Blog Logo

10-Jul-2023 ~ 8 min read

Building a multitenant backend with Python: A Guide to End-to-End Encryption.

python

encryption

In today’s digital landscape, the need for secure and reliable software solutions is paramount. When it comes to building a multitenant backend, where multiple clients share the same infrastructure while maintaining data isolation, implementing robust security measures becomes crucial. One effective approach is to employ end-to-end encryption. In this article, we will explore how to build a multitenant backend with Python while integrating end-to-end encryption for enhanced data security. Let’s dive in!

Table of Contents

Understanding Multitenancy and Data Isolation

Multitenancy refers to an architecture where a single instance of an application serves multiple clients, known as tenants. Each tenant operates independently, with their own isolated data and configurations. This approach allows for efficient resource utilization and cost savings. However, ensuring data isolation and security becomes a critical challenge.

The Importance of End-to-End Encryption

End-to-end encryption is a security mechanism that ensures data confidentiality by encrypting information at the source and decrypting it only at the intended destination. It prevents unauthorized access to sensitive data, even if the data is intercepted during transit or stored in the backend infrastructure.

Implementing end-to-end encryption in a multitenant backend adds an additional layer of security, as it ensures that data remains encrypted throughout its lifecycle, from the client-side to the server-side. This way, even if a malicious actor gains access to the backend infrastructure, they would not be able to decrypt and access the sensitive data.

Building a Multitenant Backend with Python

To build a multitenant backend with Python, follow these key steps:

1. Design a Multitenant Architecture

Design an architecture that supports multitenancy, allowing for data isolation and tenant-specific configurations. Consider factors such as database design, authentication mechanisms, and resource allocation per tenant.

2. Implement Authentication and Authorization

Develop a robust authentication and authorization system to ensure that each tenant’s data is securely accessible only to authorized users. Use techniques like token-based authentication or OAuth 2.0 to authenticate requests and manage access control.

3. Utilize Secure Communication Protocols

Enforce secure communication protocols such as HTTPS/TLS to protect data in transit between clients and the backend server. This ensures that data remains encrypted while being transmitted over the network.

4. Generate Unique Encryption Keys per Tenant

For end-to-end encryption, generate unique encryption keys for each tenant. These keys will be used to encrypt and decrypt the tenant’s data. Consider using well-established encryption algorithms like AES (Advanced Encryption Standard) for robust data protection.

5. Encrypt Data at the Client-Side

Encrypt sensitive data at the client-side before transmitting it to the server. This ensures that the data remains encrypted even during transit, safeguarding it from unauthorized access. Leverage encryption libraries or frameworks compatible with your chosen encryption algorithm.

6. Decrypt Data at the Server-Side

Implement server-side decryption logic using the respective encryption keys associated with each tenant. Decrypt the data only when necessary and in a secure environment. This allows the server to perform operations on the decrypted data while keeping it protected during storage and other backend processes.

7. Secure Key Management

Ensure secure key management practices to protect the encryption keys associated with each tenant. Consider using hardware security modules (HSMs) or key management services provided by cloud platforms to safeguard the keys from unauthorized access.

8. Regularly Audit and Update Security Measures

Regularly audit and update your security measures to address any potential vulnerabilities or emerging threats. Stay updated with the latest encryption algorithms, security best practices, and industry standards to ensure robust protection for your multitenant backend.

Example 1 - in memory implementation

In this example, we will simulate multiple tenants, where distinct encryption keys will be generated for each tenant. Subsequently, data will be encrypted for individual tenants, followed by the decryption process to verify the validity of the decrypted data.

Here’s a brief overview of the implementation steps along with some sample Python code snippets.

Let’s create a requirements.txt file.

# requirements.txt
cryptography==41.0.1
pycryptodome==3.18.0

In the terminal, execute the following commands:

python3 -m venv .venv
source .venv/bin/activate
pip3 install -r requirements.txt
# main.py
from Crypto.Random import get_random_bytes
from client import encrypt_data
from server import decrypt_data


# Generate encryption keys for tenants
tenant1_key = get_random_bytes(16)
tenant2_key = get_random_bytes(16)


if __name__ == '__main__':
    print(f"{tenant1_key=}")
    print(f"{tenant2_key=}")

    SENSITIVE_DATA1 = b"sensitive data 111"

    # Encrypt data for a specific tenant
    encrypted_data1, nonce1, tag1 = encrypt_data(SENSITIVE_DATA1, tenant1_key)
    print(f"{encrypted_data1=}")

    # Decrypt data for a specific tenant
    decrypted_data1 = decrypt_data(encrypted_data1, tenant1_key, nonce1, tag1)

    if SENSITIVE_DATA1 == decrypted_data1:
        print("Success1")

    SENSITIVE_DATA2 = b"sensitive data 222"

    # Encrypt data for a specific tenant
    encrypted_data2, nonce2, tag2 = encrypt_data(SENSITIVE_DATA2, tenant2_key)
    print(f"{encrypted_data2=}")

    # Decrypt data for a specific tenant
    decrypted_data2 = decrypt_data(encrypted_data2, tenant2_key, nonce2, tag2)

    if SENSITIVE_DATA2 == decrypted_data2:
        print("Success2")

Encrypt Data at the Client-Side

Use a suitable encryption library like PyCryptodome to encrypt sensitive data at the client-side before sending it to the server.

Here’s an example:

# client.py
from Crypto.Cipher import AES


def encrypt_data(data, key):
    cipher = AES.new(key, AES.MODE_GCM)
    encrypted_data, tag = cipher.encrypt_and_digest(data)
    return encrypted_data, cipher.nonce, tag

Decrypt Data at the Server-Side

Use the same encryption library to decrypt the data at the server-side using the respective encryption key associated with each tenant. Here’s an example:

#server.py
from Crypto.Cipher import AES


def decrypt_data(encrypted_data, key, nonce, tag):
    cipher = AES.new(key, AES.MODE_GCM, nonce)
    data = cipher.decrypt_and_verify(encrypted_data, tag)
    return data

Run the program

Run the program in terminal.

$ python3 main.py

The following output is printed in terminal indicating success:

tenant1_key=b'\xb7\xe1\xa0\xdbYM\xc1\x93\x85\xf1\xa9r\x88\x84\x8f\xb4'
tenant2_key=b'mE>$\xd3\xd22\xc5\xb1z\x06pS\x9f\x84b'
encrypted_data1=b'}\xb0\x0c\xdbIq<d\x88h\x1cK\x9a\xc0\x15\x8e\x00U'
Success1
encrypted_data2=b'\x90K#\x9b\x88\x17\xacg\x1e \xb7\xbb\x9b\x13U\xc1\xb4\x08'
Success2

Please note that these are simplified code snippets for demonstration purposes. The actual implementation may vary depending on your specific requirements and the frameworks or libraries you choose to use.

Example 2

Here’s another simplified Python-based example that demonstrates a multitenant backend storing end-to-end encrypted data in a database. Please note that this is a simplified illustration for demonstration purposes and may not cover all aspects of a full-fledged production system.

Let’s create a requirements.txt file.

# requirements.txt
bcrypt==4.0.1
SQLAlchemy==2.0.18
cryptography==41.0.1

In the terminal, execute the following commands:

python3 -m venv .venv
source .venv/bin/activate
pip3 install -r requirements.txt
# main.py
import bcrypt
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
from sqlalchemy import Column, Integer, String
from sqlalchemy.orm import scoped_session, sessionmaker, declarative_base
from sqlalchemy import create_engine

Base = declarative_base()


class Tenant(Base):
    __tablename__ = 'tenants'

    id = Column(Integer, primary_key=True)
    name = Column(String(50), unique=True)
    hashed_password = Column(String(256))
    encryption_key = Column(String(256))


class EncryptedData(Base):
    __tablename__ = 'encrypted_data'

    id = Column(Integer, primary_key=True)
    tenant_id = Column(Integer)
    nonce = Column(String(256))
    tag = Column(String(256))
    data = Column(String(256))


def create_tenant(name, password):
    hashed_password = bcrypt.hashpw(password, bcrypt.gensalt()).decode()
    encryption_key = get_random_bytes(16)
    tenant = Tenant(name=name, hashed_password=hashed_password, encryption_key=encryption_key)
    session.add(tenant)
    session.commit()


def encrypt_data(tenant_id, data):
    tenant = session.query(Tenant).filter(Tenant.id == tenant_id).first()
    if tenant:
        cipher = AES.new(tenant.encryption_key, AES.MODE_GCM)
        encrypted_data, tag = cipher.encrypt_and_digest(data)
        encrypted_data_obj = EncryptedData(tenant_id=tenant_id, data=encrypted_data, nonce=cipher.nonce, tag=tag)
        session.add(encrypted_data_obj)
        session.commit()


def decrypt_data(tenant_id):
    tenant = session.query(Tenant).filter(Tenant.id == tenant_id).first()
    if tenant:
        encrypted_data_obj = session.query(EncryptedData).filter(EncryptedData.tenant_id == tenant_id).first()
        if encrypted_data_obj:
            cipher = AES.new(tenant.encryption_key, AES.MODE_GCM, encrypted_data_obj.nonce)
            decrypted_data = cipher.decrypt_and_verify(encrypted_data_obj.data, encrypted_data_obj.tag)
            return decrypted_data.decode()

    return None


if __name__ == '__main__':
    engine = create_engine('sqlite://')
    Base.metadata.create_all(bind=engine)
    Session = scoped_session(sessionmaker(bind=engine))
    session = Session()

    password = get_random_bytes(16)
    create_tenant("tenant1", password)
    tenant_id = 1
    plain_text_data = "Sensitive data"
    encrypt_data(tenant_id, plain_text_data.encode())
    decrypted_data = decrypt_data(tenant_id)
    if plain_text_data == decrypted_data:
        print("Success")
    else:
        print("Failure")

    print("Data in database:")
    for tenant in session.query(Tenant).all():
        print(tenant.name, tenant.hashed_password, tenant.encryption_key)
    for encrypted_data in session.query(EncryptedData).all():
        print(encrypted_data.tenant_id, encrypted_data.nonce, encrypted_data.tag, encrypted_data.data)

Output:

Success
Data in database:
tenant1 $2b$12$EI68M17IsIoapqUkKN9ZPOURaUEfVMbfhIrq8acQMVzssautmmQgy b'\xbf\xdaV/\x1c\xa9\xacl\x93\xfa~7Y\x93,\x83'
1 b'R[\x88\xb1\xb7y\x0cn\x00(\x92#\xb6\xf9P\xfa' b'm\x8c\x99)\x86\xef\xb0\x1f~M\xbe\x0c\xc5\x88\xd6\x9b' b'\xe5\xde\x8e\xa0\xb8lX\x0b\xf5\xb5P\xe3\x9aD'

In this example:

  1. The Tenant class represents a tenant or user in the system. It stores the tenant’s key as well as the hashed password using bcrypt.
  2. The EncryptedData class represents the encrypted data associated with a specific tenant.
  3. The create_tenant function creates a new tenant by generating an encrypted key using bcrypt and storing it in the database.
  4. The encrypt_data function encrypts data for a given tenant using the tenant’s encrypted key.
  5. The decrypt_data function decrypts the data for a given tenant using the tenant’s encrypted key.

Please note that this example only covers basic encryption and database interactions. In a production system, you would need to consider additional security measures, error handling, and more robust encryption and key management practices.

Make sure to adapt the code to your specific needs, including the database connection string and any additional functionality required for your multitenant system.

Conclusion

Building a multitenant backend with Python requires careful consideration of data isolation and security. By incorporating end-to-end encryption, you can enhance the protection of sensitive data and ensure that each tenant’s information remains secure throughout its lifecycle. Following the steps outlined in this guide will enable you to create a robust and secure multitenant backend, providing peace of mind to both you and your clients. Embrace the power of Python and end-to-end encryption to build scalable, secure, and efficient multitenant solutions!