RELATED IDEAS
Advanced command to encrypt/decrypt data
We really need an advanced command that supports openssl encryption.
Just one that handles strings to be encrypted/decrypted using a self defined key/key from vault.
The only way one can handle this today is using scripts (which then expose your key) or a self made plugin - which is (in the current version) very slow.
Thank you!
There's are a couple of ways you could approach this that might meet your needs.
Generate a Secure Key:
Use OpenSSL to generate a random 256-bit key (for AES-256). This method is simple, avoids complex code, and ensures a strong cryptographic key.
Run the Script:
Leverage inbuilt Python’s libraries (e.g.,
cryptography) for encryption/decryption without needing additional plugins or dependencies.Ensure the script dynamically retrieves the key instead of hardcoding it, enhancing security.
Key Storage Options:
Environment Variables: Store the key securely in the environment and access it programmatically during runtime.
Secret Management Tools: Use tools like Azure Key Vault, AWS Secrets Manager, or HashiCorp Vault to securely store and manage keys.
For an example with Azure Key Vault, access the secret via Managed Identity (if hosted in Azure) or explicit credentials stored in environment variables.
Special Case (Images/Files):
If encrypting non-text data like images or files, include a step to base64 encode before encryption and base64 decode after decryption to ensure data is handled properly in text-based workflows.
Another consideration would be to build as Custom Dynamic Advanced Command - effectively black boxing the script functionality.