-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathazure_key_repository.py
31 lines (25 loc) · 1.43 KB
/
azure_key_repository.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
from azure.core.credentials import TokenCredential
from azure.keyvault.keys import KeyClient, KeyVaultKey
from azure.keyvault.keys.crypto import CryptographyClient, EncryptionAlgorithm, EncryptResult, DecryptResult
class AzureKeyRepository(object):
def __init__(self, key_client: KeyClient, credential: TokenCredential, key_name: str):
self.credential = credential
self.key_client = key_client
self.key_name = key_name
key_name: str
key_client: KeyClient
credential: TokenCredential
def encrypt(self, clear_text: str):
key: KeyVaultKey = self.key_client.get_key(name=self.key_name)
text_as_bytes: bytes = bytes(clear_text.encode("utf-8"))
client: CryptographyClient = CryptographyClient(key=key.id, credential=self.credential, api_version="7.3")
encrypted: EncryptResult = client.encrypt(algorithm=EncryptionAlgorithm.rsa_oaep_256, plaintext=text_as_bytes)
client.close()
return encrypted.ciphertext
def decrypt(self, cipher_text: bytes):
key: KeyVaultKey = self.key_client.get_key(name=self.key_name)
client: CryptographyClient = CryptographyClient(key=key.id, credential=self.credential, api_version="7.3")
decrypted: DecryptResult = client.decrypt(algorithm=EncryptionAlgorithm.rsa_oaep_256, ciphertext=cipher_text)
client.close()
plaintext_bytes: bytes = decrypted.plaintext
return plaintext_bytes.decode("utf-8")