前言

KeyCenter是依赖kess，客户端机器上必须要运行kess agent
复制代码

mac安装和启动kess agent

执行以下命令
/bin/bash -c "$(curl -fsSL https://files.corp.kuaishou.com/data/repo/sources/kuaishou/infra/tutorial/41904/install_kess_agent_on_macos.sh)"
复制代码

安装组件全家桶

pip3 install -U setuptools_scm pip wheel
pip3 install -U infra-framework 
# 注意
这里的pip是虚拟环境下的python版本
复制代码

数据解密demo

#!/usr/bin/env python
# -*- coding: utf-8 -*-

import base64
import logging
from keycenter.client import ProtectionProvider

logger = logging.getLogger(__name__)
try:
    key_name = "mysql.kelly.test"  # 具体改成自己的key_name
    # pylint: disable=line-too-long
    cipher_data_with_base64 = "ChBteXNxbC5rZWxseS50ZXN0EiC/tLACc3T5UTLH2HTGVVz2ZDCw6lahb6pro3TnkoOtDhoSdJwOFneEPRjpWKK0IdAS11EiKAUwAQ=="
    provider = ProtectionProvider.get_provider(key_name=key_name,
                                           only_decryption=True)

    # 如果不是Base64编码的，就不需要这一行
    cipher_data = base64.urlsafe_b64decode(cipher_data_with_base64)
    data = provider.decrypt(cipher_data)
    print(data)
except Exception as e:
    logger.error(e)
复制代码

数据加密demo

#!/usr/bin/env python
# -*- coding: utf-8 -*-

import logging
from keycenter.client import ProtectionProvider

logger = logging.getLogger(__name__)
try:
    key_name = "mysql.kelly.test"
    data = b"hello,kelly"
    provider = ProtectionProvider.get_provider(key_name=key_name,
                                           only_decryption=False)

    cipher_data = provider.aes_cbc_encrypt(data, out_with_base64=True)
    print(cipher_data)
except Exception as e:
    logger.error(e)
    
复制代码