PyKMIP: Key Management for Python
Peter Hamilton
- Audience level:
- Intermediate
- Category:
- Security
Description
PyKMIP is a Python implementation of the Key Management Interoperability Protocol (KMIP), a client/server communication protocol for the storage and maintenance of key, certificate, and secret objects. PyKMIP provides a Python client and server implementation of the KMIP 1.1 specification, supporting basic lifecycle operations for the primary KMIP object types.
Abstract
Key and secret management are critical components of modern cryptosystems. Custom management solutions can introduce dangerous vulnerabilities to security-sensitive applications. It is therefore vital to use robust, peer-reviewed, and publicly tested key management solutions when transmitting and managing secret data.
The Key Management Interoperability Protocol (KMIP) is a key management standard developed and maintained by the Organization for the Advancement of Structured Information Standards (OASIS). The protocol defines an encoding scheme for the transmission of key and secret data, providing a standard that can be leveraged by client/server and peer-to-peer applications to securely communicate sensitive information. KMIP is supported by dozens of security vendors and by many prominent programming languages.
While growing in market share, KMIP solutions are often proprietary, requiring purchase and licensing for use. This poster introduces PyKMIP, a Python implementation of the KMIP specification. PyKMIP is the first open source Python library supporting KMIP, granting any Python application the ability to leverage KMIP for key and secret management. PyKMIP provides a Python client and server implementation of the KMIP 1.1 specification, supporting basic lifecycle operations for the primary KMIP object types, including symmetric/asymmetric keys, certificates, and various types of secret data.
PyCon 2016 in Portland, OR is a production of the 