flip_api.utils.encryption
Attributes
Functions
|
Retrieve the AES key and return it as bytes. |
|
Encrypt plaintext using AES-CBC with PKCS7 padding. Returns Base64-encoded ciphertext. |
|
Decrypt Base64-encoded ciphertext using AES-CBC with PKCS7 padding. Returns the original plaintext. |
Module Contents
- flip_api.utils.encryption._aes_key_cache: bytes | None = None
- flip_api.utils.encryption.get_aes_key() bytes
Retrieve the AES key and return it as bytes.
In production, fetches from AWS Secrets Manager. In dev, uses the environment variable directly. Cached after first call — the key does not change during the lifetime of a process.
- Returns:
The decoded AES key.
- Return type:
bytes
- flip_api.utils.encryption.encrypt(plaintext: str, key: bytes | None = None) str
Encrypt plaintext using AES-CBC with PKCS7 padding. Returns Base64-encoded ciphertext.
- Parameters:
plaintext (str) – The plaintext string to encrypt.
key (bytes | None) – The AES key to use. If None, the shared AES key is retrieved via
get_aes_key().
- Returns:
Base64-encoded ciphertext, with the random IV prepended to the ciphertext bytes before encoding.
- Return type:
str
- flip_api.utils.encryption.decrypt(encoded_payload: str, key: bytes | None = None) str
Decrypt Base64-encoded ciphertext using AES-CBC with PKCS7 padding. Returns the original plaintext.
- Parameters:
encoded_payload (str) – Base64-encoded payload where the first 16 bytes are the IV and the remaining bytes are the ciphertext.
key (bytes | None) – The AES key to use. If None, the shared AES key is retrieved via
get_aes_key().
- Returns:
The decrypted plaintext.
- Return type:
str