Encrypt/Decrypt Configuration - Python Microservices (2024)

Table of Contents
Configuration 1. Generate a key 2. Add your key to your environment 3. Encrypt your information and store it in config 4. Decrypt from your config file 1. Configure AWS 2. Encrypt with KMS 3. Decrypt from your config file

Configuration

When you work in multiple environments: local, dev, testing, production... you must set critical configuration in yourvariables, such as:

config.yml, for local propose:

pyms: config: DEBUG: true TESTING: true APPLICATION_ROOT : "" SECRET_KEY: "gjr39dkjn344_!67#" SQLALCHEMY_DATABASE_URI: mysql+mysqlconnector://user_of_db:user_of_db@localhost/my_schema

config_pro.yml, for production environment:

pyms: config: DEBUG: true TESTING: true APPLICATION_ROOT : "" SECRET_KEY: "gjr39dkjn344_!67#" SQLALCHEMY_DATABASE_URI: mysql+mysqlconnector://important_user:****@localhost/my_schema

We strongly recommend this way of encrypting/decrypting your configuration, but if you don't want a vendor locking option, or you don't have the resources to use these methods, we provide a way to encrypt and decrypt your variables.

1. Generate a key

PyMS has a command line option to create a key file. This key is created with AES.You can run the next command in the terminal:

See Also
Encrypting a Python toolbox—ArcGIS ProStep by Step of Image Encryption Using PythonEncrypt and decrypt a file

pyms create-key

Then, type a password and it will create a file called key.key. This file contains a unique key. If you loose this fileand re-run the create command, the key hash will be different and your code encrypted with this key won't be able to be decrypted.

Store this key in a secure site, and DO NOT COMMIT it to your repository.

2. Add your key to your environment

Move your key, for example, to mv key.key /home/my_user/keys/myproject.key

then, store the key in a environment variable with:

export PYMS_KEY_FILE=/home/my_user/keys/myproject.key

3. Encrypt your information and store it in config

Do you remember the example file config_pro.yml? Now you can encrypt and decrypt the information, you can run the commandpyms encrypt [string] to generate a crypt string, for example:

pyms encrypt 'mysql+mysqlconnector://important_user:****@localhost/my_schema'>> Encrypted OK: b'gAAAAABeSwBJv43hnGAWZOY50QjBX6uGLxUb3Q6fcUhMxKspIVIco8qwwZvxRg930uRlsd47isroXzkdRRnb4-x2dsQMp0dln8Pm2ySHH7TryLbQYEFbSh8RQK7zor-hX6gB-JY3uQD3IMtiVKx9AF95D6U4ydT-OA=='

And store this string in your config_pro.yml:

pyms: crypt: method: "fernet" config: DEBUG: true TESTING: true APPLICATION_ROOT : "" SECRET_KEY: "gjr39dkjn344_!67#" ENC_SQLALCHEMY_DATABASE_URI: gAAAAABeSwBJv43hnGAWZOY50QjBX6uGLxUb3Q6fcUhMxKspIVIco8qwwZvxRg930uRlsd47isroXzkdRRnb4-x2dsQMp0dln8Pm2ySHH7TryLbQYEFbSh8RQK7zor-hX6gB-JY3uQD3IMtiVKx9AF95D6U4ydT-OA==

Do you see the difference between ENC_SQLALCHEMY_DATABASE_URI and SQLALCHEMY_DATABASE_URI? In the next step youcan find the answer

4. Decrypt from your config file

Pyms knows if a variable is encrypted if this var start with the prefix enc_ or ENC_. PyMS searches for your key filein the PYMS_KEY_FILE env variable and decrypts this value to store it in the same variable without the enc_ prefix, for example, 

ENC_SQLALCHEMY_DATABASE_URI: gAAAAABeSwBJv43hnGAWZOY50QjBX6uGLxUb3Q6fcUhMxKspIVIco8qwwZvxRg930uRlsd47isroXzkdRRnb4-x2dsQMp0dln8Pm2ySHH7TryLbQYEFbSh8RQK7zor-hX6gB-JY3uQD3IMtiVKx9AF95D6U4ydT-OA==

Will be stored as 

SQLALCHEMY_DATABASE_URI: mysql+mysqlconnector://user_of_db:user_of_db@localhost/my_schema

And you can access this var with current_app.config["SQLALCHEMY_DATABASE_URI"]

1. Configure AWS

Pyms knows if a variable is encrypted if this var start with the prefix enc_ or ENC_. PyMS uses boto3 andaws cli to decrypt this value and store it in the same variable without the enc_ prefix.

First, configure aws your aws account credentials:

aws configure

2. Encrypt with KMS

Cypher a string with this command:

aws kms encrypt --key-id alias/prueba-avara --plaintext "mysql+mysqlconnector://important_user:****@localhost/my_schema" --query CiphertextBlob --output text>> AQICAHiALhLQv4eW8jqUccFSnkyDkBAWLAm97Lr2qmdItkUCIAF+P4u/uqzu8KRT74PsnQXhAAAAoDCBnQYJKoZIhvcNAQcGoIGPMIGMAgEAMIGGBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDPo+k3ZxoI9XVKtHgQIBEIBZmp7UUVjNWd6qKrLVK8oBNczY0CfLH6iAZE3UK5Ofs4+nZFi0PL3SEW8M15VgTpQoC/b0YxDPHjF0V6NHUJcWirSAqKkP5Sz5eSTk91FTuiwDpvYQ2q9aY6w=

3. Decrypt from your config file

And put this string in your config_pro.yml:

pyms: crypt: method: "aws_kms" key_id: "alias/your-kms-key" config: DEBUG: true TESTING: true APPLICATION_ROOT : "" SECRET_KEY: "gjr39dkjn344_!67#" ENC_SQLALCHEMY_DATABASE_URI: "AQICAHiALhLQv4eW8jqUccFSnkyDkBAWLAm97Lr2qmdItkUCIAF+P4u/uqzu8KRT74PsnQXhAAAAoDCBnQYJKoZIhvcNAQcGoIGPMIGMAgEAMIGGBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDPo+k3ZxoI9XVKtHgQIBEIBZmp7UUVjNWd6qKrLVK8oBNczY0CfLH6iAZE3UK5Ofs4+nZFi0PL3SEW8M15VgTpQoC/b0YxDPHjF0V6NHUJcWirSAqKkP5Sz5eSTk91FTuiwDpvYQ2q9aY6w="

At this moment, PyMS not support Google KMS encryption, this issue is in TODO

Encrypt/Decrypt Configuration - Python Microservices (2024)
Top Articles
The Rule of 7 in Real Estate Agent Marketing — Rev Real Estate School: SOI Real Estate Coaching
BRRRR Method: What It Is & How Does It Work | Chase
Shs Games 1V1 Lol
New Slayer Boss - The Araxyte
Fully Enclosed IP20 Interface Modules To Ensure Safety In Industrial Environment
10 Popular Hair Growth Products Made With Dermatologist-Approved Ingredients to Shop at Amazon
Cranberry sauce, canned, sweetened, 1 slice (1/2" thick, approx 8 slices per can) - Health Encyclopedia
Turbocharged Cars
Ave Bradley, Global SVP of design and creative director at Kimpton Hotels & Restaurants | Hospitality Interiors
Sarpian Cat
3472542504
Nonne's Italian Restaurant And Sports Bar Port Orange Photos
Best Suv In 2010
Mile Split Fl
Unlv Mid Semester Classes
Highland Park, Los Angeles, Neighborhood Guide
60 X 60 Christmas Tablecloths
Simplify: r^4+r^3-7r^2-r+6=0 Tiger Algebra Solver
Chelactiv Max Cream
Pretend Newlyweds Nikubou Maranoshin
Rugged Gentleman Barber Shop Martinsburg Wv
Uta Kinesiology Advising
The Tower and Major Arcana Tarot Combinations: What They Mean - Eclectic Witchcraft
Mandy Rose - WWE News, Rumors, & Updates
Mdt Bus Tracker 27
Saxies Lake Worth
Radical Red Ability Pill
10-Day Weather Forecast for Santa Cruz, CA - The Weather Channel | weather.com
Craigslist Middletown Ohio
Elanco Rebates.com 2022
Purdue Timeforge
Smayperu
Everything You Need to Know About NLE Choppa
Waffle House Gift Card Cvs
Craigslist Georgia Homes For Sale By Owner
Leatherwall Ll Classifieds
Giantess Feet Deviantart
دانلود سریال خاندان اژدها دیجی موویز
Linda Sublette Actress
Leena Snoubar Net Worth
Emulating Web Browser in a Dedicated Intermediary Box
ESA Science & Technology - The remarkable Red Rectangle: A stairway to heaven? [heic0408]
Hovia reveals top 4 feel-good wallpaper trends for 2024
Mathews Vertix Mod Chart
boston furniture "patio" - craigslist
Memberweb Bw
Academic Calendar / Academics / Home
30 Years Of Adonis Eng Sub
Candise Yang Acupuncture
877-552-2666
Steam Input Per Game Setting
Sj Craigs
Latest Posts
What is PayPal Working Capital and how do I apply?
I Need 1000 Dollars Now: 8 Options For Fast Funding • Benzinga
Article information

Author: Ms. Lucile Johns

Last Updated:

Views: 6317

Rating: 4 / 5 (61 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Ms. Lucile Johns

Birthday: 1999-11-16

Address: Suite 237 56046 Walsh Coves, West Enid, VT 46557

Phone: +59115435987187

Job: Education Supervisor

Hobby: Genealogy, Stone skipping, Skydiving, Nordic skating, Couponing, Coloring, Gardening

Introduction: My name is Ms. Lucile Johns, I am a successful, friendly, friendly, homely, adventurous, handsome, delightful person who loves writing and wants to share my knowledge and understanding with you.