4
This is a client for the `Barbican <https://github.com/openstack/barbican>`__
5
Key Management API. There is a Python library for accessing the API
6
(`barbicanclient` module), and a command-line script (`barbican`).
11
The client is `pip installable <https://pypi.python.org/pypi/python-barbicanclient>`__ as follows:
15
pip install python-barbicanclient
18
barbicanclient - Python Library
19
-------------------------------
21
The full api is `documented in the wiki <https://github.com/cloudkeep/python-barbicanclient/wiki/Client-Usage>`__.
24
Here's an example of storing a secret in barbican using the python library
25
with keystone authentication:
29
>>> from barbicanclient.common import auth
30
>>> from barbicanclient import client
31
>>> # We'll use keystone for authentication
32
>>> keystone = auth.KeystoneAuthV2(auth_url='http://keystone-int.cloudkeep.io:5000/v2.0',
33
... username='USER', password='PASSWORD', tenant_name='TENANT')
34
>>> barbican = client.Client(auth_plugin=keystone)
35
>>> # Let's store some sensitive data, Barbican encrypts it and stores it securely in the cloud
36
>>> secret_uri = barbican.secrets.store(name='Self destruction sequence',
37
... payload='the magic words are squeamish ossifrage',
38
... payload_content_type='text/plain')
39
>>> # Let's look at some properties of a barbican Secret
40
>>> secret = barbican.secrets.get(secret_uri)
41
>>> print(secret.secret_ref)
42
u'http://api-01-int.cloudkeep.io:9311/v1/test_tenant/secrets/49496a6d-c674-4384-b208-7cf4988f84ee'
43
>>> print(secret.name)
44
Self destruction sequence
45
>>> # Now let's retrieve the secret payload. Barbican decrypts it and sends it back.
46
>>> print(barbican.secrets.decrypt(secret.secret_ref))
47
the magic words are squeamish ossifrage
50
barbican - Command Line Client
51
------------------------------
53
Command line client configuration and usage is `documented in the wiki <https://github.com/cloudkeep/python-barbicanclient/wiki/Command-Line-Client>`__.
58
usage: barbican [-h] [--no-auth | --os-auth-url <auth-url>]
59
[--os-username <auth-user-name>] [--os-password <auth-password>]
60
[--os-tenant-name <auth-tenant-name>] [--os-tenant-id <tenant-id>]
61
[--endpoint <barbican-url>]
64
Command-line interface to the Barbican API.
67
<entity> Entity used for command, e.g., order, secret or verification.
70
-h, --help show this help message and exit
71
--no-auth, -N Do not use authentication.
72
--os-auth-url <auth-url>, -A <auth-url>
73
Defaults to env[OS_AUTH_URL].
74
--os-username <auth-user-name>, -U <auth-user-name>
75
Defaults to env[OS_USERNAME].
76
--os-password <auth-password>, -P <auth-password>
77
Defaults to env[OS_PASSWORD].
78
--os-tenant-name <auth-tenant-name>, -T <auth-tenant-name>
79
Defaults to env[OS_TENANT_NAME].
80
--os-tenant-id <tenant-id>, -I <tenant-id>
81
Defaults to env[OS_TENANT_ID].
82
--endpoint <barbican-url>, -E <barbican-url>
83
Defaults to env[BARBICAN_ENDPOINT].
89
create Create a new order.
90
store Store a secret in barbican.
91
verify Begin a verification process in barbican.
92
get Retrieve a secret, an order or a verification result by providing its URI.
93
list List secrets, orders or verifications.
94
delete Delete a secret, order or verification by providing its href.