def decrypt_datakey(data_key, encryption_context=None): ''' Decrypt a datakey. ''' # Disabled encryption is dangerous, so we don't use falsiness here. if app.config['USE_ENCRYPTION'] is False: logging.warning('Decypting a mock data key in' ' keymanager.decrypt_datakey. If you are not running' ' in a development or test environment, this should' ' not be happening!') return cryptolib.decrypt_mock_datakey(data_key) sha = hashlib.sha256(data_key).hexdigest() if sha not in DATAKEYS: stats.incr('at_rest_action') plaintext = cryptolib.decrypt_datakey(data_key, encryption_context) DATAKEYS[sha] = plaintext return DATAKEYS[sha]
def decrypt_datakey(data_key, encryption_context=None): ''' Decrypt a datakey. ''' at_rest_kms_client = _get_at_rest_kms_client() # Disabled encryption is dangerous, so we don't use falsiness here. if settings.USE_ENCRYPTION is False: logger.warning( 'Decrypting a mock data key in keymanager.decrypt_datakey. If you' ' are not running in a development or test environment, this should' ' not be happening!') return cryptolib.decrypt_mock_datakey(data_key) sha = hashlib.sha256(data_key).hexdigest() if sha not in _DATAKEYS: stats.incr('at_rest_action') plaintext = cryptolib.decrypt_datakey(data_key, encryption_context, client=at_rest_kms_client) _DATAKEYS[sha] = plaintext return _DATAKEYS[sha]