We help you setup an OpSep Server in your datacenter or manage it for you in ours.
from opsep import opsep_hybrid_encrypt, opsep_hybrid_decrypt
# Testing RSA PubKey and OpSep API Server URL (normally saved in your app's config)
RSA_PUBKEY = '-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA7q4R3soRD2CrjL13OK6Y\nSBG8wpjP5sbfkL0QhpJMH87grlR2SS3CUnbYCOONzQiJ3OuKAViy/lMw1KsmG9Nn\nhAot2acg1iNyZRY33LR2jwmfFF+2iRp0itPQeOHY6GS8m3WLCMtC/kWUq0Bl5g1P\nYa9JXwSkTTRJunNH0TPk8uqwFeVhpT336M1H6ed105L8a8W3mpSwlwePron7pLf7\nwD32m9RT0nNdnHBDQCsUKS/Gdp+saLYWTgj0rpnQCe8f1p3g36Gm0gTzr3X0Adow\n8gIPfxO4HU/0cdL+Pw4mpcsWJ4531taRLLGb+a2la2zAUteYcS+8d4Nb8Omkbz39\nPylvKP6R1kHElqlF3BnwUp0AdcAvOLdeX8kYUlbKE8xwjHm/KwwleKlcAZDam7hC\nRw72JUQiod0E7My+SiZ3Ij5zKnxZXmAF5BX8T+YSqSzR4Qdp2QU9L9GgAZo/HPBN\nwME9v8usjEzrEItSSg3Nn10+J+ygsCqjrCT8CnSvD8wEyDSdO/Jly9DnWJ6B2HJE\nOc4wxWGFTCE0wiQOwC3IPNxFhuWun6/4tsEQcDs5XHaBXIHry5WCiVkjwa2pc95x\niXcfoQWr1A/jLe/MrZyN4yrgDK9mmQxxNzVfLj8S9NPjJMv+K7BKvtOmvoqsf13K\n6hYJGkAdR0d99DNFlllRm7cCAwEAAQ==\n-----END PUBLIC KEY-----\n'
OPSEP_URL = 'https://test.secondguard.com/'
your_secret = b'attack at dawn!'
# Encrypt locally (symmetrically and asymmetrically) and save the results to your DB:
local_ciphertext, opsep_recovery_instructions = opsep_hybrid_encrypt(
to_encrypt=your_secret,
rsa_pubkey=RSA_PUBKEY,
)
# Asymmetrically decrypt opsep_recovery_instructions (via OpSep's rate-limited API) and use it to symmetrically decrypt local_ciphertext:
secret_recovered, _ = opsep_hybrid_decrypt(
local_ciphertext_to_decrypt=local_ciphertext,
opsep_recovery_instructions=opsep_recovery_instructions,
opsep_url=OPSEP_URL,
)
print('Your secret:', secret_recovered)
Our enterprise deployments use commercial Hardware Security Modules (HSMs) for added security, and include provable attestations so you can verify how your keys are used. You have full control over how your keys are generated and who has access.
We have advanced intrusion monitoring/detection, allow different-rate limits by user, support multi-user multi-factor authentication, provide audit logging support if you suspect a data breach and offer a white-glove installation service.