Skip to content

Encrypt and decrypt strings

Corridor supports builtin encryption methods to encrypt settings in the configuration file. This could be used to encrypt sensitive values like database passwords.

It is recommended to use password/key managers like Vault, KMS, etc. but in smaller cases, using the Corridor encryption method improves the security of the application.

This is commonly used for settings like: SQLALCHEMY_DATABASE_URI, CELERY_BROKER_URL

The encrypted settings can be configured in api_config.secret.py file which needs to be placed near the api_config.py.

To encrypt a setting value, run the command:

corridor-api settings encrypt <<string_to_encrypt>>

To decrypt an encrypted setting value, run the command:

corridor-api settings decrypt <<encrypted_string>>

This command is only available for corridor-api and corridor-worker and encryption is only supported for corridor-api and corridor-worker settings.

To check the options available for corridor-worker:

corridor-worker settings --help

Encryption algorithm

Corridor uses PBKDF2 with HMAC as pseudorandom function and SHA256 encryption algorithm to encrypt the settings values.

Example

An encrypted value can be decrypted using the decrypt command

settings_value=abc123
echo "Original value : ${settings_value}"

encrypted_value=$(corridor-api settings encrypt $settings_value)
echo "Encrypted value: ${encrypted_value}"

decrypted_value=$(corridor-api settings decrypt $encrypted_value)
echo "Decrypted value: ${decrypted_value}"