-
Notifications
You must be signed in to change notification settings - Fork 0
/
DataKeyManagement.py
31 lines (26 loc) · 1.41 KB
/
DataKeyManagement.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
import oci
from oci.config import from_file
import base64
config = from_file(file_location="C:\\Users...config", profile_name='DEFAULT')
# Manages encryption/decryption of the data key.
def encryptdatakey(masterkeyocid):
# This function is called only when the Data Key needs to be encrypted by the Master Key.
# This function is rarely used only during master key rotation
datakeyocid = "<OCID of the data key>"
datakey = datakeyocid # Convert into Base64/Bytes if required.
masterkey = masterkeyocid
key_management_client = oci.key_management.KmsCryptoClient(config, "https://your_crypto_head.oraclecloud.com")
encrypt_data_details = oci.key_management.models.EncryptDataDetails(
key_id=masterkey,
plaintext=datakey)
encrypt_response = key_management_client.encrypt(encrypt_data_details)
return encrypt_response
def decryptdatakey(masterkey, artifact):
# This function is called only the Data Key is needs.
# Note:- Only the Data Key OCID is returned, the actual Data Key is safe in the Vault.
key_management_client = oci.key_management.KmsCryptoClient(config, "https://your_crypto_head.oraclecloud.com")
decrypt_data_details = oci.key_management.models.DecryptDataDetails(
key_id=masterkey,
ciphertext=artifact)
decrypt_response = key_management_client.encrypt(decrypt_data_details)
return decrypt_response