Quick Start: Python

You’re Alice and you have sensitive data to protect. (Don’t we all?)

Let’s see the fastest way to protect it server-side with the Virtru SDK.

Prerequisites

  1. Python 3.6 or higher

1. Install the SDK

Linux

  1. Download the Python archive for Linux.
  2. Unpack the archive.
  3. Build & install the module:
cd ./lib # from downloaded archive
sudo python3 setup.py install # into site-packages

macOS

  1. Download the Python archive for macOS.
  2. Unpack the archive.
  3. Build & install the module:
cd ./lib # from downloaded archive
sudo python3 setup.py install # into site-packages

Windows

  1. Download the Python archive for Windows.
  2. Unpack the archive.
  3. Build & install the module:
Set-Location .\lib\
python setup.py install

2. Get an identity

So Alice, who should own your sensitive data? You, obviously!

Authenticate to associate your email address (e.g. [email protected]) with any data you protect. You cannot protect data without authenticating. If the Virtru Platform doesn’t know who’s protecting data, no one would be able to access it later (when they’re also asked to authenticate).

The fastest way to authenticate on the server side is with an appId token. You can generate one from the Virtru Dashboard. If you need help, see detailed steps.

For safekeeping, don’t hard code your appID anywhere. A more secure option is to store it in your local environment:

export VIRTRU_SDK_EMAIL=[paste from Virtru Dashboard]
export VIRTRU_SDK_APP_ID=[paste from Virtru Dashboard]

To protect your sensitive data, we’ll need a Virtru client. We’ll associate anything you encrypt with your email and appId. Let’s make sure your email and appId can create a valid Virtru client to make further SDK calls:

import os
from virtru_tdf3_python import Client, EncryptFileParams

# Load email and appId from environment variables
VIRTRU_SDK_EMAIL = os.getenv("VIRTRU_SDK_EMAIL")
VIRTRU_SDK_APP_ID = os.getenv("VIRTRU_SDK_APP_ID")
if not (VIRTRU_SDK_EMAIL and VIRTRU_SDK_APP_ID):
    raise EnvironmentError("An environment variable is not set:\n- VIRTRU_SDK_EMAIL\n- VIRTRU_SDK_APP_ID")

# Authenticate
client = Client(owner=VIRTRU_SDK_EMAIL, app_id=VIRTRU_SDK_APP_ID)

print("Ready to protect!")

3. Ask for sensitive data

Now that we know who will own things, why don’t you enter your first piece of sensitive data? For simplicity’s sake, create a file named “sensitive.txt” with your sensitive data.

touch ./sensitive.txt
echo "sensitive data" >> ./sensitive.txt

4. Protect the sensitive data

Next, decide your encryption options. For now, it’s the file containing your sensitive data. In the future, this could include who else should have access and under what conditions.

unprotected_file = "sensitive.txt"
protected_file = unprotected_file + ".tdf.html"
param = EncryptFileParams(in_file_path=unprotected_file,
                          out_file_path=protected_file)

Finally, encrypt the data:

client.encrypt_file(encrypt_file_params=param)

print(f"Encrypted file {protected_file}")

Here is the complete source code:

import os
from virtru_tdf3_python import Client, EncryptFileParams

# Load email and appId from environment variables
VIRTRU_SDK_EMAIL = os.getenv("VIRTRU_SDK_EMAIL")
VIRTRU_SDK_APP_ID = os.getenv("VIRTRU_SDK_APP_ID")
if not (VIRTRU_SDK_EMAIL and VIRTRU_SDK_APP_ID):
    raise EnvironmentError("An environment variable is not set:\n- VIRTRU_SDK_EMAIL\n- VIRTRU_SDK_APP_ID")

# Authenticate
client = Client(owner=VIRTRU_SDK_EMAIL, app_id=VIRTRU_SDK_APP_ID)

# Specify a file to encrypt and the file name to use for the encrypted output
unprotected_file = "sensitive.txt"
protected_file = unprotected_file + ".tdf.html"
param = EncryptFileParams(in_file_path=unprotected_file,
                          out_file_path=protected_file)

client.encrypt_file(encrypt_file_params=param)

print(f"Encrypted file {protected_file}")

5. Access the sensitive data

Now, let’s say you need to see your sensitive data again. Authenticate as [email protected] again and you can decrypt the protected file:

import os
from virtru_tdf3_python import Client

# Load email and appId from environment variables
VIRTRU_SDK_EMAIL = os.getenv("VIRTRU_SDK_EMAIL")
VIRTRU_SDK_APP_ID = os.getenv("VIRTRU_SDK_APP_ID")
if not (VIRTRU_SDK_EMAIL and VIRTRU_SDK_APP_ID):
    raise EnvironmentError("An environment variable is not set:\n- VIRTRU_SDK_EMAIL\n- VIRTRU_SDK_APP_ID")

# Authenticate
client = Client(owner=VIRTRU_SDK_EMAIL, app_id=VIRTRU_SDK_APP_ID)

protected_file = "sensitive.txt.tdf.html"
unprotected_file = "sensitive_decrypted.txt"
client.decrypt_file(in_file_path=protected_file,
                    out_file_path=unprotected_file)

print(f"Decrypted file {unprotected_file}")

The decrypted file should match your original one with the sensitive data:

diff sensitive.txt sensitive_decrypted.txt

6. Access the sensitive data anywhere

If you inspect the generated HTML file, you still won’t find your sensitive data. It stays protected. You can send that HTML file to another machine or anywhere you want. Only you will be able to access it. But how do you do that outside of this code?

We could build a whole set of functionality to authenticate, decrypt, and render files. Or we could use Virtru’s Secure Reader, which is built to do exactly that for thousands of security-conscious users every day. In fact, if you open that HTML file from the last step, it will redirect you to Secure Reader.

Secure Reader will ask you to authenticate. (You’re still Alice, aren’t you?)

Authenticating with Virtru Secure Reader

And if you authenticate with the same email address you used to create the HTML file, you should be able to view it in Secure Reader:

Decrypting with Virtru Secure Reader

Congrats Alice! Your sensitive data is safe wherever it goes.

Updated 5 months ago


Quick Start: Python


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.