Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Cryptography] Add Python to how-to #4255

Merged
merged 1 commit into from
Jul 9, 2024
Merged

[Cryptography] Add Python to how-to #4255

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
133 changes: 99 additions & 34 deletions ...t/en/developing-applications/building-blocks/cryptography/howto-cryptography.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,39 @@ Dapr cryptography is currently in alpha.

## Encrypt

{{< tabs "JavaScript" "Go" ".NET" >}}
{{< tabs "Python" "JavaScript" ".NET" "Go" >}}

{{% codetab %}}

<!--Python-->

Using the Dapr SDK in your project, with the gRPC APIs, you can encrypt a stream of data, such as a file or a string:

```python
# When passing data (a buffer or string), `encrypt` returns a Buffer with the encrypted message
def encrypt_decrypt_string(dapr: DaprClient):
message = 'The secret is "passw0rd"'

# Encrypt the message
resp = dapr.encrypt(
data=message.encode(),
options=EncryptOptions(
# Name of the cryptography component (required)
component_name=CRYPTO_COMPONENT_NAME,
# Key stored in the cryptography component (required)
key_name=RSA_KEY_NAME,
# Algorithm used for wrapping the key, which must be supported by the key named above.
# Options include: "RSA", "AES"
key_wrap_algorithm='RSA',
),
)

# The method returns a readable stream, which we read in full in memory
encrypt_bytes = resp.read()
print(f'Encrypted the message, got {len(encrypt_bytes)} bytes')
```

{{% /codetab %}}

{{% codetab %}}

Expand Down Expand Up @@ -59,6 +91,26 @@ await pipeline(

{{% codetab %}}

<!-- .NET -->
Using the Dapr SDK in your project, with the gRPC APIs, you can encrypt data in a string or a byte array:

```csharp
using var client = new DaprClientBuilder().Build();

const string componentName = "azurekeyvault"; //Change this to match your cryptography component
const string keyName = "myKey"; //Change this to match the name of the key in your cryptographic store

const string plainText = "This is the value we're going to encrypt today";

//Encode the string to a UTF-8 byte array and encrypt it
var plainTextBytes = Encoding.UTF8.GetBytes(plainText);
var encryptedBytesResult = await client.EncryptAsync(componentName, plaintextBytes, keyName, new EncryptionOptions(KeyWrapAlgorithm.Rsa));
```

{{% /codetab %}}

{{% codetab %}}

<!--go-->

Using the Dapr SDK in your project, you can encrypt a stream of data, such as a file.
Expand Down Expand Up @@ -136,32 +188,45 @@ if err != nil {

{{% /codetab %}}

{{% codetab %}}
{{< /tabs >}}

<!-- .NET -->
Using the Dapr SDK in your project, with the gRPC APIs, you can encrypt data in a string or a byte array:

```csharp
using var client = new DaprClientBuilder().Build();
## Decrypt

const string componentName = "azurekeyvault"; //Change this to match your cryptography component
const string keyName = "myKey"; //Change this to match the name of the key in your cryptographic store
{{< tabs "Python" "JavaScript" ".NET" "Go" >}}

const string plainText = "This is the value we're going to encrypt today";
{{% codetab %}}

//Encode the string to a UTF-8 byte array and encrypt it
var plainTextBytes = Encoding.UTF8.GetBytes(plainText);
var encryptedBytesResult = await client.EncryptAsync(componentName, plaintextBytes, keyName, new EncryptionOptions(KeyWrapAlgorithm.Rsa));
```
<!--python-->

{{% /codetab %}}
To decrypt a stream of data, use `decrypt`.

{{< /tabs >}}
```python
def encrypt_decrypt_string(dapr: DaprClient):
message = 'The secret is "passw0rd"'

# ...

## Decrypt
# Decrypt the encrypted data
resp = dapr.decrypt(
data=encrypt_bytes,
options=DecryptOptions(
# Name of the cryptography component (required)
component_name=CRYPTO_COMPONENT_NAME,
# Key stored in the cryptography component (required)
key_name=RSA_KEY_NAME,
),
)

{{< tabs "JavaScript" "Go" ".NET" >}}
# The method returns a readable stream, which we read in full in memory
decrypt_bytes = resp.read()
print(f'Decrypted the message, got {len(decrypt_bytes)} bytes')

print(decrypt_bytes.decode())
assert message == decrypt_bytes.decode()
```

{{% /codetab %}}

{{% codetab %}}

Expand Down Expand Up @@ -191,23 +256,6 @@ await pipeline(

{{% codetab %}}

<!--go-->

To decrypt a file, use the `Decrypt` gRPC API to your project.

In the following example, `out` is a stream that can be written to file or read in memory, as in the examples above.

```go
out, err := sdkClient.Decrypt(context.Background(), rf, dapr.EncryptOptions{
// Only required option is the component name
ComponentName: "mycryptocomponent",
})
```

{{% /codetab %}}

{{% codetab %}}

<!-- .NET -->
To decrypt a string, use the 'DecryptAsync' gRPC API in your project.

Expand All @@ -229,6 +277,23 @@ public async Task<string> DecryptBytesAsync(byte[] encryptedBytes)

{{% /codetab %}}

{{% codetab %}}

<!--go-->

To decrypt a file, use the `Decrypt` gRPC API to your project.

In the following example, `out` is a stream that can be written to file or read in memory, as in the examples above.

```go
out, err := sdkClient.Decrypt(context.Background(), rf, dapr.EncryptOptions{
// Only required option is the component name
ComponentName: "mycryptocomponent",
})
```

{{% /codetab %}}

{{< /tabs >}}

## Next steps
Expand Down
Loading