Metadata-Version: 2.1
Name: akeyless
Version: 0.0.4
Summary: Akeyless SDK implementation for Python
Home-page: https://github.com/akeylesslabs/akeyless-python-sdk-examples
Author: Akeyless Security
Author-email: refael@akeyless-security.com
Maintainer: Akeyless Security
License: Apache License 2.0
Keywords: Akeyless,akeyless sdk,encryption
Platform: UNKNOWN
Classifier: Intended Audience :: Developers
Classifier: Natural Language :: English
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.4
Classifier: Programming Language :: Python :: 3.5
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Topic :: Security
Classifier: Topic :: Security :: Cryptography
Requires-Dist: six (>=1.10)
Requires-Dist: cryptography (>=2.1.4)
Requires-Dist: ecdsa (>=0.13)
Requires-Dist: cachetools (>=2.1.0)
Requires-Dist: akeyless-auth-api (>=0.0.1)
Requires-Dist: akeyless-kfm-api (>=0.0.1)
Requires-Dist: akeyless-uam-api (>=0.0.1)

#######################
AKEYLESS SDK for Python
#######################

The AKEYLESS SDK for Python enables Python developers to easily interface with the Akeyless encryption key protection system.

AKEYLESS innovative Key Management as-a Service solution enables Key Management, Data-at-rest Encryption, Client-side Encryption and Digital Signature where the key’s material never exists in one place throughout its lifecycle including creation, in-use and at-rest. It functions completely as a service, and there is no need for the customer to deploy secure virtual machines for storing the keys. For more information about the technology, please visit `our website`_.

***************
Getting Started
***************
Sign up for AKEYLESS
====================

Before you begin, you need an AKEYLESS account. Please sign up `here`_ and receive your admin user access credentials.


Minimum requirements
====================

* Python 3.4+
* cryptography >= 1.8.1

Installation
============

.. note::
    If you have not already installed `cryptography`_, you might need to install additional prerequisites as
    detailed in the `cryptography installation guide`_ for your operating system.

.. code::

    $ pip install akeyless

*************
Documentation
*************

You can find the AKEYLESS Python SDK full documentation at `Read the Docs`_.

*****
Usage
*****

The following code sample demonstrates how to encrypt/decrypt data via the Akeyless system where the key fragments are stored in multiple locations and are never combined:

.. code:: python

    from akeyless import AkeylessClientConfig, AkeylessClient


    def encrypt_decrypt_string(policy_id, api_key, key_name, plaintext):
        """Encrypts and then decrypts a string using an AES key from your Akeyless account.

        :param str policy_id: The user access policy id.
        :param str api_key: The user access key.
        :param str key_name: The name of the key to use in the encryption process
        :param str plaintext: Data to encrypt
        """

        # Akeyless playground environment.
        akeyless_server_dns = "playground-env.akeyless-security.com"

        conf = AkeylessClientConfig(akeyless_server_dns, policy_id, api_key, "http")
        client = AkeylessClient(conf)

        # Encrypt the plaintext source data
        ciphertext = client.encrypt_string(key_name, plaintext)

        # Decrypt the ciphertext
        decrypt_res = client.decrypt_string(key_name, ciphertext)

        # Verify that the decryption result is identical to the source plaintext
        assert decrypt_res == plaintext



The following code sample demonstrates how to create keys, users, roles, and associations between them

.. code:: python

    from akeyless import AkeylessClientConfig, AkeylessAdminClient, AkeylessClient
    from akeyless.crypto import CryptoAlgorithm


    def key_and_user_management(policy_id, api_key):
        """Create keys, users, roles, and associations between them.

        :param str policy_id: An admin user access policy id.
        :param str api_key: An admin user access key.
        """

        # Akeyless playground environment.
        akeyless_server_dns = "playground-env.akeyless-security.com"

        conf = AkeylessClientConfig(akeyless_server_dns, policy_id, api_key, "http")
        admin_client = AkeylessAdminClient(conf)

        # Create new AES-256-GCM key named "key1"
        admin_client.create_aes_key("key1", CryptoAlgorithm.AES_256_GCM, "testing", 2)

        # Get key details
        key_des = admin_client.describe_key("key1")
        print(key_des)

        # Create new user named "user1". The returned object contains the user policy id and api key.
        user1_access_api = admin_client.create_user("user1")
        print(user1_access_api)

        #  Replacing the access API key of "user1". The returned object contains the new api key.
        user1_new_api_key = admin_client.reset_user_access_key("user1")
        print(user1_new_api_key)

        # Get user details
        user_des = admin_client.get_user("user1")
        print(user_des)

        # Create new role named "role1"
        admin_client.create_role("role1")

        #  Create an association between the role "role1" and the key "key1".
        admin_client.create_role_item_assoc("role1", "key1")

        #  Create an association between the role "role1" and the user "user1".
        admin_client.create_role_user_assoc("role1", "user1")

        #  Now the user has access to the key and can encrypt/decrypt with it as follows:

        user1_config = AkeylessClientConfig(akeyless_server_dns, user1_access_api.policy_id,
                                            user1_new_api_key.get_key_seed_str(), "http")

        user1_client = AkeylessClient(user1_config)
        plaintext = "Encrypt Me!"
        ciphertext = user1_client.encrypt_string("key1", plaintext)
        decrypt_res = user1_client.decrypt_string("key1", ciphertext)

        assert decrypt_res == plaintext

        user1_client.close()

        # Delete an association between the role "role1" and the user "user1" So
        # that the user's "user1" access to the key is blocked.
        admin_client.delete_role_user_assoc("role1", "user1")

        # Delete an association between the role "role1" and the key "key1".
        admin_client.delete_role_item_assoc("role1", "key1")

        admin_client.delete_user("user1")
        admin_client.delete_role("role1")

        #  Warning! - After deleting a key, all data encrypted with that key will no longer be accessible.
        admin_client.delete_key("key1")

        admin_client.close()

You can find more examples in the `examples directory`_


*******
License
*******
This SDK is distributed under the `Apache License, Version 2.0`_ see LICENSE.txt for more information.


.. _our website: https://www.akeyless-security.com/
.. _here: http://portal.akeyless-security.com/signup
.. _cryptography: https://cryptography.io/en/latest/
.. _cryptography installation guide: https://cryptography.io/en/latest/installation/
.. _Read the Docs:
.. _Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
.. _examples directory: https://github.com/akeylesslabs/akeyless-python-sdk-examples/tree/master/examples/src


