Spaces:
Sleeping
Sleeping
| from cryptography.fernet import Fernet | |
| import os | |
| import sys | |
| import logging | |
| from typing import Optional | |
| # ------------------------------------------------------------------------- | |
| # ENCRYPTION CONFIGURATION - PRODUCTION READY | |
| # ------------------------------------------------------------------------- | |
| # Environment detection | |
| ENVIRONMENT = os.getenv("ENVIRONMENT", "development") | |
| IS_PRODUCTION = ENVIRONMENT == "production" | |
| # Encryption Key - Load from environment variable | |
| ENCRYPTION_KEY = os.getenv("ENCRYPTION_KEY") | |
| if not ENCRYPTION_KEY: | |
| if IS_PRODUCTION: | |
| logging.critical("🔴 FATAL ERROR: ENCRYPTION_KEY must be set in production environment") | |
| logging.critical("Generate one with: python -c 'from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())'") | |
| sys.exit(1) # Fail-fast in production | |
| else: | |
| # Development fallback with ephemeral key | |
| ENCRYPTION_KEY = Fernet.generate_key().decode() | |
| logging.warning("⚠️ WARNING: Using ephemeral encryption key (development only)") | |
| # Initialize cipher | |
| cipher_suite = Fernet(ENCRYPTION_KEY.encode() if isinstance(ENCRYPTION_KEY, str) else ENCRYPTION_KEY) | |
| def encrypt_data(data: str) -> str: | |
| """ | |
| Encrypts a string and returns the encrypted token as a string. | |
| """ | |
| if not data: return "" | |
| encrypted_bytes = cipher_suite.encrypt(data.encode('utf-8')) | |
| return encrypted_bytes.decode('utf-8') | |
| def decrypt_data(token: str) -> Optional[str]: | |
| """ | |
| Decrypts a token and returns the original string. | |
| """ | |
| if not token: return None | |
| try: | |
| decrypted_bytes = cipher_suite.decrypt(token.encode('utf-8')) | |
| return decrypted_bytes.decode('utf-8') | |
| except Exception as e: | |
| print(f"Decryption failed: {e}") | |
| return None | |
| def rotate_key(): | |
| """ | |
| Example function to rotate keys (advanced). | |
| """ | |
| global key, cipher_suite | |
| key = Fernet.generate_key() | |
| cipher_suite = Fernet(key) | |
| with open(ENCRYPTION_KEY_PATH, "wb") as key_file: | |
| key_file.write(key) | |
| print(f"New key generated and saved to {ENCRYPTION_KEY_PATH}") | |
| if __name__ == "__main__": | |
| # Test | |
| original = "Jean Dupont - Patient Zero" | |
| encrypted = encrypt_data(original) | |
| decrypted = decrypt_data(encrypted) | |
| print(f"Original: {original}") | |
| print(f"Encrypted: {encrypted}") | |
| print(f"Decrypted: {decrypted}") | |
| assert original == decrypted | |