Anyone can copy-and-paste AES invocations from StackOverflow. But the hard part of data security is the key lifecycle management, crypto-agility, centralized controls, and secure key distribution mechanisms. You can skim 6 Questions to Ask Before Encryption Application Layer Data to get a better sense of the responsibilities that come with encrypting data. But in short, no one should be reinventing the wheel.
Luckily, we can just use Peacemakr to solve these hard problems.
Peacemakr’s E2E-Encryption Python SDK
Peacemakr provides free E2E-Encryption-as-a-Service in an open-source Python SDK. Of course, it supports other languages too. Peacemakr uses a dedicated SaaS to provide centralized configuration management for all integrated clients. Under the hood, it handles the key lifecycle management, crypto-agility, centralized controls, and secure key distribution.
Unlike Key Management Services, Peacemakr is not a dev tool. It’s the full E2E-Encryption solution. It provides data confidentiality with encryption, but also non-repudiation (with signing), forward secrecy (with automated key rotation), tamper-detection (with HMACs), backward compatibility (through our SDK releases), and centralized control (in an admin portal) — all behind a simple and open-source interface.
Peacemakr: The Easiest way to Encrypt in Python
#1 Install Dependencies
Since the Peacemakr SDKs are open-source, you may download from the source directly on GitHub. Otherwise, just
$ pip install peacemakr
#2 Get a Peacemakr APIKey
E2E-Encryption requires access to the server. They have a demo APIKey to try it out without an account,
However, to use your own keys, register for your free account at https://peacemakr.io. Once registered, browse to APIKey.
#3 Register your Client
Before we encrypt data, we need to register as a Peacemakr Client. Registering allows encryption keys to be delivered to your client. Registration requires an APIKey, client name, host, and a persister. For example,
import peacemakr as p
import peacemakr.factory as factoryapi_key = "my-api-key-from-step-2-above"
persister = p.InMemoryPersister()
sdk = factory.get_crypto_sdk(api_key=api_key,
#4 Finally, Encrypt your Data
Transform your data into a serialized binary format, and use peacemakr to encrypt it. When you’re ready to operate on your data again, decrypt it.
import osrandom_bytes = os.urandom(100)
encrypted_bytes = sdk.encrypt(random_bytes)...decrypted_bytes = sdk.decrypt(encrypted_bytes)