# <p align="center"> Secure Access of Object Store </p>

It is essential to develop a safe protocol to access the object store. To do this I have developed the following work-flow:

**Encryption**

- Created a python dictionary object which saves the endpoint url, the access key and the secret key for the XChem object Store and a public available object store for practice (MinIO)

    <details>  <summary>    Dictionary Structure</summary>

    ```{python}
    { "XChem":{
                "endpoint_url": xxxx,
                "access_key": xxxx,
                "secret_key": xxxx,
                },
    "MinIO":{
            "endpoint_url": xxxx,
                "access_key": xxxx,
                "secret_key": xxxx,
                },   
    }
    ```

    </details>
<p></p>

- Convert dictionary into a serialized object (.json)
- Generate a random key and use it to encrypt the json object with a fernet key with cryptography.fernet python package into `.enc` .
- Save the encrypted object into a python pickle file. This encryption avoids the presence of the secret key in a plain file at any time.
- Use [git secret]( https://sobolevn.me/git-secret/ ) to further encrypt the file into `.enc.secret`. This gets shared in the github, while the decrypted only remains locally.

**Decryption**

- Install git secrets locally. Generate a gpg public and private key. Share the gpg public key and associated email with the github repo owner.
- Wait for updated re-encryption of `.enc.secret` file.
- Download file and decrypt it using `git secret reveal`.
- Load your fernel key into memory. Use `xaidar.s3Utils.decryptCredentials` to decrypt dictionary.
- Use dictionary values to access object store. Note, never print or show any key in your terminal.

In [None]:
print("test")

In [None]:
from pathlib import Path
import sys
sys.path.append( Path( "../.." ).resolve() )

Add key to decrypt pickle file with S3 credentials into your environment beforehand as `CRED_KEY`

In [None]:
import os
credKey = os.getenv( "CRED_KEY" ) 

### Access S3 Objects

In [5]:
from xaidar.s3Utils import decryptCredentials, initialize

credPath =  Path( "../../credentials.enc").resolve()
credDict = decryptCredentials( credKey, credPath )

Object Store Names:['XChem', 'MinIO']
Credentials Associated with each Object Store: ['endpoint_url', 'access_key', 'secret_key']


In [None]:
client = initialize( "XChem", cred_dict=credDict)