From 9413a260fb14d347358c44a7dd7d2ec8edfe13af Mon Sep 17 00:00:00 2001 From: Leandro Damascena Date: Thu, 14 Dec 2023 19:56:51 +0000 Subject: [PATCH] Improving examples --- docs/utilities/data_masking.md | 18 +++++++-------- .../src/getting_started_decrypt_data.py | 23 +++++++++++++++++++ .../src/getting_started_encrypt_data.py | 16 +++++++++---- .../src/getting_started_mask_data.py | 4 ++-- 4 files changed, 45 insertions(+), 16 deletions(-) create mode 100644 examples/data_masking/src/getting_started_decrypt_data.py diff --git a/docs/utilities/data_masking.md b/docs/utilities/data_masking.md index ad0c78895f..12c6f250c6 100644 --- a/docs/utilities/data_masking.md +++ b/docs/utilities/data_masking.md @@ -106,7 +106,7 @@ If `fields` is not provided, the entire data object will be masked (or encrypted You can mask data without having to install any encryption library. Masking data will result in the loss of its original type, and the masked data will always be represented as a string. === "getting_started_mask_data.py" - ```python hl_lines="1 6 10" + ```python hl_lines="4 8 16" --8<-- "examples/data_masking/src/getting_started_mask_data.py" ``` @@ -122,20 +122,20 @@ You can mask data without having to install any encryption library. Masking data ### Encryting data -In order to encrypt data, you must use either our out-of-the-box integration with the AWS Encryption SDK, or install another encryption provider of your own. Encrypting data will temporarily result in the loss of the data's original type, as the encrypted data will be represented as a string while it is in ciphertext form. After decryption, the data will regain its original type. +To encrypt data, utilize our built-in integration with the AWS Encryption SDK. Encrypting data will temporarily result in the loss of the original data type, as it transforms into a [ciphertext](https://en.wikipedia.org/wiki/Ciphertext){target="_blank" rel="nofollow"} string. -You can still use the masking feature while using any encryption provider. - -=== "input.json" - ```json - --8<-- "examples/data_masking/src/generic_data_input.json" - ``` +To encrypt your data, you'll need a valid and symmetric [AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/data-protection.html){target="_blank"} key. === "getting_started_encrypt_data.py" - ```python hl_lines="3-4 12-13 15" + ```python hl_lines="5-6 12-13 22" --8<-- "examples/data_masking/src/getting_started_encrypt_data.py" ``` +=== "input.json" + ```json hl_lines="7-9 14" + --8<-- "examples/data_masking/src/generic_data_input.json" + ``` + === "output.json" ```json hl_lines="5-7 12" --8<-- "examples/data_masking/src/encrypt_data_output.json" diff --git a/examples/data_masking/src/getting_started_decrypt_data.py b/examples/data_masking/src/getting_started_decrypt_data.py new file mode 100644 index 0000000000..0b83c41ace --- /dev/null +++ b/examples/data_masking/src/getting_started_decrypt_data.py @@ -0,0 +1,23 @@ +import os +from typing import Dict + +from aws_lambda_powertools import Logger +from aws_lambda_powertools.utilities._data_masking import DataMasking +from aws_lambda_powertools.utilities._data_masking.provider.kms.aws_encryption_sdk import AwsEncryptionSdkProvider +from aws_lambda_powertools.utilities.typing import LambdaContext + +logger = Logger() + +KMS_KEY_ARN = os.getenv("KMS_KEY_ARN") +encryption_provider = AwsEncryptionSdkProvider(keys=[KMS_KEY_ARN]) +data_masker = DataMasking(provider=encryption_provider) + + +def lambda_handler(event: Dict, context: LambdaContext) -> Dict: + data = event.get("body") + + logger.info("Encrypting fields email, address.street, and company_address") + + encrypted = data_masker.encrypt(data=data, fields=["email", "address.street", "company_address"]) + + return {"payload_encrypted": encrypted} diff --git a/examples/data_masking/src/getting_started_encrypt_data.py b/examples/data_masking/src/getting_started_encrypt_data.py index e774bd8e4a..0b83c41ace 100644 --- a/examples/data_masking/src/getting_started_encrypt_data.py +++ b/examples/data_masking/src/getting_started_encrypt_data.py @@ -1,17 +1,23 @@ import os +from typing import Dict +from aws_lambda_powertools import Logger from aws_lambda_powertools.utilities._data_masking import DataMasking from aws_lambda_powertools.utilities._data_masking.provider.kms.aws_encryption_sdk import AwsEncryptionSdkProvider +from aws_lambda_powertools.utilities.typing import LambdaContext + +logger = Logger() KMS_KEY_ARN = os.getenv("KMS_KEY_ARN") +encryption_provider = AwsEncryptionSdkProvider(keys=[KMS_KEY_ARN]) +data_masker = DataMasking(provider=encryption_provider) -def lambda_handler(event, context): - data = event["body"] +def lambda_handler(event: Dict, context: LambdaContext) -> Dict: + data = event.get("body") - encryption_provider = AwsEncryptionSdkProvider(keys=[KMS_KEY_ARN]) - data_masker = DataMasking(provider=encryption_provider) + logger.info("Encrypting fields email, address.street, and company_address") encrypted = data_masker.encrypt(data=data, fields=["email", "address.street", "company_address"]) - data_masker.decrypt(data=encrypted, fields=["email", "address.street", "company_address"]) + return {"payload_encrypted": encrypted} diff --git a/examples/data_masking/src/getting_started_mask_data.py b/examples/data_masking/src/getting_started_mask_data.py index 18a7e96f11..10b16961ae 100644 --- a/examples/data_masking/src/getting_started_mask_data.py +++ b/examples/data_masking/src/getting_started_mask_data.py @@ -13,6 +13,6 @@ def lambda_handler(event: dict, context: LambdaContext) -> Dict: logger.info("Masking fields email, address.street, and company_address") - fields_masked = data_masker.mask(data=data, fields=["email", "address.street", "company_address"]) + masked = data_masker.mask(data=data, fields=["email", "address.street", "company_address"]) - return {"fields_masked": fields_masked} + return {"payload_masked": masked}