A Pythonic client for IBM Key Protect

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mrodden from gravatar.com mrodden

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: Apache Software License (Apache 2.0)

Author: Mathew Odden

Requires: Python >=3.5

Classifiers

Project description

keyprotect-python-client

PyPi Downloads License Build Status

A Pythonic client for IBM Key Protect

This is a thin wrapper around the KeyProtect client in the redstone Python package. For detailed documentation and API references, please see the redstone docs

The client works with Python 3.5 or higher

Installation

The client is available on PyPI as the keyprotect package and is installable via pip:

pip install -U keyprotect

Usage

The following python is a quick example of how to use the keyprotect module.

The example expects IBMCLOUD_API_KEY to be set to a valid IAM API key, and KP_INSTANCE_ID to be set to the UUID identifying your KeyProtect instance.

import os

import keyprotect
from keyprotect import bxauth


tm = bxauth.TokenManager(api_key=os.getenv("IBMCLOUD_API_KEY"))

kp = keyprotect.Client(
    credentials=tm,
    region="us-south",
    service_instance_id=os.getenv("KP_INSTANCE_ID")
)

for key in kp.keys():
    print("%s\t%s" % (key["id"], key["name"]))

key = kp.create(name="MyTestKey")
print("Created key '%s'" % key['id'])

kp.delete(key_id=key.get('id'))
print("Deleted key '%s'" % key['id'])


# wrap and unwrap require a non-exportable key,
# these are also referred to as root keys
key = kp.create(name="MyRootKey", root=True)

# wrap/unwrap, payload should be a bytestring if python3
message = b'This is a really important message.'
wrapped = kp.wrap(key_id=key.get('id'), plaintext=message)
ciphertext = wrapped.get("ciphertext")

unwrapped = kp.unwrap(key_id=key.get('id'), ciphertext=ciphertext)
assert message == unwrapped

# wrap/unwrap with AAD
message = b'This is a really important message too.'
wrapped = kp.wrap(key_id=key.get('id'), plaintext=message, aad=['python-keyprotect'])
ciphertext = wrapped.get("ciphertext")

unwrapped = kp.unwrap(key_id=key.get('id'), ciphertext=ciphertext, aad=['python-keyprotect'])
assert message == unwrapped

Using custom endpoint

The following example shows how to use custom service endpoint

kp = keyprotect.Client(
    credentials=tm,
    region="<region>",
    service_instance_id=os.getenv("KP_INSTANCE_ID"),
    # Set custom service endpoint
    endpoint_url="https://private.us-south.kms.cloud.ibm.com"
)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mrodden from gravatar.com mrodden

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: Apache Software License (Apache 2.0)

Author: Mathew Odden

Requires: Python >=3.5

Classifiers

Release history Release notifications | RSS feed

This version

2.2.0

2.1.0

2.0.0

1.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

keyprotect-2.2.0.tar.gz (6.5 kB view hashes)

Uploaded Source

Built Distribution

keyprotect-2.2.0-py3-none-any.whl (6.9 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page