Encrypt/decrypt config by avara1986 · Pull Request #86 · python-microservices/pyms

avara1986 · 2020-02-16T20:37:34Z

First approach to Issue #70

Features

New encryption and decryption feature with AES
Create a key to encrypt config with new command line pyms create-key
Encrypt a string with the new command line pyms encrypt [STRING]
Set the key file with new environment variable KEY_FILE
If you set in your config a var with the prefix "ENC_" or "enc_" PyMS search for the key file and decrypt the string. Now you can encrypt your database url for production environments. I.E.:

pyms:
[...]
  config:
    ENC_DATABASE: gAAAAABeSZ714r99iRIxhoH77vTdRJ0iqSymShfqgGN9PJveqhQWmshRDuV2a8sATey8_lHkln0TwezczucH-aJHGP_LyEiPxwM-88clNa7FB1u4g7Iaw3A=

you can access it in your code with current_app.config["DATABASE"] == "http://database-url"

Fixes

Send path to ConfFile from Microservice class to set path from code if you want to not use CONFIGMAP_FILE from env

Refactors

Refactor config. Menoize of files moved to new class

coveralls · 2020-02-16T20:44:50Z

Coverage increased (+0.04%) to 99.753% when pulling 19745f7 on feature/added_crypt_options into 9a5e5e2 on master.

…_options

pyms/cmd/main.py

pyms/utils/crypt.py

alexppg · 2020-02-17T20:35:13Z

This is very cool! Would be some documentation on how to use it be out of the scope of this MR? I think it would help us a little bit to review it better.
I still don't understand where the key is and how does the micro know where it is.

avara1986 · 2020-02-17T20:38:31Z

This is very cool! Would be some documentation on how to use it be out of the scope of this MR? I think it would help us a little bit to review it better.
I still don't understand where the key is and how does the micro know where it is.

Ok @alexppg, i thought to create the PR and after merged, create the docs, but you're right, with the docs the PR will be more easy to understand, thanks!

avara1986 · 2020-02-17T21:25:51Z

Added doc @alexppg 👍

docs/encrypt_decryt_configuration.md

alexppg · 2020-02-19T07:45:44Z

Awesome! Very well explained, thanks @avara1986 \o/

Co-Authored-By: Àlex Pérez <alexperez@paradigmadigital.com>

avara1986 · 2020-02-20T19:58:01Z

It`s ok to merge @alexppg @miguelgrubin ?

alexppg · 2020-02-21T13:59:50Z

Sure! Sorry for not saying explicitly LGTM. I was waiting to @miguelgrubin, to see if he does want to say something.

avara1986 added 2 commits February 16, 2020 21:20

Added crypt options

a2a86ef

Fix pylint and flake8

0d062f8

avara1986 added the feature New feature in progres label Feb 16, 2020

avara1986 requested review from alexppg and miguelgrubin February 16, 2020 20:37

avara1986 added 10 commits February 16, 2020 21:47

No cover to no testable conditions

7b05354

Merge remote-tracking branch 'origin/master' into feature/added_crypt…

c57648d

…_options

No cover to no testable conditions

26a8b95

Merge branch 'master' into feature/added_crypt_options

8d869c4

Removed encrypted var after decrypted

9114af6

Fix, send path to ConfFile from Microservice class to set path from code

09e17c0

Updated pipfile

30fa3fb

Fix unused import

19745f7

Merge branch 'master' into feature/added_crypt_options

115a4a1

Updated dependencies

2a6cc48

alexppg reviewed Feb 17, 2020

View reviewed changes

pyms/cmd/main.py Show resolved Hide resolved

alexppg reviewed Feb 17, 2020

View reviewed changes

pyms/utils/crypt.py Outdated Show resolved Hide resolved

Changed SHA2576 to SHA512_256

0a0e815

avara1986 added 2 commits February 17, 2020 22:18

Updated docs

15cdc73

Fix example

3107bf8

avara1986 added 2 commits February 18, 2020 08:34

Fix docs and update examples

3d38c76

Fix issue #88

eee1243