forked from aws-powertools/powertools-lambda-python
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgetting_started_encrypt_data.py
106 lines (94 loc) · 3 KB
/
getting_started_encrypt_data.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
import os
from aws_lambda_powertools.utilities.data_masking import DataMasking
from aws_lambda_powertools.utilities.data_masking.provider.kms.aws_encryption_sdk import AwsEncryptionSdkProvider
KMS_KEY_ARN = os.environ["KMS_KEY_ARN"]
def lambda_handler(event, context):
data = {
"id": 1,
"name": "John Doe",
"age": 30,
"email": "[email protected]",
"address": {
"street": "123 Main St",
"city": "Anytown",
"state": "CA",
"zip": "12345",
},
}
encryption_provider = AwsEncryptionSdkProvider(keys=[KMS_KEY_ARN])
data_masker = DataMasking(provider=encryption_provider)
encrypted = data_masker.encrypt(data=data, fields=["email", "address.street"])
# encrypted = {
# "id": 1,
# "name": "John Doe",
# "age": 30,
# "email": "InRoaXMgaXMgYSBzdHJpbmciHsLZGx2na-XzP_TB5Bf2LNU1bLc",
# "address": {
# "street": "XMgYSB_KDddaDJYMb-JpbmGnagTklwQ-msdaDLP",
# "city": "Anytown",
# "state": "CA",
# "zip": "12345"
# },
# }
decrypted = data_masker.decrypt(data=encrypted, fields=["email", "address.street"])
# decrypted = {
# "id": 1,
# "name": "John Doe",
# "age": 30,
# "email": "[email protected]",
# "address": {
# "street": "123 Main St",
# "city": "Anytown",
# "state": "CA",
# "zip": "12345"
# },
# }
encrypted = data_masker.encrypt(data=data, fields=["email", "address"])
# encrypted = {
# "id": 1,
# "name": "John Doe",
# "age": 30,
# "email": "InRoaXMgaXMgYSBzdHJpbmciHsLZGx2na-XzP_TB5Bf2LNU1bLc",
# "address": "XMgYSB_KDddaDJYMb-JpbmGnagTklwQ-msdaDLP"
# }
decrypted = data_masker.decrypt(data=encrypted, fields=["email", "address"])
# decrypted = {
# "id": 1,
# "name": "John Doe",
# "age": 30,
# "email": "[email protected]",
# "address": {
# "street": "123 Main St",
# "city": "Anytown",
# "state": "CA",
# "zip": "12345"
# },
# }
encrypted = data_masker.encrypt(data=data)
# encrypted = "InRoaXMgaXMgYSBzdHJpbmciHsLZGx2na-XzP_TB5Bf2LNU1bLc"
decrypted = data_masker.decrypt(data=encrypted)
# decrypted = {
# "id": 1,
# "name": "John Doe",
# "age": 30,
# "email": "[email protected]",
# "address": {
# "street": "123 Main St",
# "city": "Anytown",
# "state": "CA",
# "zip": "12345"
# },
# }
masked = data_masker.mask(data=data, fields=["email", "address.street"])
# masked = {
# "id": 1,
# "name": "John Doe",
# "age": 30,
# "email": "*****",
# "address": {
# "street": "*****",
# "city": "Anytown",
# "state": "CA",
# "zip": "12345"
# },
# }