt.vault_remote_encryption_strategy import VaultRemoteEncryptionStrategy
vault_remote = VaultRemoteEncryptionStrategy()
# encrypt plain text data using Vault
encrypted_value = vault_remote.encrypt('SOME PLAIN TEXT')
# decrypt cipher text data using Vault
decrypted_value = vault_remote.decrypt(encrypted_value)
```
_NOTE: If you are encrypting your data through a User Defined Function (udf) in PySpark you need to use
the VaultLocalEncryptionStrategy (see below). Currently the remote version causes threading issues. This issue will
likely be resolved in a future update to the Hashicorp Vault client_
#### VaultLocalEncryptionStrategy
```
# Uses an encryption key retrieved from the Vault server, but performs the encryption locally.
from aissemble_encrypt.vault_local_encryption_strategy import VaultLocalEncryptionStrategy
vault_local = VaultLocalEncryptionStrategy()
# encrypt plain text data using local Vault
encrypted_value = vault_local.encrypt('SOME PLAIN TEXT')
# decrypt cipher text data using local Vault
decrypted_value = vault_local.decrypt(encrypted_value)
```
#### AesCbcEncryptionStrategy
```
# Uses the AES CBC encryption
from aissemble_encrypt.aes_cbc_encryption_strategy import AesCbcEncryptionStrategy
aes_cbc = AesCbcEncryptionStrategy()
# encrypt plain text data using AES CBC
encrypted_value = aes_cbc.encrypt('SOME PLAIN TEXT')
# decrypt cipher text data using AES CBC
decrypted_value = aes_cbc.decrypt(encrypted_value)
```
#### AesGcm96EncryptionStrategy
```
# AES GCM encryption with a 96 bit initialization vector (same algorithm as Vault)
from aissemble_encrypt.aes_gcm_96_encryption_strategy import AesGcm96EncryptionStrategy
aes_gcm_96 = AesGcm96EncryptionStrategy()
# encrypt plain text data using AES GCM
encrypted_value = aes_gcm_96.encrypt('SOME PLAIN TEXT')
# decrypt cipher text data using AES CBC
decrypted_value = aes_gcm_96.decrypt(encrypted_value)
```
## AISSEMBLE Data Encryption
This package includes one security client for calling the "Secrets as a Service" encryption service.
### Vault encryption
See the extensions-encryption [README](../../extensions-encryption/README.md#vault-encryption) for more information on how to configure Vault encryption.
Raw data
{
"_id": null,
"home_page": null,
"name": "aissemble-extensions-encryption-vault-python",
"maintainer": null,
"docs_url": null,
"requires_python": "<4,>=3.11.4",
"maintainer_email": null,
"keywords": null,
"author": "aiSSEMBLE Baseline Community",
"author_email": "aissemble@bah.com",
"download_url": "https://files.pythonhosted.org/packages/fc/f3/10e4201cd261be749d2b8ac35758d735c0ea0ccfaa241000f1690a76f256/aissemble_extensions_encryption_vault_python-1.9.2.tar.gz",
"platform": null,
"description": "## aiSSEMBLE™ Extensions Data Encryption Vault Python\n\n[](https://pypi.org/project/aissemble-extensions-encryption-vault-python/)\n\n\n\nThis module provides a package for encrypting Python based pipeline data. There are multiple encryption algorithms\navailable. Each with their own strengths and weaknesses as outlined below. \n\n| Strategy | Description |\n|-------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| VaultRemoteEncryptionStrategy | Leverages the Hashicorp Vault secrets as a service capabilities. This is a highly recommended strategy given it follows best practices and has the advantage of a large developer base working to secure the service. |\n| VaultLocalEncryptionStrategy | Leverages the Vault service to provide encryption keys (key rotation and secure storage) but allows for local encryption. This is a good option if you have to encrypt large data objects. It can also provide a performance boost over remote Vault encryption given there is no need for a roundtrip to the server for each data element. |\n| AesCbcEncryptionStrategy | A good basic 128 bit encryption strategy. To use this you only need to supply a single encryption key in the encrypt.properties file (128 bit or 16 character). This algorithm works well, but is less efficient than the AES GCM algorithm. |\n| AesGcm96EncryptionStrategy | This is a good strategy for most encryption needs. It is efficient and strong against most attacks. You can optionally use an encryption key retrieved from the Vault service with this strategy. |\n\n\nThe following example illustrates how to perform encryption.\n\n1. Example usage\n - Add the following to your code\n #### VaultRemoteEncryptionStrategy\n ``` \n # Uses remote Vault encryption\n from aissemble_encrypt.vault_remote_encryption_strategy import VaultRemoteEncryptionStrategy\n\n vault_remote = VaultRemoteEncryptionStrategy()\n\n # encrypt plain text data using Vault\n encrypted_value = vault_remote.encrypt('SOME PLAIN TEXT')\n\n # decrypt cipher text data using Vault\n decrypted_value = vault_remote.decrypt(encrypted_value)\n ``` \n \n _NOTE: If you are encrypting your data through a User Defined Function (udf) in PySpark you need to use\n the VaultLocalEncryptionStrategy (see below). Currently the remote version causes threading issues. This issue will\n likely be resolved in a future update to the Hashicorp Vault client_\n #### VaultLocalEncryptionStrategy\n ```\n # Uses an encryption key retrieved from the Vault server, but performs the encryption locally.\n from aissemble_encrypt.vault_local_encryption_strategy import VaultLocalEncryptionStrategy\n \n vault_local = VaultLocalEncryptionStrategy()\n\n # encrypt plain text data using local Vault\n encrypted_value = vault_local.encrypt('SOME PLAIN TEXT')\n\n # decrypt cipher text data using local Vault\n decrypted_value = vault_local.decrypt(encrypted_value)\n ```\n\n #### AesCbcEncryptionStrategy\n ``` \n # Uses the AES CBC encryption\n from aissemble_encrypt.aes_cbc_encryption_strategy import AesCbcEncryptionStrategy\n\n aes_cbc = AesCbcEncryptionStrategy()\n\n # encrypt plain text data using AES CBC\n encrypted_value = aes_cbc.encrypt('SOME PLAIN TEXT')\n\n # decrypt cipher text data using AES CBC\n decrypted_value = aes_cbc.decrypt(encrypted_value)\n ``` \n\n #### AesGcm96EncryptionStrategy\n ``` \n # AES GCM encryption with a 96 bit initialization vector (same algorithm as Vault)\n from aissemble_encrypt.aes_gcm_96_encryption_strategy import AesGcm96EncryptionStrategy\n\n aes_gcm_96 = AesGcm96EncryptionStrategy()\n\n # encrypt plain text data using AES GCM\n encrypted_value = aes_gcm_96.encrypt('SOME PLAIN TEXT')\n\n # decrypt cipher text data using AES CBC\n decrypted_value = aes_gcm_96.decrypt(encrypted_value)\n ```\n## AISSEMBLE Data Encryption\n\nThis package includes one security client for calling the \"Secrets as a Service\" encryption service.\n\n### Vault encryption\nSee the extensions-encryption [README](../../extensions-encryption/README.md#vault-encryption) for more information on how to configure Vault encryption.\n",
"bugtrack_url": null,
"license": null,
"summary": "Vault data encryption classes (python)",
"version": "1.9.2",
"project_urls": null,
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "0a25badfa4ac343823b5a887ed60a3eec919a1ffc84c18641c8ccdb3fcbddc4e",
"md5": "637dcf4564a5387ae5ce8e449ed3a555",
"sha256": "b0028d240bbf2262103aed4492b774f690c03c749fa1f82be053712936b730ac"
},
"downloads": -1,
"filename": "aissemble_extensions_encryption_vault_python-1.9.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "637dcf4564a5387ae5ce8e449ed3a555",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4,>=3.11.4",
"size": 15588,
"upload_time": "2024-09-26T20:54:48",
"upload_time_iso_8601": "2024-09-26T20:54:48.956120Z",
"url": "https://files.pythonhosted.org/packages/0a/25/badfa4ac343823b5a887ed60a3eec919a1ffc84c18641c8ccdb3fcbddc4e/aissemble_extensions_encryption_vault_python-1.9.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "fcf310e4201cd261be749d2b8ac35758d735c0ea0ccfaa241000f1690a76f256",
"md5": "2a3ed1712528c4279ce417532866238d",
"sha256": "daedc79525959fa8485d3cf5e3fbc06c02c5242e24a0206e9ab2968227c1bfa7"
},
"downloads": -1,
"filename": "aissemble_extensions_encryption_vault_python-1.9.2.tar.gz",
"has_sig": false,
"md5_digest": "2a3ed1712528c4279ce417532866238d",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "<4,>=3.11.4",
"size": 10240,
"upload_time": "2024-09-26T20:54:50",
"upload_time_iso_8601": "2024-09-26T20:54:50.098256Z",
"url": "https://files.pythonhosted.org/packages/fc/f3/10e4201cd261be749d2b8ac35758d735c0ea0ccfaa241000f1690a76f256/aissemble_extensions_encryption_vault_python-1.9.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-09-26 20:54:50",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "aissemble-extensions-encryption-vault-python"
}
JSON