{"library":"pykmip","title":"PyKMIP - Key Management Interoperability Protocol","description":"PyKMIP (Python Key Management Interoperability Protocol) is a client library for interacting with KMIP servers, enabling operations such as creating, retrieving, deleting, and managing cryptographic keys and objects. The current version is 0.10.0, and it follows a somewhat irregular but active release cadence, typically with bug fixes and minor features between major functional updates.","language":"python","status":"active","last_verified":"Fri Apr 17","install":{"commands":["pip install pykmip"],"cli":null},"imports":["from kmip.pie.client import KmipClient","from kmip.pie import enums","from kmip.pie import objects"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"import os\nfrom kmip.pie.client import KmipClient\nfrom kmip.pie import enums, objects\n\n# Configure KMIP server details from environment variables for security\nKMIP_HOST = os.environ.get(\"KMIP_HOST\", \"localhost\")\nKMIP_PORT = int(os.environ.get(\"KMIP_PORT\", \"5696\"))\nCLIENT_CERT_PATH = os.environ.get(\"CLIENT_CERT_PATH\", \"./client.pem\")\nCLIENT_KEY_PATH = os.environ.get(\"CLIENT_KEY_PATH\", \"./client.key\")\nCA_CERT_PATH = os.environ.get(\"CA_CERT_PATH\", \"./ca.pem\")\n\ntry:\n    # Initialize the KMIP client with TLS configuration\n    with KmipClient(\n        host=KMIP_HOST,\n        port=KMIP_PORT,\n        cert=CLIENT_CERT_PATH,\n        key=CLIENT_KEY_PATH,\n        ca=CA_CERT_PATH,\n        ssl_version=\"PROTOCOL_TLSv1_2\" # Explicit TLSv1.2, or let system negotiate (PROTOCOL_TLS)\n    ) as client:\n        client.open()\n        print(f\"Successfully connected to KMIP server at {KMIP_HOST}:{KMIP_PORT}\")\n\n        # Example 1: Create a new symmetric key\n        print(\"\\nCreating a 256-bit AES symmetric key...\")\n        create_result = client.create(\n            enums.ObjectType.SYMMETRIC_KEY,\n            enums.CryptographicAlgorithm.AES,\n            256,\n            enums.CryptographicUsageMask.ENCRYPT\n        )\n\n        if create_result.result_status == enums.ResultStatus.SUCCESS:\n            key_uuid = create_result.uuid\n            print(f\"Key created successfully. UUID: {key_uuid}\")\n\n            # Example 2: Destroy the created key\n            print(f\"\\nDestroying key with UUID: {key_uuid}...\")\n            destroy_result = client.destroy(key_uuid)\n\n            if destroy_result.result_status == enums.ResultStatus.SUCCESS:\n                print(f\"Key {key_uuid} destroyed successfully.\")\n            else:\n                print(f\"Failed to destroy key: {destroy_result.result_reason.name}\")\n        else:\n            print(f\"Failed to create key: {create_result.result_reason.name} ({create_result.result_status.name})\")\n\nexcept ConnectionRefusedError:\n    print(f\"Error: Connection refused. Is the KMIP server running on {KMIP_HOST}:{KMIP_PORT}?\")\nexcept FileNotFoundError as e:\n    print(f\"Error: Certificate or key file not found: {e}. Check paths: {CLIENT_CERT_PATH}, {CLIENT_KEY_PATH}, {CA_CERT_PATH}\")\nexcept Exception as e:\n    print(f\"An unexpected error occurred: {e}\")\nfinally:\n    # The 'with' statement handles client closing automatically\n    print(\"\\nKMIP client operations completed.\")","lang":"python","description":"This quickstart demonstrates how to connect to a KMIP server using `KmipClient`, create a new symmetric key, and then destroy it. It emphasizes secure handling of sensitive information via environment variables and includes basic error handling for common connection and file issues. Ensure you have client and CA certificates (e.g., `client.pem`, `client.key`, `ca.pem`) configured for TLS.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}