def run(self, _in, _out): if _in == '-': secrets = sys.stdin.read() else: with open(os.path.join(_in), 'r') as f: secrets = f.read() client = confidant.clients.get_boto_client( 'kms', endpoint_url=settings.KMS_URL, ) data_key = cryptolib.create_datakey( {'type': 'bootstrap'}, settings.KMS_MASTER_KEY, client=client, ) f = Fernet(data_key['plaintext']) data = { 'data_key': base64.b64encode(data_key['ciphertext'], ).decode('utf-8'), 'secrets': f.encrypt(secrets.encode('utf-8')).decode('utf-8'), } data = json.dumps(data) if _out == '-': print(data) else: with open(os.path.join(_out), 'w') as f: f.write(data)
def create_datakey(encryption_context): ''' Create a datakey from KMS. ''' # Disabled encryption is dangerous, so we don't use falsiness here. if app.config['USE_ENCRYPTION'] is False: logging.warning('Creating a mock datakey in keymanager.create_datakey.' ' If you are not running in a development or test' ' environment, this should not be happening!') return cryptolib.create_mock_datakey() # underlying lib does generate random and encrypt, so increment by 2 stats.incr('at_rest_action', 2) return cryptolib.create_datakey( encryption_context, 'alias/{0}'.format(app.config.get('KMS_MASTER_KEY')))
def create_datakey(encryption_context): ''' Create a datakey from KMS. ''' # Disabled encryption is dangerous, so we don't use falsiness here. if app.config['USE_ENCRYPTION'] is False: logging.warning('Creating a mock datakey in keymanager.create_datakey.' ' If you are not running in a development or test' ' environment, this should not be happening!') return cryptolib.create_mock_datakey() # underlying lib does generate random and encrypt, so increment by 2 stats.incr('at_rest_action', 2) return cryptolib.create_datakey( encryption_context, 'alias/{0}'.format(app.config.get('KMS_MASTER_KEY')) )
def create_datakey(encryption_context): ''' Create a datakey from KMS. ''' at_rest_kms_client = _get_at_rest_kms_client() # Disabled encryption is dangerous, so we don't use falsiness here. if settings.USE_ENCRYPTION is False: logger.warning( 'Creating a mock datakey in keymanager.create_datakey. If you are' ' not running in a development or test environment, this should not' ' be happening!') return cryptolib.create_mock_datakey() # underlying lib does generate random and encrypt, so increment by 2 stats.incr('at_rest_action', 2) return cryptolib.create_datakey(encryption_context, settings.KMS_MASTER_KEY, client=at_rest_kms_client)
def run(self, _in, _out): if _in == '-': secrets = sys.stdin.read() else: with open(os.path.join(_in), 'r') as f: secrets = f.read() data_key = cryptolib.create_datakey({'type': 'bootstrap'}, 'alias/{0}'.format( app.config['KMS_MASTER_KEY'])) f = Fernet(data_key['plaintext']) data = { 'data_key': base64.b64encode(data_key['ciphertext']), 'secrets': f.encrypt(secrets.encode('utf-8')) } data = json.dumps(data) if _out == '-': print data else: with open(os.path.join(_out), 'w') as f: f.write(data)