heat.common.crypt module

class heat.common.crypt.SymmetricCrypto(enctype='AES')[source]

Bases: object

Symmetric Key Crypto object.

This class creates a Symmetric Key Crypto object that can be used to decrypt arbitrary data.

Note: This is a reimplementation of the decryption algorithm from oslo-incubator, and is provided for backward compatibility. Once we have a DB migration script available to re-encrypt using new encryption method as part of upgrade, this can be removed.


enctype – Encryption Cipher name (default: AES)

decrypt(key, msg, b64decode=True)[source]

Decrypts the provided ciphertext.

The ciphertext can be optionally base64 encoded.

Uses AES-128-CBC with an IV by default.

  • key – The Encryption key.

  • msg – the ciphetext, the first block is the IV


the plaintext message, after padding is removed.

heat.common.crypt.cryptography_decrypt_v1(value, encryption_key=None)[source]
heat.common.crypt.decrypt(method, data, encryption_key=None)[source]
heat.common.crypt.decrypted_dict(data, encryption_key=None)[source]

Return a decrypted dict. Assume input values are encrypted json fields.

heat.common.crypt.encrypt(value, encryption_key=None)[source]
heat.common.crypt.encrypted_dict(data, encryption_key=None)[source]

Return an encrypted dict. Values converted to json before encrypted

heat.common.crypt.get_valid_encryption_key(encryption_key, fix_length=False)[source]
heat.common.crypt.heat_decrypt(value, encryption_key=None)[source]

Decrypt data that has been encrypted using an older version of Heat.

Note: the encrypt function returns the function that is needed to decrypt the data. The database then stores this. When the data is then retrieved (potentially by a later version of Heat) the decrypt function must still exist. So whilst it may seem that this function is not referenced, it will be referenced from the database.

heat.common.crypt.oslo_decrypt_v1(value, encryption_key=None)[source]