def decrypt_datakey(data_key, encryption_context=None):
'''
Decrypt a datakey.
'''
# Disabled encryption is dangerous, so we don't use falsiness here.
if app.config['USE_ENCRYPTION'] is False:
logging.warning('Decypting a mock data key in'
' keymanager.decrypt_datakey. If you are not running'
' in a development or test environment, this should'
' not be happening!')
return cryptolib.decrypt_mock_datakey(data_key)
sha = hashlib.sha256(data_key).hexdigest()
if sha not in DATAKEYS:
stats.incr('at_rest_action')
plaintext = cryptolib.decrypt_datakey(data_key, encryption_context)
DATAKEYS[sha] = plaintext
return DATAKEYS[sha]
def decrypt_datakey(data_key, encryption_context=None):
'''
Decrypt a datakey.
'''
# Disabled encryption is dangerous, so we don't use falsiness here.
if app.config['USE_ENCRYPTION'] is False:
logging.warning('Decypting a mock data key in'
' keymanager.decrypt_datakey. If you are not running'
' in a development or test environment, this should'
' not be happening!')
return cryptolib.decrypt_mock_datakey(data_key)
sha = hashlib.sha256(data_key).hexdigest()
if sha not in DATAKEYS:
stats.incr('at_rest_action')
plaintext = cryptolib.decrypt_datakey(data_key, encryption_context)
DATAKEYS[sha] = plaintext
return DATAKEYS[sha]
def decrypt_datakey(data_key, encryption_context=None):
'''
Decrypt a datakey.
'''
at_rest_kms_client = _get_at_rest_kms_client()
# Disabled encryption is dangerous, so we don't use falsiness here.
if settings.USE_ENCRYPTION is False:
logger.warning(
'Decrypting a mock data key in keymanager.decrypt_datakey. If you'
' are not running in a development or test environment, this should'
' not be happening!')
return cryptolib.decrypt_mock_datakey(data_key)
sha = hashlib.sha256(data_key).hexdigest()
if sha not in _DATAKEYS:
stats.incr('at_rest_action')
plaintext = cryptolib.decrypt_datakey(data_key,
encryption_context,
client=at_rest_kms_client)
_DATAKEYS[sha] = plaintext
return _DATAKEYS[sha]