def create_datakey(encryption_context):
'''
Create a datakey from KMS.
'''
# Disabled encryption is dangerous, so we don't use falsiness here.
if app.config['USE_ENCRYPTION'] is False:
logging.warning('Creating a mock datakey in keymanager.create_datakey.'
' If you are not running in a development or test'
' environment, this should not be happening!')
return cryptolib.create_mock_datakey()
# underlying lib does generate random and encrypt, so increment by 2
stats.incr('at_rest_action', 2)
return cryptolib.create_datakey(
encryption_context,
'alias/{0}'.format(app.config.get('KMS_MASTER_KEY')))
def create_datakey(encryption_context):
'''
Create a datakey from KMS.
'''
# Disabled encryption is dangerous, so we don't use falsiness here.
if app.config['USE_ENCRYPTION'] is False:
logging.warning('Creating a mock datakey in keymanager.create_datakey.'
' If you are not running in a development or test'
' environment, this should not be happening!')
return cryptolib.create_mock_datakey()
# underlying lib does generate random and encrypt, so increment by 2
stats.incr('at_rest_action', 2)
return cryptolib.create_datakey(
encryption_context,
'alias/{0}'.format(app.config.get('KMS_MASTER_KEY'))
)
def create_datakey(encryption_context):
'''
Create a datakey from KMS.
'''
at_rest_kms_client = _get_at_rest_kms_client()
# Disabled encryption is dangerous, so we don't use falsiness here.
if settings.USE_ENCRYPTION is False:
logger.warning(
'Creating a mock datakey in keymanager.create_datakey. If you are'
' not running in a development or test environment, this should not'
' be happening!')
return cryptolib.create_mock_datakey()
# underlying lib does generate random and encrypt, so increment by 2
stats.incr('at_rest_action', 2)
return cryptolib.create_datakey(encryption_context,
settings.KMS_MASTER_KEY,
client=at_rest_kms_client)