KMS API¶

The KeyManagementService Class¶

The kms high-level interface is available through the kms member of a Connection object. The kms member will only be added if the otcextensions.sdk.register_otc_extensions(conn) method is called.

CMK (Customer Master Key) Operations¶

class otcextensions.sdk.kms.v1._proxy.Proxy(session, *args, **kwargs)

keys(**query)

List all master keys.

Parameters: query (dict) – Keyword arguments which will be used to list keys. limit, marker, sequence, key_state are allowed. Key state can be: * 1 indicates that the CMK is waiting to be activated. * 2 indicates that the CMK is enabled. * 3 indicates that the CMK is disabled. * 4 indicates that the CMK is scheduled for deletion.
Returns: a generator of (Key) instances

create_key(**attrs)

Create master key

Parameters: attrs (dict) – Keyword arguments which will be used to overwrite a Key
Returns: instance of Key

get_key(key)

Describe a encrypt key by given key id or key object

Parameters: key – key id or an instance of Key
Returns: instance of Key

find_key(alias, ignore_missing=False)

Find a single key

Parameters

alias – The key alias
ignore_missing (bool) – When set to False ResourceNotFound will be raised when the group does not exist. When set to True, no exception will be set when attempting to delete a nonexistent group.

Returns

instance of Key

enable_key(key)

Enable a key

Parameters: key – key id or an instance of Key
Returns: Updated instance of Key

disable_key(key)

Disable a key

Parameters: key – key id or an instance of Key
Returns: Updated instance of Key

schedule_key_deletion(key, pending_days=7)

Schedule a key deletion

Parameters

key – key id or an instance of Key
pending_days – Pending days before deletion, allow 7 to 1096

Returns

Updated instance of Key

cancel_key_deletion(key)

Cancel a key deletion

Parameters: key – key id or an instance of Key
Returns: Updated instance of Key

DEK (Data Encryption Key) Operations¶

class otcextensions.sdk.kms.v1._proxy.Proxy(session, *args, **kwargs)

create_datakey(cmk, **attrs)

Create a data key

Parameters

cmk – key id or an instance of master key Key
attrs (dict) – Keyword arguments which will be used to create a Data key. encryption_context, sequence are optional parameters.

Returns

instance of DataKey

create_datakey_wo_plain(cmk, **attrs)

Create a data key without plain text

Parameters

cmk – key id or an instance of Key
attrs (dict) – Keyword arguments which will be used to create a Data key. encryption_context, sequence are optional parameters.

Returns

instance of DataKey

encrypt_datakey(datakey)

Encrypt a data key

Requires plain_text to be filled with the hex key value. Populates cipher_text with the encrypted value.

Parameters: datakey – key id or an instance of DataKey
Returns: instance of DataKey

decrypt_datakey(cmk, cipher_text, datakey_cipher_length)

Decrypt a data key

Parameters

cmk – key id or an instance of Key
cipher_text – encrypted value retrieved from encrypt() call.
datakey_cipher_length – datakey_cipher_length (expected value 64)

Returns

decrypted key instance of DataKey with plain_text populated

Other Operations¶

class otcextensions.sdk.kms.v1._proxy.Proxy(session, *args, **kwargs)

generate_random(random_data_length=512)

Generate random data

Parameters: random_data_length – random data size in bits [0..512]
Returns: instance of Random

get_instance_number()

Get encrypt key instance total number

Returns: instance of InstanceNumber

quotas()

List quota resources for KMS service

Returns: A generator of Quota objects

last updated: 2023-08-18 10:18