akeyless 0.0.2.1

Akeyless SDK implementation for Python

The AKEYLESS SDK for Python enables Python developers to easily interface with the Akeyless encryption key protection system.

AKEYLESS innovative Key Management as-a Service solution enables Key Management, Data-at-rest Encryption, Client-side Encryption and Digital Signature where the key’s material never exists in one place throughout its lifecycle including creation, in-use and at-rest. It functions completely as a service, and there is no need for the customer to deploy secure virtual machines for storing the keys. For more information about the technology, please visit [our website](https://www.akeyless-security.com/).

Getting Started

Sign up for AKEYLESS

Before you begin, you need an AKEYLESS account. Please sign up here and receive your admin user access credentials.

Minimum requirements

• Python 3.4+

• cryptography >= 1.8.1

Installation

Note

If you have not already installed cryptography, you might need to install additional prerequisites as detailed in the cryptography installation guide for your operating system.

$ pip install akeyless

Documentation

You can find the AKEYLESS Python SDK full documentation at Read the Docs.

Usage

The following code sample demonstrates how to encrypt/decrypt data via the Akeyless system where the key fragments are stored in multiple locations and are never combined:

from akeyless import AkeylessClientConfig, AkeylessClient


def encrypt_decrypt_string(policy_id, api_key, key_name, plaintext):
    """Encrypts and then decrypts a string using an AES key from your Akeyless account.

    :param str policy_id: The user access policy id.
    :param str api_key: The user access key.
    :param str key_name: The name of the key to use in the encryption process
    :param str plaintext: Data to encrypt
    """

    # Akeyless playground environment.
    akeyless_server_dns = "playground-env.akeyless-security.com"

    conf = AkeylessClientConfig(akeyless_server_dns, policy_id, api_key, "http")
    client = AkeylessClient(conf)

    # Encrypt the plaintext source data
    ciphertext = client.encrypt_string(key_name, plaintext)

    # Decrypt the ciphertext
    decrypt_res = client.decrypt_string(key_name, ciphertext)

    # Verify that the decryption result is identical to the source plaintext
    assert decrypt_res == plaintext

The following code sample demonstrates how to create keys, users, roles, and associations between them

from akeyless import AkeylessClientConfig, AkeylessAdminClient, AkeylessClient
from akeyless.crypto import CryptoAlgorithm


def key_and_user_management(policy_id, api_key):
    """Create keys, users, roles, and associations between them.

    :param str policy_id: An admin user access policy id.
    :param str api_key: An admin user access key.
    """

    # Akeyless playground environment.
    akeyless_server_dns = "playground-env.akeyless-security.com"

    conf = AkeylessClientConfig(akeyless_server_dns, policy_id, api_key, "http")
    admin_client = AkeylessAdminClient(conf)

    # Create new AES-256-GCM key named "key1"
    admin_client.create_aes_key("key1", CryptoAlgorithm.AES_256_GCM, "testing", 2)

    # Get key details
    key_des = admin_client.describe_key("key1")
    print(key_des)

    # Create new user named "user1". The returned object contains the user policy id and api key.
    user1_access_api = admin_client.create_user("user1")
    print(user1_access_api)

    #  Replacing the access API key of "user1". The returned object contains the new api key.
    user1_new_api_key = admin_client.reset_user_access_key("user1")
    print(user1_new_api_key)

    # Get user details
    user_des = admin_client.get_user("user1")
    print(user_des)

    # Create new role named "role1"
    admin_client.create_role("role1")

    #  Create an association between the role "role1" and the key "key1".
    admin_client.create_role_item_assoc("role1", "key1")

    #  Create an association between the role "role1" and the user "user1".
    admin_client.create_role_user_assoc("role1", "user1")

    #  Now the user has access to the key and can encrypt/decrypt with it as follows:

    user1_config = AkeylessClientConfig(akeyless_server_dns, user1_access_api.policy_id,
                                        user1_new_api_key.get_key_seed_str(), "http")

    user1_client = AkeylessClient(user1_config)
    plaintext = "Encrypt Me!"
    ciphertext = user1_client.encrypt_string("key1", plaintext)
    decrypt_res = user1_client.decrypt_string("key1", ciphertext)

    assert decrypt_res == plaintext

    user1_client.close()

    # Delete an association between the role "role1" and the user "user1" So
    # that the user's "user1" access to the key is blocked.
    admin_client.delete_role_user_assoc("role1", "user1")

    # Delete an association between the role "role1" and the key "key1".
    admin_client.delete_role_item_assoc("role1", "key1")

    admin_client.delete_user("user1")
    admin_client.delete_role("role1")

    #  Warning! - After deleting a key, all data encrypted with that key will no longer be accessible.
    admin_client.delete_key("key1")

    admin_client.close()

You can find more examples in the examples directory

License

This SDK is distributed under the Apache License, Version 2.0 see LICENSE.txt for more information.