Kms
Key Management Service (KMS) interface.
BaseKeyManagementService
Bases: ABC
Abstract base class for Key Management Service implementations.
This interface defines the contract for KMS implementations that handle data encryption key (DEK) management and encryption/decryption operations.
decrypt(ciphertext)
abstractmethod
Decrypt ciphertext data.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
ciphertext
|
bytes
|
The encrypted data to decrypt. |
required |
Returns:
| Name | Type | Description |
|---|---|---|
bytes |
bytes
|
The decrypted data. |
Raises:
| Type | Description |
|---|---|
NotImplementedError
|
If the method is not implemented by the subclass. |
decrypt_dek(encrypted_dek)
abstractmethod
Decrypt an encrypted Data Encryption Key (DEK).
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
encrypted_dek
|
bytes
|
The encrypted data encryption key. |
required |
Returns:
| Name | Type | Description |
|---|---|---|
bytes |
bytes
|
The decrypted data encryption key. |
Raises:
| Type | Description |
|---|---|
NotImplementedError
|
If the method is not implemented by the subclass. |
encrypt(plaintext)
abstractmethod
Encrypt plaintext data.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
plaintext
|
bytes
|
The data to encrypt. |
required |
Returns:
| Name | Type | Description |
|---|---|---|
bytes |
bytes
|
The encrypted data. |
Raises:
| Type | Description |
|---|---|
NotImplementedError
|
If the method is not implemented by the subclass. |
get_dek()
abstractmethod
Retrieve or generate a Data Encryption Key (DEK) and its encrypted form.
Returns:
| Type | Description |
|---|---|
tuple[bytes, str]
|
tuple[bytes, str]: A tuple containing (dek, encrypted_dek). |
Raises:
| Type | Description |
|---|---|
NotImplementedError
|
If the method is not implemented by the subclass. |