· 5 years ago · Sep 14, 2020, 03:32 PM
1from boto3 import Session
2from pymongo import MongoClient
3from pymongo.encryption_options import AutoEncryptionOpts
4from bson.binary import STANDARD
5from bson.codec_options import CodecOptions
6from pymongo.encryption import ClientEncryption
7import os
8
9region_name = 'us-east-1'
10session = Session(region_name=region_name)
11credentials = session.get_credentials()
12current_credentials = credentials.get_frozen_credentials()
13
14access_key = current_credentials.access_key
15secret_key = current_credentials.secret_key
16session_token = current_credentials.token
17
18os.environ['AWS_ACCESS_KEY_ID'] = access_key
19os.environ['AWS_SECRET_ACCESS_KEY'] = secret_key
20os.environ['AWS_SESSION_TOKEN'] = session_token
21
22kms_providers = {
23 "aws": {
24 "accessKeyId": access_key,
25 "secretAccessKey": secret_key
26 }
27}
28
29client = MongoClient('mongodb://localhost:27017/')
30
31key_vault_namespace = "encryption.__keyVault"
32
33fle_opts = AutoEncryptionOpts(
34 kms_providers,
35 key_vault_namespace
36)
37
38client_encryption = ClientEncryption(
39 kms_providers,
40 key_vault_namespace,
41 client,
42 CodecOptions(uuid_representation=STANDARD)
43)
44data_key_id = client_encryption.create_data_key("aws", master_key={
45 'region': region_name,
46 'key': 'ARN',
47})
48print(data_key_id)
49
50