This repository contains a Python script and helper shell scripts demonstrating the usage of the AES256 column encryption feature in the Cassandra Python driver.
The Cassandra Column Encryption Demo showcases how to leverage AES256 column encryption in the Cassandra Python driver. The demo script connects to a Cassandra database, encrypts specific column data, and guides the user through basic read and write operations.
To run the demo, ensure that the following prerequisites are met:
- Python
3.6or newer installed on your machine. - Access to an Astra database. This comes with a generous free-tier to get started quickly.
- A Unix-like environment (e.g., Linux, macOS, WSL) for running the shell scripts.
The repository includes the following files:
-
demo.py: This Python script establishes a connection to the Cassandra database, performs column encryption, and facilitates the demo by executing basic read and write operations. -
cqlsh.sh: A shell script that launches a CQLSH (Cassandra Query Language Shell) instance, allowing users to view the encrypted database rows. -
setup.sh: A shell script that downloads cqlsh, ensures the appropriate Cassandra driver package is installed, and guides users through the setup process by prompting for necessary variables.
To get started with the demo, follow these steps:
-
Create a keyspace in the target database if one doesn't already exist.
-
Obtain a secure connect bundle [SCB]
secure-connect-<DB Name>.zipand a Token Configuration fileGeneratedToken.csvfor the desired database to use for the demonstration. -
Create a directory to house the demo files, and cd into the directory:
mkdir demos cd demos -
Place your
secure-connect-<DB Name>.zipandGeneratedToken.csvfiles into this directory. -
Clone this repository to your local machine using the following command:
git clone git@github.com:DataStax-Examples/column-level-encryption-with-python-driver-demo.git
The resulting hierarchy should be as follows
demos ├── column-level-encryption-with-python-driver-demo │ ├── LICENSE │ ├── README.md │ ├── cqlsh.sh │ ├── demo.py │ ├── requirements.txt │ └── setup.sh ├── GeneratedToken.csv └── secure-connect-<DB Name>.zip -
Navigate to the cloned repository directory:
cd column-level-encryption-with-python-driver-demo -
Run the
setup.shscript to download cqlsh, install the required Cassandra driver package, and configure necessary variables for the demo.sh ./setup.sh
-
Follow the prompts in the setup script to enter the desired keyspace, table, SCB file location, and configuration file location.
-
Once the setup is complete, you will want to have two different shell windows open so that you can show the contents of the database in one window and modify the contents in another.
-
In the window that will display the database, you can run the
cqlsh.shscript, which launches a CQLSH instance:sh ./cqlsh.sh
-
In the second window, you can execute the demo script with the
--setupflag by running the following command.python demo.py --setup
-
It will return the necessary CQL to set up the database for the demo. Copy and paste the CQL into the CQLSH window. It will also include a select that will return 0 results (since this is a new database)
-
Run the demo script again, but without the
--setupflag and insert some rows.python demo.py
-
Continue running the demo script to insert as many rows as you like. As you insert rows, can you can re-run the select statement from the
python demo.py --setupoutput to demonstrate how the rows being added are encrypted in the database, but the python program (using the driver) is able to decrypt and display the encrypted values.python demo.py
The Cassandra Column Encryption Demo provides a practical example of leveraging AES256 column encryption in the Cassandra Python driver. By running the demo and exploring the provided scripts, you can gain a better understanding of how to secure sensitive column data in your Cassandra applications.