search

tink-crypto / tink-py

Python implementation of Tink
https://developers.google.com/tink
Apache License 2.0
33 stars 2 forks source link

Feature request: use pip extras for kms integration dependencies #14

Closed darkvertex closed 7 months ago

darkvertex commented 10 months ago

What sort of feature would you like to see?

tink 1.7.0 was relatively lightweight to install: https://github.com/google/tink/blob/1.7/python/requirements.txt but 1.8.0 with its integrations with GCP and AWS KMS brings a lot of dependencies along with it: https://github.com/tink-crypto/tink-py/blob/5934f47df29666ccadaa5ff4cc2ba626f82bcdf5/requirements.in

Would be really nice if pip "extras" were used in the tink python package so that we could select those as optional dependencies only if we needed them, ie to install them all it'd be something like:

pip install tink tink[gcpkms] tink[awskms]

Have you considered any alternative solutions?

I considered staying in 1.7.0 but a vulnerable protobuf lib is used so I prefer not to.

morambro commented 10 months ago

Hi @darkvertex, the reason for these dependencies is that we have stopped depending on tink-cc-awskms and tink-cc-gcpkms for implementing KMS integrations, and instead use native Python implementations.

Would be really nice if pip "extras" were used in the tink python package so that we could select those as optional dependencies only if we needed them, ie to install them all it'd be something like:

pip install tink tink[gcpkms] tink[awskms]

Thanks for the suggestions, I'll look into this.

morambro commented 7 months ago

This is now in 1.9.0