Browse Source

Cache fernet keys when encrypting or decrypting

The PEGLEG_PASSPHRASE and PEGLEG_SALT environment variables are used to
generate the fernet key for encryption and decryption of site documents,
and the global passphrase and salt are used to generate the fernet key
for global documents.

This change caches the resulting fernet keys to avoid recalculating them
for each document that needs to be encrypted or decrypted, resulting in
a small time savings.

Change-Id: I7b7e77a4740e7abb54efce2fcb3cca6d84a9d7d4
changes/49/764049/3
Phil Sphicas 10 months ago
committed by Alexander Hughes
parent
commit
c7b903a6ea
  1. 2
      pegleg/engine/util/encryption.py

2
pegleg/engine/util/encryption.py

@ -13,6 +13,7 @@
# limitations under the License.
import base64
from functools import lru_cache
import logging
from cryptography import fernet
@ -105,6 +106,7 @@ def decrypt(
raise
@lru_cache(maxsize=None)
def _generate_key(passphrase, salt, key_length, iterations):
"""
Use the passphrase and salt and PBKDF2HMAC key derivation algorithm,

Loading…
Cancel
Save