Client SDK Version 1.8.1
Ionic Security client SDK for Python users
KeyVault Overview

Introduction to KeyVault

The KeyVault module supports local, temporary, secure storage of data protection keys. The primary use case for storing keys locally is to enable the ability to access those keys while being temporarily offline (no internet / network access).


Thread Safety

KeyVaultLib is thread-safe. All classes in the KeyVault module are thread-safe and may be used as a shared resource between concurrent threads. Additionally, the underlying storage mechanisms are process-safe, which means a single key vault may be simultaneously used from multiple different processes on the same machine without data loss or data corruption.


Key Vault Classes


Example Usage - Store a Newly Created Key into a Key Vault

import time
import ionicsdk
# Create an agent and initialize it using all defaults.
myAgent = ionicsdk.Agent()
# Create a key vault for Windows that uses the default key vault file path.
keyVault = ionicsdk.KeyVaultWindowsDpApi()
# Load all keys from the existing key vault file, if any.
keyVault.Sync()
# Create a new key using the Ionic platform and store it in a key vault for
# future use.
attributes = {"classification":("confidential",),"allowedGroups":("admins","mods")}
createdKey = myAgent.createkey(attributes)
if createdKey is not None:
key = ionicsdk.KeyVaultKeyRecord(createdKey.id,
createdKey.bytes,
createdKey.attributes,
createdKey.mutableAttributes,
createdKey.obligations,
int(time.time()),
24*60*60,
ionicsdk.KeyVaultKeyRecord.ISKR_ADDED)
keyVault.setkey(key)
keyVault.Sync();

Example Usage - Retrieve a Key from a Key Vault

import ionicsdk
# Create a key vault for Windows that uses the default key vault file path.
keyVault = ionicsdk.KeyVaultWindowsDpApi()
# Load all keys from the existing key vault file, if any.
keyVault.Sync()
# Look up a key in the key vault using its key ID.
myKeyId = "SomeKeyId";
key = keyVault.GetKey(myKeyId)
if key is not None:
print("Found the key with ID: " + key.keyid)
else:
print("No key was found")