Client Side Encryption
This workshop demonstrates client side encryption with data key caching
Let's do some client side encryption with data key caching
Open the Cloud9 IDE environment called workshop-environment and navigate to the data-protection/usecase-3 directory. Follow the steps below:
1. Run the module named kms_key_creation-Step-1.py in the folder usecase-3
- You should see "KMS Master Key with alias name kms_key_cse_usecase_3 successfully created" printed in the runner window pane below.
- This python module will create a KMS master key with the key alias kms_key_cse_usecase_3
- Browse to the KMS console and you should find the key alias kms_key_cse_usecase_3 under customer managed keys
2. Run the usecase-3-Step-2.py python module
- You will find a file called plaintext_u.txt which is the plaintext unencrypted file.
- The module usecase-3-Step-2.py encrypts the plaintext_u.txt file and produces an encrypted file called encrypted_e_1.txt
- The plaintext_u.txt file is encrypted one more time and an encrypted file called encrypted_e_2.txt is produced
- You should see "Module run was successful" printed in the runner window pane below
3. Check the contents of the encrypted and the decrypted file
- The encrypted file encrypted_e_1.txt is then decrypted and the decrypted file is called plaintext_u_cycled_1.txt
- The encrypted file encrypted_e_2.txt is then decrypted and the decrypted file is called plaintext_u_cycled_2.txt
4. Wait for 2 minutes and then Run the check-gendatakey-Step-3.py python module
- You should see "GenerateDataKey API Called" printed in the runner window pane below
- Even though in Step 3 two encrypts happened only one GenerateDataKey API call was made.
- The reason for this is that the data key that was generated was cached and reused for the second encrypt call
- Open up usecase-3-Step-2.py and take a look at both the encrypt calls in the code
5. Run the usecase-3-cleanup-Step-4.py python module
- You should see Cleanup Successful printed in the runner window pane below
- This modules deletes the kms key and it's alias that we created in kms_key_creation-Step-1.py .It also deletes all the files that were created as part of the module run in the usecase-3 folder
- Please remember that every time you run usecase-3-cleanup-Step-4.py ,if you want to re-run this uecase, you will have to start from Step 1
Some questions to think about :
- Why do we wait for 2 minutes in Step 4 ?
- When you run the python module check-gendatakey-Step-3.py should you see prints for one GenerateDataKey API call or two GenerateDataKey API calls ?