7 - Data Encryption

This Python script generates an encryption key and an encryption configuration file suitable for encrypting Kubernetes Secrets.

The generated files are then transferred to the Compute instances using Ansible.

#!/usr/bin/env python

import random
import string
import base64
import os

template_file = "../templates/encryption-config.yaml"
conf = "../k8s-conf"
outfile = conf + "/" + "encryption-config.yaml"

print(":: Generating Data Encryption Config and Key.")

# clean existing file

if os.path.exists(outfile):
    os.remove(outfile)

randstr = "".join(
    random.SystemRandom().choice(string.ascii_letters + string.digits)
    for _ in range(32)
)
base64_bytes = base64.b64encode(randstr.encode("ascii"))
base4_msg = base64_bytes.decode("ascii")

encrypt_config = string.Template(open(template_file).read())
encrypt_config_subst = {"secret": base4_msg}
encrypt_config_data = encrypt_config.substitute(encrypt_config_subst)

with open(outfile, "w") as f:
    f.writelines(encrypt_config_data)

if os.path.exists(outfile):
    print("File %s created." % os.path.abspath(outfile))
else:
    print("Something went wrong generating Encryption config.")
    sys.exit(1)

This script can be found in the GitLab repository: 03-generate-encryption-keys.py

Last updated on 17 Aug 2021
Published on 17 Aug 2021