Databricks

SreedharVengala · ‎07-26-2021

Is there a way to Decrypt / Encrypt Blob files in Databricks using Key stored in Key Vault.

What libraries need to be used?

Any code snippets? Links?

Kaniz · ‎09-02-2021

Hi @ SreedharVengala! My name is Kaniz, and I'm the technical moderator here. Great to meet you, and thanks for your question! Let's see if your peers on the Forum have an answer to your questions first. Or else I will follow up shortly with a response.

SreedharVengala · ‎09-14-2021

Thanks Kaniz... we got this working now using gnupg within databricks notebook.

Regards

Sreedhar

Kaniz · ‎09-17-2021

That's awesome!

Enjoy!

Andy_Canada · ‎10-06-2021

Hi @Sreedhar Vengala , we are trying the same can you share some sample code on how we can achieve the same, and did you pick the files from ADLS and placed back the encrypted files to ADLS folders

Kaniz · ‎11-18-2021

Hi @Sreedhar Vengala , Would you like to share the sample code here? It shall help other users.

Databricks_PGP_ · ‎11-16-2021

Hi Team, Could anyone please help me on how to decrypt PGP keys using Azure Keyvault in Azure Databricks notebook.

Kaniz · ‎11-21-2021

Hi @Shobhit Awasthi , You can use the below snippet of code which doesn't need you to access anything from any directory other than the files you plan to encrypt and the keys. In the code, you have a public key stored in the key vault as a secret named 'publicb64'. If you want to read the ASC version from somewhere you can just read it into KEY_PUB. Don't forget to install pgpy using pip install pgpy.

#Encrypting a file using public key
import pgpy
from pgpy.constants import PubKeyAlgorithm, KeyFlags, HashAlgorithm, SymmetricKeyAlgorithm, CompressionAlgorithm
from timeit import default_timer as timer
import base64 
import io
 
KEY_PUB = base64.b64decode(publicb64).decode("ascii").lstrip()  
#print(KEY_PUB)
 
pub_key = pgpy.PGPKey()
pub_key.parse(KEY_PUB)
pass
# -READ THE FILE FROM MOUNT POINT-----------------
with io.open('/dbfs/mnt/sample_data/california_housing_test.csv', "r",newline='') as csv_file:
    input_data = csv_file.read()                   # The io and newline retains the CRLF
    
t0 = timer()
#PGP Encryption start
msg = pgpy.PGPMessage.new(input_data)
###### this returns a new PGPMessage that contains an encrypted form of the original message
encrypted_message = pub_key.encrypt(msg)
pgpstr = str(encrypted_message)
with open('/dbfs/mnt/sample_data/california_housing_test.csv.pgp', "w") as text_file:
    text_file.write(pgpstr)
print("Encryption Complete :" + str(timer()-t0))