async def store(self, name: str, data: bytes, force=False) -> None: """ Saves the data to the encrypted storage. Data is AES encrypted with the default CORTX cipher and stored as Base64 encoded string with the provided name. Raises KeyError if an item with the provided name exists and "force" flag is not set. """ if not force: neb = await self._get_item(name) if neb is not None: raise KeyError(f'{name} already exists in the secure storage') encrypted_bytes = Cipher.encrypt(self._key, data) # Encrypted token is base64 encoded, thus there won't be a problem with storing it in String neb = NamedEncryptedBytes.instantiate(name, encrypted_bytes.decode('ascii')) await self._storage(NamedEncryptedBytes).store(neb)
def encrypt(key, text): ''' Encrypt sensitive data. Ex: RabbitMQ credentials ''' # Before encrypting text we need to convert string to bytes using encode() # method return Cipher.encrypt(key, text.encode())
def config_apply(solution_config_url: str, cortx_conf_url: str = None, force_override: bool = False): """ Description: Parses input config and store in CORTX config location Parameters: [IN] Solution Config URL [OUT] CORTX Config URL """ if Log.logger is None: CortxProvisionerLog.initialize(const.SERVICE_NAME, const.TMP_LOG_PATH) if cortx_conf_url is None: cortx_conf_url = CortxProvisioner._cortx_conf_url cortx_conf = MappedConf(CortxProvisioner._tmp_cortx_conf_url) # Load same config again if force_override is True try: cs_option = {"fail_reload": False} if force_override else {"skip_reload": True} Log.info('Applying config %s' % solution_config_url) Conf.load(CortxProvisioner._solution_index, solution_config_url, **cs_option) except ConfError as e: Log.error(f'Unable to load {solution_config_url} url, Error:{e}') # Secrets path from config file if cortx_conf.get('cortx>common>storage>local'): CortxProvisioner._secrets_path = cortx_conf.get('cortx>common>storage>local')+CortxProvisioner._rel_secret_path # source code for encrypting and storing secret key if Conf.get(CortxProvisioner._solution_index, 'cluster') is not None: CortxProvisioner.apply_cluster_config(cortx_conf, CortxProvisioner.cortx_release) if Conf.get(CortxProvisioner._solution_index, 'cortx') is not None: # generating cipher key cipher_key = None cluster_id = Conf.get(CortxProvisioner._solution_index, 'cluster>id') if cluster_id is None: cluster_id = cortx_conf.get('cluster>id') if cluster_id is None: raise CortxProvisionerError(errno.EINVAL, 'Cluster ID not specified') cipher_key = Cipher.gen_key(cluster_id, 'cortx') if cipher_key is None: raise CortxProvisionerError(errno.EINVAL, 'Cipher key not specified') for key in Conf.get_keys(CortxProvisioner._solution_index): # using path /etc/cortx/solution/secret to confirm secret if key.endswith('secret'): secret_val = Conf.get(CortxProvisioner._solution_index, key) val = None with open(os.path.join(CortxProvisioner._secrets_path, secret_val), 'rb') as secret: val = secret.read() if val is None: raise CortxProvisionerError(errno.EINVAL, f'Could not find the Secret in {CortxProvisioner._secrets_path}') val = Cipher.encrypt(cipher_key, val) # decoding the byte string in val variable Conf.set(CortxProvisioner._solution_index, key, val.decode('utf-8')) CortxProvisioner.apply_cortx_config(cortx_conf, CortxProvisioner.cortx_release) # Adding array count key in conf cortx_conf.add_num_keys() Conf.save(cortx_conf._conf_idx)
def encrypt(key, text): """Encrypt sensitive data. Ex: messaging credentials.""" # Before encrypting text we need to convert string to bytes using encode() # method return Cipher.encrypt(key, text.encode())
def encrypt(key: str, data: str): edata = Cipher.encrypt(bytes(key, 'utf-8'), bytes(data, 'utf-8')) return edata.decode("utf-8")
def encrypt_secret(secret, component, key): key_cipher = Cipher.generate_key(key, component) return Cipher.encrypt(key_cipher, secret.encode("utf-8")).decode("utf-8")