Cache fernet keys when encrypting or decrypting

The PEGLEG_PASSPHRASE and PEGLEG_SALT environment variables are used to
generate the fernet key for encryption and decryption of site documents,
and the global passphrase and salt are used to generate the fernet key
for global documents.

This change caches the resulting fernet keys to avoid recalculating them
for each document that needs to be encrypted or decrypted, resulting in
a small time savings.

Change-Id: I7b7e77a4740e7abb54efce2fcb3cca6d84a9d7d4
This commit is contained in:
Phil Sphicas 2020-11-24 18:13:41 +00:00 committed by Alexander Hughes
parent 452734fb72
commit c7b903a6ea

View File

@ -13,6 +13,7 @@
# limitations under the License. # limitations under the License.
import base64 import base64
from functools import lru_cache
import logging import logging
from cryptography import fernet from cryptography import fernet
@ -105,6 +106,7 @@ def decrypt(
raise raise
@lru_cache(maxsize=None)
def _generate_key(passphrase, salt, key_length, iterations): def _generate_key(passphrase, salt, key_length, iterations):
""" """
Use the passphrase and salt and PBKDF2HMAC key derivation algorithm, Use the passphrase and salt and PBKDF2HMAC key derivation algorithm,