From c7b903a6ea7e773df16dd1bb43f3bd65d4594c50 Mon Sep 17 00:00:00 2001 From: Phil Sphicas Date: Tue, 24 Nov 2020 18:13:41 +0000 Subject: [PATCH] Cache fernet keys when encrypting or decrypting The PEGLEG_PASSPHRASE and PEGLEG_SALT environment variables are used to generate the fernet key for encryption and decryption of site documents, and the global passphrase and salt are used to generate the fernet key for global documents. This change caches the resulting fernet keys to avoid recalculating them for each document that needs to be encrypted or decrypted, resulting in a small time savings. Change-Id: I7b7e77a4740e7abb54efce2fcb3cca6d84a9d7d4 --- pegleg/engine/util/encryption.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pegleg/engine/util/encryption.py b/pegleg/engine/util/encryption.py index 8815d3d8..a7fe1ac8 100644 --- a/pegleg/engine/util/encryption.py +++ b/pegleg/engine/util/encryption.py @@ -13,6 +13,7 @@ # limitations under the License. import base64 +from functools import lru_cache import logging from cryptography import fernet @@ -105,6 +106,7 @@ def decrypt( raise +@lru_cache(maxsize=None) def _generate_key(passphrase, salt, key_length, iterations): """ Use the passphrase and salt and PBKDF2HMAC key derivation algorithm,