面向python的无akyless sdk实现
akeyless的Python项目详细描述
无akeyless sdk for python使python开发人员能够轻松地与无akeyless加密密钥保护系统交互。
创新密钥和秘密管理密钥服务解决方案可以实现加密密钥管理、秘密管理、静止加密、客户端加密和数字签名,其中加密密钥的材料在其整个生命周期中不存在于一个地方,包括创建、使用和静止。它完全作为一种服务运行,客户不需要部署安全的虚拟机来存储密钥或机密。有关该技术的更多信息,请访问our website。开始
注册无akeyless
在你开始之前,你需要一个无账户。请注册here并接收您的管理员用户访问凭据。
最低要求
- Python3.4+
- 密码学=1.8.1
安装
注意
如果尚未安装cryptography,则可能需要安装其他必备组件,如下所示 有关操作系统的详细信息,请参见cryptography installation guide。
$pip install akeyless
文档
您可以在Read the Docs找到无akeyless python sdk的完整文档。
用法
下面的代码示例演示如何通过无akeyless系统对数据进行加密/解密,在该系统中,密钥片段存储在多个位置且从不合并:
from akeyless import AkeylessClientConfig, AkeylessClient
def encrypt_decrypt_string(access_id, api_key, key_name, plaintext):
"""Encrypts and then decrypts a string using an AES key from your Akeyless account.
:param str access_id: The user access id.
:param str api_key: The user access key.
:param str key_name: The name of the key to use in the encryption process
:param str plaintext: Data to encrypt
"""
akeyless_server_dns = "playground-env.akeyless-security.com" # Akeyless playground environment.
conf = AkeylessClientConfig(akeyless_server_dns, access_id, api_key)
client = AkeylessClient(conf)
# Encrypt the plaintext source data
ciphertext = client.encrypt_string(key_name, plaintext)
# Decrypt the ciphertext
decrypt_res = client.decrypt_string(key_name, ciphertext)
# Verify that the decryption result is identical to the source plaintext
assert decrypt_res == plaintext
client.close()
下面的代码示例演示如何创建键、用户、角色以及它们之间的关联
from akeyless import AkeylessClientConfig, AkeylessAdminClient, AkeylessClient
from akeyless.crypto import CryptoAlgorithm
def key_and_user_management(access_id, api_key):
"""Create keys, users, roles, and associations between them.
:param str access_id: An admin user access id.
:param str api_key: An admin user access key.
"""
akeyless_server_dns = "playground-env.akeyless-security.com" # Akeyless playground environment.
conf = AkeylessClientConfig(akeyless_server_dns, access_id, api_key)
admin_client = AkeylessAdminClient(conf)
# Create new AES-256-GCM key named "key1"
admin_client.create_aes_key("key1", CryptoAlgorithm.AES_256_GCM, "testing", 2)
# Get key details
key_des = admin_client.describe_item("key1")
print(key_des)
# Create new user named "user1". The returned object contains the user access id and api key.
user1_access_api = admin_client.create_user("user1")
print(user1_access_api)
# Replacing the access API key of "user1". The returned object contains the new api key.
user1_new_api_key = admin_client.reset_user_access_key("user1")
print(user1_new_api_key)
# Get user details
user_des = admin_client.get_user("user1")
print(user_des)
# Create new role named "role1"
admin_client.create_role("role1")
# Create an association between the role "role1" and the key "key1".
admin_client.create_role_item_assoc("role1", "key1")
# Create an association between the role "role1" and the user "user1".
admin_client.create_role_user_assoc("role1", "user1")
# Now the user has access to the key and can encrypt/decrypt with it as follows:
user1_config = AkeylessClientConfig(akeyless_server_dns, user1_access_api.access_id,
user1_new_api_key.get_key_seed_str())
user1_client = AkeylessClient(user1_config)
plaintext = "Encrypt Me!"
ciphertext = user1_client.encrypt_string("key1", plaintext)
decrypt_res = user1_client.decrypt_string("key1", ciphertext)
assert decrypt_res == plaintext
user1_client.close()
# Delete an association between the role "role1" and the user "user1" So
# that the user's "user1" access to the key is blocked.
admin_client.delete_role_user_assoc("role1", "user1")
# Delete an association between the role "role1" and the key "key1".
admin_client.delete_role_item_assoc("role1", "key1")
admin_client.delete_user("user1")
admin_client.delete_role("role1")
# Warning! - After deleting a key, all data encrypted with that key will no longer be accessible.
admin_client.delete_item("key1")
admin_client.close()
下面的代码示例演示如何保存和加载机密
from akeyless import AkeylessClientConfig, AkeylessAdminClient
def secret_management(access_id, api_key, secret_name, secret_value, secret_metadata=""):
"""Create a new secret.
:param str access_id: The user access id.
:param str api_key: The user access key.
:param str secret_name: The name of the new secret
:param str secret_value: The value of the new secret
:param str secret_metadata: Metadata about the secret
"""
akeyless_server_dns = "playground-env.akeyless-security.com" # Akeyless playground environment.
conf = AkeylessClientConfig(akeyless_server_dns, access_id, api_key)
client = AkeylessAdminClient(conf)
# Create new secret
client.create_secret(secret_name, secret_value, secret_metadata)
# Get secret value
secret_val_res = client.get_secret_value(secret_name)
assert secret_val_res == secret_value
# Get secret details
secret_des = client.describe_item(secret_name)
print(secret_des)
# Update secret value
new_secret_value = "this is a new secret"
client.update_secret_value(secret_name, new_secret_value)
secret_val_res = client.get_secret_value(secret_name)
assert secret_val_res == new_secret_value
client.close()
您可以在examples directory中找到更多示例
许可证
此sdk在Apache License, Version 2.0下分发。有关详细信息,请参阅license.txt。
欢迎加入QQ群-->: 979659372
