• CLI

sdk
  1. Help Center
  2. CLI
  3. Developer Guide
  4. SDK
  5. Python
  6. KMS Python SDK Demo

KMS Python SDK Demo

Key Management Service (KMS) is a secure, reliable, and easy-to-use service that helps users centrally manage and safeguard their Customer Master Keys (CMKs).

KMS uses hardware security modules (HSMs) to protect CMKs. HSMs help you create and control CMKs with ease. All CMKs are protected by root keys in HSMs to avoid leakage. KMS implements access control and log-based tracking on all operations on CMKs. With records of use of all CMKs, it meets your audit and regulatory compliance requirements.

Creating a CMK

You can create a CMK using the Python OpenStack SDK based on the following code:

 def create_key(conn):
    key_dict = {
        "key_alias": "test-key-123-456789223", "realm": "123"       
    }
    key = conn.kms.create_key(**key_dict) 

Enabling a CMK

You can enable a disabled CMK using the Python OpenStack SDK based on the following code:

def enable_key(conn, key):
    # a string of key id or an object of Key
    print(conn.kms.enable_key(key))   

Creating a DEK

You can create a DEK using the Python OpenStack SDK based on the following code:

def create_data_key(conn, key):      
    data_key_dict={
    "datakey_length":"512"
    }
    print(conn.kms.create_datakey(key, **data_key_dict))

Encrypting a DEK

You can encrypt a DEK using the Python OpenStack SDK based on the following code (The plain_text value is obtained during DEK creation):

def encrypt_datakey(conn, key):
    params = {
        "plain_text": "4c5062132d3b1b450d1aff4cd49bb828c09e602e3678b3c8d9be5429fa22be17439a1c7bd167e76d1be8f0cadda76940c98e4483bc32312534ce98db824329eb
",
        "datakey_plain_length": "64"
    }
    datakey = conn.kms.encrypt_datakey(key, **params)
    print(datakey)