Quick Start: Python

You’re Alice and you have sensitive data to protect. (Don’t we all?)

Let’s see the fastest way to protect it server-side with the Virtru SDK.

Prerequisites

  1. Python 3.6 or higher

1. Install the SDK

The Virtru Python SDK is available on PyPi!

pip3 install virtru-sdk

2. Get an identity

So Alice, who should own your sensitive data? You, obviously!

Authenticate to associate your email address (e.g. [email protected]) with any data you protect. You cannot protect data without authenticating. If the Virtru Platform doesn’t know who’s protecting data, no one would be able to access it later (when they’re also asked to authenticate).

The fastest way to authenticate on the server side is with an appId token. You can generate one from the Virtru Control Center. If you need help, see detailed steps.

For safekeeping, don’t hard code your appID anywhere. A more secure option is to store it in your local environment:

export VIRTRU_SDK_EMAIL=[paste from Virtru Control Center]
export VIRTRU_SDK_APP_ID=[paste from Virtru Control Center]

To protect your sensitive data, we’ll need a Virtru client. We’ll associate anything you encrypt with your email and appId. Let’s make sure your email and appId can create a valid Virtru client to make further SDK calls:

import os
from virtru_sdk import Client, EncryptFileParams

# Load email and appId from environment variables
VIRTRU_SDK_EMAIL = os.getenv("VIRTRU_SDK_EMAIL")
VIRTRU_SDK_APP_ID = os.getenv("VIRTRU_SDK_APP_ID")
if not (VIRTRU_SDK_EMAIL and VIRTRU_SDK_APP_ID):
    raise EnvironmentError("An environment variable is not set:\n- VIRTRU_SDK_EMAIL\n- VIRTRU_SDK_APP_ID")

# Authenticate
client = Client(owner=VIRTRU_SDK_EMAIL, app_id=VIRTRU_SDK_APP_ID)

print("Ready to protect!")

3. Ask for sensitive data

Now that we know who will own things, why don’t you enter your first piece of sensitive data? For simplicity’s sake, create a file named “sensitive.txt” with your sensitive data.

touch ./sensitive.txt
echo "sensitive data" >> ./sensitive.txt

4. Protect the sensitive data

Next, decide your encryption options. For now, it’s the file containing your sensitive data. In the future, this could include who else should have access and under what conditions.

unprotected_file = "sensitive.txt"
protected_file = unprotected_file + ".tdf.html"
param = EncryptFileParams(in_file_path=unprotected_file,
                          out_file_path=protected_file)

Finally, encrypt the data:

client.encrypt_file(encrypt_file_params=param)

print(f"Encrypted file {protected_file}")

Here is the complete source code:

import os
from virtru_sdk import Client, EncryptFileParams

# Load email and appId from environment variables
VIRTRU_SDK_EMAIL = os.getenv("VIRTRU_SDK_EMAIL")
VIRTRU_SDK_APP_ID = os.getenv("VIRTRU_SDK_APP_ID")
if not (VIRTRU_SDK_EMAIL and VIRTRU_SDK_APP_ID):
    raise EnvironmentError("An environment variable is not set:\n- VIRTRU_SDK_EMAIL\n- VIRTRU_SDK_APP_ID")

# Authenticate
client = Client(owner=VIRTRU_SDK_EMAIL, app_id=VIRTRU_SDK_APP_ID)

# Specify a file to encrypt and the file name to use for the encrypted output
unprotected_file = "sensitive.txt"
protected_file = unprotected_file + ".tdf.html"
param = EncryptFileParams(in_file_path=unprotected_file,
                          out_file_path=protected_file)

client.encrypt_file(encrypt_file_params=param)

print(f"Encrypted file {protected_file}")

5. Access the sensitive data

Now, let’s say you need to see your sensitive data again. Authenticate as [email protected] again and you can decrypt the protected file:

import os
from virtru_sdk import Client

# Load email and appId from environment variables
VIRTRU_SDK_EMAIL = os.getenv("VIRTRU_SDK_EMAIL")
VIRTRU_SDK_APP_ID = os.getenv("VIRTRU_SDK_APP_ID")
if not (VIRTRU_SDK_EMAIL and VIRTRU_SDK_APP_ID):
    raise EnvironmentError("An environment variable is not set:\n- VIRTRU_SDK_EMAIL\n- VIRTRU_SDK_APP_ID")

# Authenticate
client = Client(owner=VIRTRU_SDK_EMAIL, app_id=VIRTRU_SDK_APP_ID)

protected_file = "sensitive.txt.tdf.html"
unprotected_file = "sensitive_decrypted.txt"
client.decrypt_file(in_file_path=protected_file,
                    out_file_path=unprotected_file)

print(f"Decrypted file {unprotected_file}")

The decrypted file should match your original one with the sensitive data:

diff sensitive.txt sensitive_decrypted.txt

6. Access the sensitive data anywhere

If you inspect the generated HTML file, you still won’t find your sensitive data. It stays protected. You can send that HTML file to another machine or anywhere you want. Only you will be able to access it. But how do you do that outside of this code?

We could build a whole set of functionality to authenticate, decrypt, and render files. Or we could use Virtru’s Secure Reader, which is built to do exactly that for thousands of security-conscious users every day. In fact, if you open that HTML file from the last step, it will redirect you to Secure Reader.

Secure Reader will ask you to authenticate. (You’re still Alice, aren’t you?)

Authenticating with Virtru Secure ReaderAuthenticating with Virtru Secure Reader

Authenticating with Virtru Secure Reader

And if you authenticate with the same email address you used to create the HTML file, you should be able to view it in Secure Reader:

Decrypting with Virtru Secure ReaderDecrypting with Virtru Secure Reader

Decrypting with Virtru Secure Reader

Congrats Alice! Your sensitive data is safe wherever it goes.


Did this page help you?