KMS API

The KeyManagementService Class

The kms high-level interface is available through the kms member of a Connection object. The kms member will only be added if the otcextensions.sdk.register_otc_extensions(conn) method is called.

CMK (Customer Master Key) Operations

class otcextensions.sdk.kms.v1._proxy.Proxy(session, *args, **kwargs)
keys(**query)

List all master keys.

Parameters:

query (dict) – Keyword arguments which will be used to list keys. limit, marker, sequence, key_state are allowed. Key state can be: * 1 indicates that the CMK is waiting to be activated. * 2 indicates that the CMK is enabled. * 3 indicates that the CMK is disabled. * 4 indicates that the CMK is scheduled for deletion.

Returns:

a generator of (Key) instances

create_key(**attrs)

Create master key

Parameters:

attrs (dict) – Keyword arguments which will be used to overwrite a Key

Returns:

instance of Key

get_key(key)

Describe a encrypt key by given key id or key object

Parameters:

key – key id or an instance of Key

Returns:

instance of Key

find_key(alias, ignore_missing=False)

Find a single key

Parameters:
  • alias – The key alias

  • ignore_missing (bool) – When set to False ResourceNotFound will be raised when the group does not exist. When set to True, no exception will be set when attempting to delete a nonexistent group.

Returns:

instance of Key

enable_key(key)

Enable a key

Parameters:

key – key id or an instance of Key

Returns:

Updated instance of Key

disable_key(key)

Disable a key

Parameters:

key – key id or an instance of Key

Returns:

Updated instance of Key

schedule_key_deletion(key, pending_days=7)

Schedule a key deletion

Parameters:
  • key – key id or an instance of Key

  • pending_days – Pending days before deletion, allow 7 to 1096

Returns:

Updated instance of Key

cancel_key_deletion(key)

Cancel a key deletion

Parameters:

key – key id or an instance of Key

Returns:

Updated instance of Key

DEK (Data Encryption Key) Operations

class otcextensions.sdk.kms.v1._proxy.Proxy(session, *args, **kwargs)
create_datakey(cmk, **attrs)

Create a data key

Parameters:
  • cmk – key id or an instance of master key Key

  • attrs (dict) – Keyword arguments which will be used to create a Data key. encryption_context, sequence are optional parameters.

Returns:

instance of DataKey

create_datakey_wo_plain(cmk, **attrs)

Create a data key without plain text

Parameters:
  • cmk – key id or an instance of Key

  • attrs (dict) – Keyword arguments which will be used to create a Data key. encryption_context, sequence are optional parameters.

Returns:

instance of DataKey

encrypt_datakey(datakey)

Encrypt a data key

Requires plain_text to be filled with the hex key value. Populates cipher_text with the encrypted value.

Parameters:

datakey – key id or an instance of DataKey

Returns:

instance of DataKey

decrypt_datakey(cmk, cipher_text, datakey_cipher_length)

Decrypt a data key

Parameters:
  • cmk – key id or an instance of Key

  • cipher_text – encrypted value retrieved from encrypt() call.

  • datakey_cipher_length – datakey_cipher_length (expected value 64)

Returns:

decrypted key instance of DataKey with plain_text populated

Other Operations

class otcextensions.sdk.kms.v1._proxy.Proxy(session, *args, **kwargs)
generate_random(random_data_length=512)

Generate random data

Parameters:

random_data_length – random data size in bits [0..512]

Returns:

instance of Random

get_instance_number()

Get encrypt key instance total number

Returns:

instance of InstanceNumber

quotas()

List quota resources for KMS service

Returns:

A generator of Quota objects