kms¶
This library implements various methods for working with the Google KMS APIs.
Installation¶
$ pip install --upgrade gcloud-aio-kms
Usage¶
We’re still working on more complete documentation, but roughly you can do:
from gcloud.aio.kms import KMS
from gcloud.aio.kms import decode
from gcloud.aio.kms import encode
kms = KMS('my-kms-project', 'my-keyring', 'my-key-name')
# encrypt
plaintext = b'the-best-animal-is-the-aardvark'
ciphertext = await kms.encrypt(encode(plaintext))
# decrypt
assert decode(await kms.decrypt(ciphertext)) == plaintext
# close the HTTP session
# Note that other options include:
# * providing your own session: `KMS(.., session=session)`
# * using a context manager: `async with KMS(..) as kms:`
await kms.close()
Emulators¶
For testing purposes, you may want to use gcloud-aio-kms along with a local
emulator. Setting the $KMS_EMULATOR_HOST environment variable to the
address of your emulator should be enough to do the trick.
Submodules¶
Attributes¶
Classes¶
Functions¶
|
https://en.wikipedia.org/wiki/Base64#URL_applications modified Base64 |
|
https://en.wikipedia.org/wiki/Base64#URL_applications modified Base64 |
Package Contents¶
- class kms.KMS(keyproject, keyring, keyname, service_file=None, location='global', session=None, token=None, api_root=None)¶
- Parameters:
keyproject (str)
keyring (str)
keyname (str)
service_file (Optional[Union[str, IO[AnyStr]]])
location (str)
session (Optional[requests.Session])
token (Optional[gcloud.aio.auth.Token])
api_root (Optional[str])
- _api_root: str¶
- _api_is_dev: bool¶
- session¶
- token¶
- async headers()¶
- Return type:
Dict[str, str]
- async decrypt(ciphertext, session=None)¶
- Parameters:
ciphertext (str)
session (Optional[requests.Session])
- Return type:
str
- async encrypt(plaintext, session=None)¶
- Parameters:
plaintext (str)
session (Optional[requests.Session])
- Return type:
str
- async close()¶
- Return type:
None
- async __aexit__(*args)¶
- Parameters:
args (Any)
- Return type:
None
- kms.SCOPES = ['https://www.googleapis.com/auth/cloudkms']¶
- kms.decode(payload)¶
https://en.wikipedia.org/wiki/Base64#URL_applications modified Base64 for URL variants exist, where the + and / characters of standard Base64 are respectively replaced by - and _
Does not make any assumptions about encoding – if you’re encoding a bytes payload then foo == decode(encode(foo)), but if foo is a string you’ll need to .decode() manually according to your expected encoding scheme.
- Parameters:
payload (str)
- Return type:
bytes
- kms.encode(payload)¶
https://en.wikipedia.org/wiki/Base64#URL_applications modified Base64 for URL variants exist, where the + and / characters of standard Base64 are respectively replaced by - and _
- Parameters:
payload (Union[bytes, str])
- Return type:
str
- kms.__version__¶