Implementing Encryption and Secrets Management

We'll use cryptography.fernet for authenticated symmetric encryption and hashlib+pbkdf2_hmac for key derivation.

Example: derive a key from a passphrase

import os, hashlib, base64
from cryptography.fernet import Fernet

def derive_key(passphrase, salt=None):
    if salt is None:
        salt = os.urandom(16)
    key = hashlib.pbkdf2_hmac('sha256', passphrase.encode('utf-8'), salt, 100000)
    return base64.urlsafe_b64encode(key), salt

# Usage
k, s = derive_key("correct horse battery staple")
f = Fernet(k)
token = f.encrypt(b"secret")
print("Encrypted:", token)

✅ Lesson: Use standard, well-reviewed libraries and derive keys securely from passphrases.

Example: derive a key from a passphrase​

Example: derive a key from a passphrase