kms

This library implements various methods for working with the Google KMS APIs.

Installation

$ pip install --upgrade gcloud-aio-kms

Usage

We’re still working on more complete documentation, but roughly you can do:

from gcloud.aio.kms import KMS
from gcloud.aio.kms import decode
from gcloud.aio.kms import encode

kms = KMS('my-kms-project', 'my-keyring', 'my-key-name')

# encrypt
plaintext = b'the-best-animal-is-the-aardvark'
ciphertext = await kms.encrypt(encode(plaintext))

# decrypt
assert decode(await kms.decrypt(ciphertext)) == plaintext

# close the HTTP session
# Note that other options include:
# * providing your own session: `KMS(.., session=session)`
# * using a context manager: `async with KMS(..) as kms:`
await kms.close()

Emulators

For testing purposes, you may want to use gcloud-aio-kms along with a local emulator. Setting the $KMS_EMULATOR_HOST environment variable to the address of your emulator should be enough to do the trick.

Submodules

Package Contents

Classes

KMS

Functions

decode(payload)

https://en.wikipedia.org/wiki/Base64#URL_applications modified Base64

encode(payload)

https://en.wikipedia.org/wiki/Base64#URL_applications modified Base64

Attributes

SCOPES

__version__

class kms.KMS(keyproject, keyring, keyname, service_file=None, location='global', session=None, token=None, api_root=None)
Parameters:

  • keyproject (str) –

  • keyring (str) –

  • keyname (str) –

  • service_file (Optional[Union[str, IO[AnyStr]]]) –

  • location (str) –

  • session (Optional[requests.Session]) –

  • token (Optional[gcloud.aio.auth.Token]) –

  • api_root (Optional[str]) –

_api_root: str
_api_is_dev: bool
async headers()
Return type:

Dict[str, str]

async decrypt(ciphertext, session=None)
Parameters:

  • ciphertext (str) –

  • session (Optional[requests.Session]) –

Return type:

str

async encrypt(plaintext, session=None)
Parameters:

  • plaintext (str) –

  • session (Optional[requests.Session]) –

Return type:

str

async close()
Return type:

None

async __aenter__()
Return type:

KMS

async __aexit__(*args)
Parameters:

args (Any) –

Return type:

None

kms.SCOPES = ['https://www.googleapis.com/auth/cloudkms']
kms.decode(payload)

https://en.wikipedia.org/wiki/Base64#URL_applications modified Base64 for URL variants exist, where the + and / characters of standard Base64 are respectively replaced by - and _

Does not make any assumptions about encoding – if you’re encoding a bytes payload then foo == decode(encode(foo)), but if foo is a string you’ll need to .decode() manually according to your expected encoding scheme.

Parameters:

payload (str) –

Return type:

bytes

kms.encode(payload)

https://en.wikipedia.org/wiki/Base64#URL_applications modified Base64 for URL variants exist, where the + and / characters of standard Base64 are respectively replaced by - and _

Parameters:

payload (Union[bytes, str]) –

Return type:

str

kms.__version__