openstack/python-barbicanclient
Code Issues Proposed changes
Files
cd144a8697dcef7882d2454589116a62139f982d
python-barbicanclient/doc/source/usage.rst
Douglas Mendizábal ae77599995 Update documentation 
Updated documentation for the client.  Added a few methods and
properties to the Reference page.

Change-Id: Ief022eb7afe3bda90726413dc42bc99fe3826b95
2015-02-11 12:46:00 -06:00

144 lines
4.3 KiB
ReStructuredText
Raw Blame History

============
Client Usage
============
To use barbicanclient, you must first create an instance of the
:class:`barbicanclient.client.Client` class.
The client uses Keystone Sessions for both authentication and for handling HTTP
requests. You can provide authentication credentials to the client by creating
a Keystone Session with the appropriate auth plugin and then passing that
session to the new Client.
See :doc:`authentication` for more details.
Example::
from barbicanclient import client
barbican = client.Client(...)
The client object has different attributes that can be used to interact with
the Barbican service. Each attribute represents an entity in the Barbican
service: Secrets, Orders and Containers.
Secrets
=======
Secrets represent keys, credentials, and other sensitive data that is stored
by the Barbican service. To store or retrieve a secret in the Barbican
service you should use the different methods of the :class:`barbicanclient.secrets.SecretManager`
class that is exposed as the `secrets` attribute of the Client.
Example::
# Store a random plain text password in Barbican
from barbicanclient import client
import random
import string
def random_password(length):
sys_random = random.SystemRandom()
return u''.join(
sys_random.choice(string.ascii_letters + string.digits) for _ in range(length)
)
barbican = client.Client(...)
my_secret = barbican.secrets.create()
my_secret.name = u'Random plain text password'
my_secret.payload = random_password(24)
my_secret.payload_content_type = u'text/plain'
my_secret_ref = my_secret.store()
The secret reference returned by :meth:`barbicanclient.secrets.SecretManager.store`
can later be used to retrieve the secret data from barbican.
Example::
# Retrieve Secret from secret reference
retrieved_secret = barbican.secrets.get(my_secret_ref)
my_password = retrieved_secret.payload
Orders
======
Orders are used to request secret material to be created by the Barbican
service. Submitting an order will result in a Secret being created on your
behalf. The Secret can then be used like any Secret you may have uploaded
yourself. Orders should be created using the factory methods in the
:class:`barbicanclient.orders.OrderManager` instance in the `orders`
attribute of the `Client`.
Example::
# Submit an order to generate a random encryption key
from barbicanclient import client
barbican = client.Client(...)
my_order = barbican.orders.key_order()
my_order.algorithm = 'AES'
my_order.mode = 'CBC'
my_order.bit_length = 256
my_order_ref = my_order.submit()
The order reference returned by :meth:`barbicanclient.orders.Order.submit`
can later be used to retrieve the order from Barbican.
Example::
# Retrieve Order from order reference
retrieved_order = barbican.orders.get(my_order_ref)
Once your order has been processed by Barbican, the order status will be set
to `'ACTIVE'`. An active order will contain the reference to the requested
secret (or container).
Example::
# Retrieve Encryption Key generated by the above KeyOrder
generated_secret = barbican.secrets.get(retrieved_order.secret_ref)
key = generated_secret.payload
Currently the client can submit :class:`barbicanclient.orders.KeyOrder` orders
for Keys suitable for symmetric encryption, and :class:`barbicanclient.orders.AsymmetricOrder`
for Asymmetric keys such as RSA keys.
Containers
==========
Containers can be either arbitrary groupings of `Secrets` or a strict
grouping of Secrets, such as the Public and Private keys of an RSA keypair.
Containers should be managed using the :class:`barbicanclient.containers.ContainerManager`
instance in the `containers` attribute of the `Client`
Example::
# Add the Secrets created above to a container
my_container = barbican.containers.create()
my_container.add('Retrieved Secret', retrieved_secret)
my_container.add('Generated Secret', generated_secret)
my_container_ref = my_container.store()
The container reference returned by :meth:`barbicanclient.containers.Container.store`
can later be used to retrieve the container from Barbican.
Example::
# Retrieve container from Barbican
retrieved_container = barbican.containers.get(my_container_ref)
View Git Blame Copy Permalink