1

I have public key and private key saved in secrets manager, I am able to access the keys and decrypt from a linux machine, but need a lambda function for it, which is not working, or giving error.

I created my own package zipped my python script with installed python-gnupg in it. I in fact had debug logging but for some reason it doesn't do anything neither it shows any error or any result.

import boto3
import gnupg
import aws_lambda_logging

def lambda_handler(event, context):
    aws_lambda_logging.setup(level='DEBUG')
    s3 = boto3.client("s3")
    object_path='folder/file-name.csv.gpg'
    file=(object_path.split('/')[-1])
    folder=(object_path.split('/')[0])
    bucket='bucket-name'
    secretmanager = boto3.client('secretsmanager')

    def secret_function(secret):
        response = secretmanager.get_secret_value(
            SecretId=secret
        )
        return response['SecretString']

    key_data = secret_function('Public-Key') + '\n' + secret_function('Private-Key')

    gpg = gnupg.GPG(gnupghome='/tmp')

    import_result = gpg.import_keys(key_data)

    local_file_name = '/tmp/'+file
    s3.download_file(file, bucket, local_file_name)

    with open(file, 'rb') as a_file:
        gpg.decrypt_file(a_file, output='testdecrypted-python.csv')

    upload_file_name = '/tmp/testdecrypted-python.csv'
    s3_path=folder+'/testdecrypted-python.csv'
    s3.upload_file(upload_file_name, bucket, s3_path)

Expected result is the decrypted file on S3 bucket, Also is there any other way than downloading the decrypted file on lambda ec2 and decrypting it in /tmp there and putting it back in s3 bucket.

Ivan Kolesnikov
  • 1,787
  • 1
  • 29
  • 45
Sid
  • 161
  • 1
  • 10
  • Hi Everyone, has anyone implemented anything similar? Or could anyone tell me what's wrong with my code, the problem is I am not even getting any error. – Sid Aug 12 '19 at 00:12
  • I'm having issues with gpg and lambda, did you make it work? I'm with python 3.8 which I believe uses Amwzon Linux 2 which is lighter, also python-gnugp. https://stackoverflow.com/questions/66770313/lamnda-python-3-8-gpg-decryption-can-not-find-gpg-binary – Franklin Rivero Mar 23 '21 at 20:32

1 Answers1

0

Which version of Python are you using?

Not sure if you are still having this issue but I was recently able to make similar code work using below packages

  • Python - 2.7
  • python-gnupg - 0.4.5
def decryptFile(filename):
with open(filename, "rb") as f:
    status = gpg.decrypt_file(f, passphrase=None, output='outputfile.tar.7z')
bal_momi
  • 1
  • 1
  • I'm having issues with gpg and lambda, did you make it work? I'm with python 3.8 which I believe uses Amwzon Linux 2 which is lighter, also python-gnugp. https://stackoverflow.com/questions/66770313/lamnda-python-3-8-gpg-decryption-can-not-find-gpg-binary – Franklin Rivero Mar 23 '21 at 20:32