面向python的无akyless sdk实现
akeyless的Python项目详细描述
无akeyless sdk for python使python开发人员能够轻松地与无akeyless加密密钥保护系统交互。
创新密钥和秘密管理密钥服务解决方案可以实现加密密钥管理、秘密管理、静止加密、客户端加密和数字签名,其中加密密钥的材料在其整个生命周期中不存在于一个地方,包括创建、使用和静止。它完全作为一种服务运行,客户不需要部署安全的虚拟机来存储密钥或机密。有关该技术的更多信息,请访问our website。开始
注册无akeyless
在你开始之前,你需要一个无账户。请注册here并接收您的管理员用户访问凭据。
最低要求
- Python3.4+
- 密码学=1.8.1
安装
注意
如果尚未安装cryptography,则可能需要安装其他必备组件,如下所示 有关操作系统的详细信息,请参见cryptography installation guide。
$pip install akeyless
文档
您可以在Read the Docs找到无akeyless python sdk的完整文档。
用法
下面的代码示例演示如何通过无akeyless系统对数据进行加密/解密,在该系统中,密钥片段存储在多个位置且从不合并:
from akeyless import AkeylessClientConfig, AkeylessClient def encrypt_decrypt_string(access_id, api_key, key_name, plaintext): """Encrypts and then decrypts a string using an AES key from your Akeyless account. :param str access_id: The user access id. :param str api_key: The user access key. :param str key_name: The name of the key to use in the encryption process :param str plaintext: Data to encrypt """ akeyless_server_dns = "playground-env.akeyless-security.com" # Akeyless playground environment. conf = AkeylessClientConfig(akeyless_server_dns, access_id, api_key) client = AkeylessClient(conf) # Encrypt the plaintext source data ciphertext = client.encrypt_string(key_name, plaintext) # Decrypt the ciphertext decrypt_res = client.decrypt_string(key_name, ciphertext) # Verify that the decryption result is identical to the source plaintext assert decrypt_res == plaintext client.close()
下面的代码示例演示如何创建键、用户、角色以及它们之间的关联
from akeyless import AkeylessClientConfig, AkeylessAdminClient, AkeylessClient from akeyless.crypto import CryptoAlgorithm def key_and_user_management(access_id, api_key): """Create keys, users, roles, and associations between them. :param str access_id: An admin user access id. :param str api_key: An admin user access key. """ akeyless_server_dns = "playground-env.akeyless-security.com" # Akeyless playground environment. conf = AkeylessClientConfig(akeyless_server_dns, access_id, api_key) admin_client = AkeylessAdminClient(conf) # Create new AES-256-GCM key named "key1" admin_client.create_aes_key("key1", CryptoAlgorithm.AES_256_GCM, "testing", 2) # Get key details key_des = admin_client.describe_item("key1") print(key_des) # Create new user named "user1". The returned object contains the user access id and api key. user1_access_api = admin_client.create_user("user1") print(user1_access_api) # Replacing the access API key of "user1". The returned object contains the new api key. user1_new_api_key = admin_client.reset_user_access_key("user1") print(user1_new_api_key) # Get user details user_des = admin_client.get_user("user1") print(user_des) # Create new role named "role1" admin_client.create_role("role1") # Create an association between the role "role1" and the key "key1". admin_client.create_role_item_assoc("role1", "key1") # Create an association between the role "role1" and the user "user1". admin_client.create_role_user_assoc("role1", "user1") # Now the user has access to the key and can encrypt/decrypt with it as follows: user1_config = AkeylessClientConfig(akeyless_server_dns, user1_access_api.access_id, user1_new_api_key.get_key_seed_str()) user1_client = AkeylessClient(user1_config) plaintext = "Encrypt Me!" ciphertext = user1_client.encrypt_string("key1", plaintext) decrypt_res = user1_client.decrypt_string("key1", ciphertext) assert decrypt_res == plaintext user1_client.close() # Delete an association between the role "role1" and the user "user1" So # that the user's "user1" access to the key is blocked. admin_client.delete_role_user_assoc("role1", "user1") # Delete an association between the role "role1" and the key "key1". admin_client.delete_role_item_assoc("role1", "key1") admin_client.delete_user("user1") admin_client.delete_role("role1") # Warning! - After deleting a key, all data encrypted with that key will no longer be accessible. admin_client.delete_item("key1") admin_client.close()
下面的代码示例演示如何保存和加载机密
from akeyless import AkeylessClientConfig, AkeylessAdminClient def secret_management(access_id, api_key, secret_name, secret_value, secret_metadata=""): """Create a new secret. :param str access_id: The user access id. :param str api_key: The user access key. :param str secret_name: The name of the new secret :param str secret_value: The value of the new secret :param str secret_metadata: Metadata about the secret """ akeyless_server_dns = "playground-env.akeyless-security.com" # Akeyless playground environment. conf = AkeylessClientConfig(akeyless_server_dns, access_id, api_key) client = AkeylessAdminClient(conf) # Create new secret client.create_secret(secret_name, secret_value, secret_metadata) # Get secret value secret_val_res = client.get_secret_value(secret_name) assert secret_val_res == secret_value # Get secret details secret_des = client.describe_item(secret_name) print(secret_des) # Update secret value new_secret_value = "this is a new secret" client.update_secret_value(secret_name, new_secret_value) secret_val_res = client.get_secret_value(secret_name) assert secret_val_res == new_secret_value client.close()
您可以在examples directory中找到更多示例
许可证
此sdk在Apache License, Version 2.0下分发。有关详细信息,请参阅license.txt。