preface
KeyCenter relies on Kess, so you must run kess Agent on the machine firstCopy the codeMAC Installs and starts Kess Agent
Execute the following commandCopy the code /bin/bash -c "$(curl -fsSL https://files.corp.kuaishou.com/data/repo/sources/kuaishou/infra/tutorial/41904/install_kess_agent_on_macos.sh)"
Copy the codeInstall component family bucket
Pip3 install -u setuptools_scm PIP wheel pip3 install -u infra- Framework pip3 install -u infra-frameworkCopy the codeData Decryption Demo
#! /usr/bin/env python
# -*- coding: utf-8 -*-
import base64
import logging
from keycenter.client import ProtectionProvider
logger = logging.getLogger(__name__)
try:
key_name = "mysql.kelly.test" # key_name = key_name
# pylint: disable=line-too-long
cipher_data_with_base64 = "ChBteXNxbC5rZWxseS50ZXN0EiC/tLACc3T5UTLH2HTGVVz2ZDCw6lahb6pro3TnkoOtDhoSdJwOFneEPRjpWKK0IdAS11EiKAUwAQ=="
provider = ProtectionProvider.get_provider(key_name=key_name,
only_decryption=True)
This line is not needed if it is not Base64 encoded
cipher_data = base64.urlsafe_b64decode(cipher_data_with_base64)
data = provider.decrypt(cipher_data)
print(data)
except Exception as e:
logger.error(e)
# summary
# According to the above data decryption code, we only need to pay attention to the following 3 points when using
# key_name parameters
# The encrypted string, namely the cipher_datA_with_base64 variable
# Comment out cipher_data = base64.urlsafe_b64decode(cipher_datA_with_base64) if not base64.
Copy the codeData Encryption Demo
#! /usr/bin/env python
# -*- coding: utf-8 -*-
import logging
from keycenter.client import ProtectionProvider
logger = logging.getLogger(__name__)
try:
key_name = "mysql.kelly.test"
data = b"hello,kelly"
provider = ProtectionProvider.get_provider(key_name=key_name,
only_decryption=False)
cipher_data = provider.aes_cbc_encrypt(data, out_with_base64=True)
print(cipher_data)
except Exception as e:
logger.error(e)
Copy the code