A Pythonic client for IBM Key Protect
Project description
IBM Cloud Python SDK Version 2.3.1
keyprotect-python-client
A Pythonic client for IBM Key Protect
This is a thin wrapper around the KeyProtect client in the redstone Python package. For detailed documentation and API references, please see the redstone docs
The client works with Python 3.5 or higher
Installation
The client is available on PyPI as the keyprotect package and is installable via pip:
pip install -U keyprotect
Usage
The following python is a quick example of how to use the keyprotect module.
The example expects IBMCLOUD_API_KEY to be set to a valid IAM API key,
and KP_INSTANCE_ID to be set to the UUID identifying your KeyProtect instance.
import os
import keyprotect
from keyprotect import bxauth
tm = bxauth.TokenManager(api_key=os.getenv("IBMCLOUD_API_KEY"))
kp = keyprotect.Client(
credentials=tm,
region="us-south",
service_instance_id=os.getenv("KP_INSTANCE_ID")
)
for key in kp.keys():
print("%s\t%s" % (key["id"], key["name"]))
key = kp.create(name="MyTestKey")
print("Created key '%s'" % key['id'])
kp.delete(key_id=key.get('id'))
print("Deleted key '%s'" % key['id'])
# wrap and unwrap require a non-exportable key,
# these are also referred to as root keys
key = kp.create(name="MyRootKey", root=True)
# wrap/unwrap, payload should be a bytestring if python3
message = b'This is a really important message.'
wrapped = kp.wrap(key_id=key.get('id'), plaintext=message)
ciphertext = wrapped.get("ciphertext")
unwrapped = kp.unwrap(key_id=key.get('id'), ciphertext=ciphertext)
assert message == unwrapped
# wrap/unwrap with AAD
message = b'This is a really important message too.'
wrapped = kp.wrap(key_id=key.get('id'), plaintext=message, aad=['python-keyprotect'])
ciphertext = wrapped.get("ciphertext")
unwrapped = kp.unwrap(key_id=key.get('id'), ciphertext=ciphertext, aad=['python-keyprotect'])
assert message == unwrapped
Using custom endpoint (for HPCS, Private Endpoint, Satellite, and Stage/Test instances)
Custom endpoints are needed when using this Python client against an HPCS/Satellite/Private service instance.
The following example shows how to specify a custom service endpoint
kp = keyprotect.Client(
credentials=tm,
region="<region>",
service_instance_id=os.getenv("KP_INSTANCE_ID"),
# Set custom service endpoint
endpoint_url="https://private.us-south.kms.cloud.ibm.com"
)
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file keyprotect-2.3.1.tar.gz.
File metadata
- Download URL: keyprotect-2.3.1.tar.gz
- Upload date:
- Size: 6.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 9a9d1f59eb4429ebb79a28a39b36d81d1b0d36238f842a3a1bf98ef58c5341a2 |
|
| MD5 | 09c6f1e1b0e63d9b9b02dcad510b6a17 |
|
| BLAKE2b-256 | 5abce53360812ab501c511ef483b676bd2c5b68b150b5c60fa9a8eae194cadee |
File details
Details for the file keyprotect-2.3.1-py3-none-any.whl.
File metadata
- Download URL: keyprotect-2.3.1-py3-none-any.whl
- Upload date:
- Size: 7.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 3286c7ed704f1e3e8cc9c925da12fb98662909804f90f5d422fceff1af5001ee |
|
| MD5 | ffd440db1982721a0608eae8669e057e |
|
| BLAKE2b-256 | 84bb67758602769da58d4f5ef872cea1cbba2a81b668aa5dc85cdbe4b0eada3c |
