PyKMIP is a Python implementation of the Key Management Interoperability Protocol (KMIP), an OASIS communication standard for the management of objects stored and maintained by key management systems. KMIP defines how key management operations and operation data should be encoded and communicated between client and server applications. Supported operations include the full CRUD key management lifecycle, including operations for managing object metadata and for conducting cryptographic operations. Supported object types include:
- symmetric/asymmetric encryption keys
- passwords/passphrases
- certificates
- opaque data blobs, and more
For more information on KMIP, check out the OASIS KMIP Technical Committee and the OASIS KMIP Documentation.
For more information on PyKMIP, check out the project Documentation.
You can install PyKMIP via pip:
$ pip install pykmipSee Installation for more information.
The PyKMIP community has various forums and resources you can use:
- Source code
- Issue tracker
- IRC:
#pykmiponirc.freenode.net - Twitter:
@pykmip
- set
database_password=sss(otherwise passwords will be used verbatim) - start the server with
pykmip-server - use the
pykmip-ssscommand and follow the prompt to enter the shares (use-tto specify the share threshold)
make sure the server is stopped
enter the following command
./rekey-server.py --database /data/db/pykmip.db -gpg=[u1],[u2],...,[un] -t [threshold, default=2]where [u1]...[un] are the GPG public key files (comma-separated). We need t/n to unlock the database.