7 - Data Encryption
This Python script generates an encryption key and an encryption configuration file suitable for encrypting Kubernetes Secrets.
The generated files are then transferred to the Compute instances using Ansible.
#!/usr/bin/env python
import random
import string
import base64
import os
template_file = "../templates/encryption-config.yaml"
conf = "../k8s-conf"
outfile = conf + "/" + "encryption-config.yaml"
print(":: Generating Data Encryption Config and Key.")
# clean existing file
if os.path.exists(outfile):
os.remove(outfile)
randstr = "".join(
random.SystemRandom().choice(string.ascii_letters + string.digits)
for _ in range(32)
)
base64_bytes = base64.b64encode(randstr.encode("ascii"))
base4_msg = base64_bytes.decode("ascii")
encrypt_config = string.Template(open(template_file).read())
encrypt_config_subst = {"secret": base4_msg}
encrypt_config_data = encrypt_config.substitute(encrypt_config_subst)
with open(outfile, "w") as f:
f.writelines(encrypt_config_data)
if os.path.exists(outfile):
print("File %s created." % os.path.abspath(outfile))
else:
print("Something went wrong generating Encryption config.")
sys.exit(1)
This script can be found in the GitLab repository: 03-generate-encryption-keys.py