Skip to content
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Updated docs and examples
  • Loading branch information
avara1986 committed Mar 29, 2020
commit 63b5248833092eea8b269c76e515d4ebf9975919
44 changes: 12 additions & 32 deletions docs/encrypt_decryt_configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@

## Configuration

# Method 1: Encrypt and decrypt with key file and Fernet


When you work in multiple environments: local, dev, testing, production... you must set critical configuration in your
variables, like:

Expand Down Expand Up @@ -101,7 +104,9 @@ SQLALCHEMY_DATABASE_URI: mysql+mysqlconnector://user_of_db:user_of_db@localhost/

And you can access to this var with `current_app.config["SQLALCHEMY_DATABASE_URI"]`

## 1. Encrypt your information with AWS KMS and base64
# Method 2: Encrypt and decrypt with AWS KMS

## 1. Configure AWS

Pyms knows if a variable is encrypted if this var start with the prefix `enc_` or `ENC_`. PyMS uses boto3 and
aws cli to decrypt this value and store it in the same variable without the `enc_` prefix.
Expand All @@ -112,36 +117,7 @@ First, configure aws your aws account credentials:
aws configure
```

Cypher a string with this command:

```bash
aws kms encrypt --key-id alias/your-kms-key --plaintext "mysql+mysqlconnector://important_user:****@localhost/my_schema" --query CiphertextBlob --output text | base64 -d | base64
>> AQICAHiALhLQv4eW8jqUccFSnkyDkBAWLAm97Lr2qmdItkUCIAGBuPtu9v1N8oy2fhZ605VuAAAA
oDCBnQYJKoZIhvcNAQcGoIGPMIGMAgEAMIGGBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDL60
NbDqbBIOJUHCQQIBEIBZALpJXqZwqQb++8BxGTN1/gkAp4WQv6w34t07S/6lcfCYrBNtdkTX2th9
cGJcIvg4+lLnyFzirOrhovVUsS7O5v5wofSqlUevX5BIowGZKWK9TqaXqZ/CS18=

```

And put this string in your `config_pro.yml`:
```yaml
pyms:
crypt:
method: "aws_kms"
key_id: "alias/your-kms-key"
config:
DEBUG: true
TESTING: true
APPLICATION_ROOT : ""
SECRET_KEY: "gjr39dkjn344_!67#"
ENC_SQLALCHEMY_DATABASE_URI: "AQICAHiALhLQv4eW8jqUccFSnkyDkBAWLAm97Lr2qmdItkUCIAGBuPtu9v1N8oy2fhZ605VuAAAA
oDCBnQYJKoZIhvcNAQcGoIGPMIGMAgEAMIGGBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDL60
NbDqbBIOJUHCQQIBEIBZALpJXqZwqQb++8BxGTN1/gkAp4WQv6w34t07S/6lcfCYrBNtdkTX2th9
cGJcIvg4+lLnyFzirOrhovVUsS7O5v5wofSqlUevX5BIowGZKWK9TqaXqZ/CS18=
"
```

## 2. Encrypt your information with AWS KMS without base64
## 2. Encrypt with KMS

Cypher a string with this command:

Expand All @@ -151,6 +127,8 @@ aws kms encrypt --key-id alias/prueba-avara --plaintext "mysql+mysqlconnector://

```

## 3. Decrypt from your config file

And put this string in your `config_pro.yml`:
```yaml
pyms:
Expand All @@ -164,4 +142,6 @@ pyms:
SECRET_KEY: "gjr39dkjn344_!67#"
ENC_SQLALCHEMY_DATABASE_URI: "AQICAHiALhLQv4eW8jqUccFSnkyDkBAWLAm97Lr2qmdItkUCIAF+P4u/uqzu8KRT74PsnQXhAAAAoDCBnQYJKoZIhvcNAQcGoIGPMIGMAgEAMIGGBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDPo+k3ZxoI9XVKtHgQIBEIBZmp7UUVjNWd6qKrLVK8oBNczY0CfLH6iAZE3UK5Ofs4+nZFi0PL3SEW8M15VgTpQoC/b0YxDPHjF0V6NHUJcWirSAqKkP5Sz5eSTk91FTuiwDpvYQ2q9aY6w=
"
```
```


2 changes: 1 addition & 1 deletion examples/microservice_crypt_aws_kms/main.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

from pyms.flask.app import Microservice

ms = Microservice(path=__file__)
ms = Microservice()
app = ms.create_app()


Expand Down