Sharing Secrets with SFC Cap
It requires virtualenv to be present and python3 should also be there.
virtualenv -p python3 venv
. venv/bin/activate
pip install -r requirements.txt
We will provide you an AWS key and secret and username. Please add them in your AWS config file (that should be in ~/.aws/credentials). Please check this link for more information : AWS key Management
For example : if we provide :
username : userXXXXXX
key : AKIXXXXXXXXXXXXXXXXXXXXXX
secret : 4tXXXXXXXXXNdKXXXXXXXXXXXXXXXXX
Then in your ~/.aws/credentials file, add the following line at the end :
[userXXXXXX]
aws_access_key_id = AKIXXXXXXXXXXXXXXXXXXXXXX
aws_secret_access_key = 4tXXXXXXXXXNdKXXXXXXXXXXXXXXXXX
Make sure the name userXXXXXX is unique in your system. If you already have such a name in your system, please let us know, we will provide a different name.
Then activate the profile by running :
export AWS_PROFILE=userXXXXXX
We will also share an KMS key id. If the key id is YYYYYYYY-0ab7-XXXXXXXXXXXXXXXXXXXXXXXXX then run
export cmk=YYYYYYYY-0ab7-XXXXXXXXXXXXXXXXXXXXXXXXX
Say we have a file demo_secret.txt and we want it to encrypt.
python encrypt.py --input_file=demo_secret.txt
AWS credentials (username, key id and secret) and KMS key id.
Once you run the encrypt script, it will generate two cipther files. If your input_file was demo_secret.txt then the cipher files will be demo_secret_data_key_cipher and demo_secret_cipher ie file_name_without_extension_cipher and file_name_without_extension_data_key_cipher. Please send these two files to us via email. The AWS permissions are set such that, the files can be decrypted by our master key only.