from murmuration import gcm
key = 'this is my secret encryption key'
plaintext = 'the quick brown fox jumps over the lazy dog'
ciphertext = gcm.encrypt(plaintext, key, 'header')
decrypted = gcm.decrypt(ciphertext, key)
assert decrypted == plaintext
You can also use kms as an encryption / decryption service. This does
incur kms costs and require kms setup. The region and profile parameters
do not have to be specified. If they are not specified, the values will
be inferred in the order specified by boto3:
- Passing credentials as parameters in the
boto.client()method- Passing credentials as parameters when creating a
Sessionobject- Environment variables
- Shared credential file (
~/.aws/credentials)- AWS config file (
~/.aws/config)- Assume Role provider
- Boto2 config file (
/etc/boto.cfgand~/.boto)- Instance metadata service on an Amazon EC2 instance that has an IAM role configured.
from murmuration import kms
plaintext = 'the quick brown fox jumps over the lazy dog'
key_alias = 'my kms key alias'
ciphertext = kms.encrypt(plaintext, key_alias, region='us-west-1', profile='company')
decrypted = kms.decrypt(ciphertext, region='us-west-1', profile='company')
assert decrypted == plaintext
You can also use wrapped kms data keys for encryption to protect the underlying
kms key. Using this does functionality will incur kms costs and require kms
setup. The region and profile parameters do not have to be specified.
If they are not specified, the values will
be inferred in the order specified by boto3:
- Passing credentials as parameters in the
boto.client()method- Passing credentials as parameters when creating a
Sessionobject- Environment variables
- Shared credential file (
~/.aws/credentials)- AWS config file (
~/.aws/config)- Assume Role provider
- Boto2 config file (
/etc/boto.cfgand~/.boto)- Instance metadata service on an Amazon EC2 instance that has an IAM role configured.
from murmuration import kms_wrapped
plaintext = 'the quick brown fox jumps over the lazy dog'
key_alias = 'my kms key alias'
ciphertext = kms_wrapped.encrypt(plaintext, key_alias, region='us-west-1', profile='company')
decrypted = kms_wrapped.decrypt(ciphertext, region='us-west-1', profile='company')
assert decrypted == plaintext
cd /path/to
git clone https://github.com/angry-penguins/murmuration
cd murmuration
make setup
to run tests, you will need to create a config file called conf/test.yml
aws:
profile: an_existing_aws_profile
this profile will need to have a kms key that has been aliased to dev.
Once you have created that file, you can run tests using make:
make test
FAQs
encryption primitives for use with aws
We found that murmuration demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Browserslist-rs now uses static data to reduce binary size by over 1MB, improving memory use and performance for Rust-based frontend tools.
Research
Security News
Eight new malicious Firefox extensions impersonate games, steal OAuth tokens, hijack sessions, and exploit browser permissions to spy on users.
Security News
The official Go SDK for the Model Context Protocol is in development, with a stable, production-ready release expected by August 2025.