Skip to main content

A Pythonic client for IBM Key Protect

Project description


Build Status Apache License

A Pythonic client for IBM Key Protect

This is a thin wrapper around the KeyProtect client in the redstone Python package. For detailed documentation and API references, please see the redstone docs


The following python is a quick example of how to use the keyprotect module.

The example expects IBMCLOUD_API_KEY to be set to a valid IAM API key, and KP_INSTANCE_ID to be set to the UUID identifying your KeyProtect instance.

import os

import keyprotect
from keyprotect import bxauth

tm = bxauth.TokenManager(api_key=os.getenv("IBMCLOUD_API_KEY"))

kp = keyprotect.Client(

for key in kp.keys():
    print("%s\t%s" % (key["id"], key["name"]))

key = kp.create(name="MyTestKey")
print("Created key '%s'" % key['id'])

print("Deleted key '%s'" % key['id'])

# wrap and unwrap require a non-exportable key,
# these are also referred to as root keys
key = kp.create(name="MyRootKey", root=True)

# wrap/unwrap, payload should be a bytestring if python3
message = b'This is a really important message.'
wrapped = kp.wrap(key.get('id'), message)
ciphertext = wrapped.get("ciphertext")

unwrapped = kp.unwrap(key.get('id'), ciphertext)
assert message == unwrapped

# wrap/unwrap with AAD
message = b'This is a really important message too.'
wrapped = kp.wrap(key.get('id'), message, aad=['python-keyprotect'])
ciphertext = wrapped.get("ciphertext")

unwrapped = kp.unwrap(key.get('id'), ciphertext, aad=['python-keyprotect'])
assert message == unwrapped

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for keyprotect, version 2.0.0
Filename, size File type Python version Upload date Hashes
Filename, size keyprotect-2.0.0-py3-none-any.whl (6.6 kB) File type Wheel Python version py3 Upload date Hashes View
Filename, size keyprotect-2.0.0.tar.gz (2.4 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page