cehck

krrish-sehgal · Nov 17, 2024 · 89cafbe · 89cafbe
1 parent fb7482f
commit 89cafbe
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 11 deletions.
diff --git a/.github/workflows/encrypt-and-upload-model.yml b/.github/workflows/encrypt-and-upload-model.yml
@@ -20,21 +20,42 @@ jobs:
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} # Securely use the secret key
           aws-region: ${{ secrets.AWS_REGION }} # Use the region stored in the secret
 
-      - name: Find model file
-        id: find_model
+      - name: Find model files
+        id: find_models
         run: |
-          # Find the model file in the models directory
-          MODEL_FILE=$(find models -type f)
-          echo "Model file found: $MODEL_FILE"
-          echo "::set-output name=model_file::$MODEL_FILE"
+          # Find all model files in the models directory
+          MODEL_FILES=$(find models -type f)
+          echo "Model files found: $MODEL_FILES"
+          echo "::set-output name=model_files::$MODEL_FILES"
 
-      - name: Upload and encrypt the model to S3
+      - name: Encrypt and Upload Models to S3
         run: |
           # Variables
-          MODEL_FILE="${{ steps.find_model.outputs.model_file }}"  # Model file found in previous step
           S3_BUCKET_NAME="${{ secrets.S3_BUCKET_NAME }}"  # Use the secret for the bucket name
           KMS_KEY_ID="${{ secrets.KMS_KEY_ID }}"  # Use the secret for the KMS key ID
+          MODEL_FILES="${{ steps.find_models.outputs.model_files }}"  # List of model files
 
-          # Upload the model to S3 with encryption using the KMS key
-          aws s3 cp $MODEL_FILE s3://$S3_BUCKET_NAME/ --sse aws:kms --sse-kms-key-id $KMS_KEY_ID
-          echo "Model uploaded and encrypted with KMS."
+          # Loop over each model file
+          for MODEL_FILE in $MODEL_FILES
+          do
+            echo "Processing model file: $MODEL_FILE"
+
+            # Step 1: Generate Data Key with KMS
+            DATA_KEY_JSON=$(aws kms generate-data-key --key-id $KMS_KEY_ID --key-spec AES_256 --output json)
+            ENCRYPTED_DATA_KEY=$(echo $DATA_KEY_JSON | jq -r .CiphertextBlob)  # Encrypted data key
+            PLAIN_DATA_KEY=$(echo $DATA_KEY_JSON | jq -r .Plaintext)  # Plain data key (for encrypting model)
+
+            # Step 2: Encrypt the model with the generated data key using OpenSSL
+            ENCRYPTED_MODEL_FILE="${MODEL_FILE}.enc"
+            openssl enc -aes-256-cbc -in $MODEL_FILE -out $ENCRYPTED_MODEL_FILE -pass pass:"$PLAIN_DATA_KEY"
+
+            # Step 3: Upload the encrypted model file to S3
+            aws s3 cp $ENCRYPTED_MODEL_FILE s3://$S3_BUCKET_NAME/ --sse aws:kms --sse-kms-key-id $KMS_KEY_ID
+            echo "Model uploaded and encrypted with KMS: $ENCRYPTED_MODEL_FILE"
+
+            # Step 4: Upload the encrypted data key to S3 (for later decryption)
+            ENCRYPTED_DATA_KEY_FILE="${MODEL_FILE}.dataKey.enc"
+            echo $ENCRYPTED_DATA_KEY | base64 --decode > $ENCRYPTED_DATA_KEY_FILE
+            aws s3 cp $ENCRYPTED_DATA_KEY_FILE s3://$S3_BUCKET_NAME/ --sse aws:kms --sse-kms-key-id $KMS_KEY_ID
+            echo "Encrypted data key uploaded to S3: $ENCRYPTED_DATA_KEY_FILE"
+          done
diff --git a/models/antispooofing.onnx b/models/antispooofing.onnx