# alibabacloud-kms-python2-sdk **Repository Path**: aliyun/alibabacloud-kms-python2-sdk ## Basic Information - **Project Name**: alibabacloud-kms-python2-sdk - **Description**: Alibaba Cloud KMS SDK for Python2 can help Python developers to use the KMS. - **Primary Language**: Unknown - **License**: Apache-2.0 - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2025-05-08 - **Last Updated**: 2025-06-26 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README Alibaba Cloud KMS SDK for Python2 ================================= .. figure:: https://aliyunsdk-pages.alicdn.com/icons/AlibabaCloud.svg :alt: image0 image0 Alibaba Cloud KMS SDK for Python2 can help Python developers to use the KMS. *Read this in other languages:*\ `English `__\ *,*\ `简体中文 `__ - `Alibaba Cloud KMS Homepage `__ - `Sample Code `__ - `Issues `__ - `Release `__ Requirements ------------ - Python 2.7.15 or later Install ------- :: pip install alibabacloud-kms-python2-sdk Introduction to KMS Client +--------------------------+---------------------+---------------------+ | KMS client classes | Introduction | Usage scenarios | +==========================+=====================+=====================+ | alibabacloud_kms_k | KMS resource | 1. Scenarios where | | ms20160120.client.Client | management and key | key operations are | | | operations for KMS | performed only | | | instance gateways | through VPC | | | are supported | gateways. 2. KMS | | | | resource management | | | | scenarios that only | | | | use public | | | | gateways. 3. | | | | Scenarios where you | | | | want to perform key | | | | operations through | | | | VPC gateways and | | | | manage KMS | | | | resources through | | | | public gateways. | +--------------------------+---------------------+---------------------+ | al | Users can migrate | Users who use | | ibabacloud_kms_kms201601 | from KMS 1.0 key | Alibaba Cloud SDK | | 20.client.TransferClient | operations to KMS | to access KMS 1.0 | | | 3.0 key operations | key operations need | | | | to migrate to KMS | | | | 3.0 | +--------------------------+---------------------+---------------------+ Sample code ----------- 1. Scenarios where key operations are performed only through VPC gateways. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Refer to the following sample code to call the KMS AdvanceEncrypt API. For more API examples, see\ `operation samples <./example/operation>`__ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. code:: python # -*- coding: utf-8 -*- # This file is auto-generated, don't edit it. Thanks. from __future__ import unicode_literals import sys from openapi import models as dedicated_kms_openapi_models from alibabacloud_kms_kms20160120.client import Client as KmsSdkClient from sdk import models as dedicated_kms_sdk_models from alibabacloud_tea_util.client import Client as UtilClient import os class AdvanceEncrypt(object): def __init__(self): pass @staticmethod def create_kms_instance_config(client_key_file, password, endpoint, ca_file_path): config = dedicated_kms_openapi_models.Config( client_key_file=client_key_file, password=password, endpoint=endpoint, ca_file_path=ca_file_path ) return config @staticmethod def create_client(kms_instance_config): return KmsSdkClient(kms_instance_config=kms_instance_config) @staticmethod def advance_encrypt(client, key_id, plaintext): request = dedicated_kms_sdk_models.AdvanceEncryptRequest( key_id=key_id, plaintext=plaintext ) return client.advance_encrypt(request) @staticmethod def main(args): kms_instance_config = AdvanceEncrypt.create_kms_instance_config(os.getenv('your client key file path env'), os.getenv('your client key password env'), 'your kms instance endpoint', 'your ca file path') client = AdvanceEncrypt.create_client(kms_instance_config) key_id = 'your keyId' plaintext = UtilClient.to_bytes('your plaintext') response = AdvanceEncrypt.advance_encrypt(client, key_id, plaintext) print response if __name__ == '__main__': AdvanceEncrypt.main(sys.argv[1:]) 2. KMS resources are managed only through public gateways. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Refer to the following sample code to call the KMS CreateKey API. For more API examples, see\ `manage samples <./example/manage>`__ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. code:: python # -*- coding: utf-8 -*- # This file is auto-generated, don't edit it. Thanks. from __future__ import unicode_literals import sys from alibabacloud_tea_openapi import models as open_api_models from alibabacloud_kms_kms20160120.client import Client as KmsSdkClient from alibabacloud_kms20160120 import models as kms_20160120_models import os class CreateKey(object): def __init__(self): pass @staticmethod def create_open_api_config(access_key_id, access_key_secret, region_id): config = open_api_models.Config( access_key_id=access_key_id, access_key_secret=access_key_secret, region_id=region_id ) return config @staticmethod def create_client(open_api_config): return KmsSdkClient(open_api_config=open_api_config) @staticmethod def create_key(client, enable_automatic_rotation, rotation_interval, key_usage, origin, description, dkmsinstance_id, protection_level, key_spec): request = kms_20160120_models.CreateKeyRequest( enable_automatic_rotation=enable_automatic_rotation, rotation_interval=rotation_interval, key_usage=key_usage, origin=origin, description=description, dkmsinstance_id=dkmsinstance_id, protection_level=protection_level, key_spec=key_spec ) return client.create_key(request) @staticmethod def main(args): #Make sure that the environment in which the code runs has environment variables ALIBABA_CLOUD_ACCESS_KEY_ID and ALIBABA_CLOUD_ACCESS_KEY_SECRET set. #Project code leakage may cause AccessKey to be leaked and threaten the security of all resources under the account. The following code example uses an environment variable to obtain the AccessKey for reference only, it is recommended to use the more secure STS mode, for more authentication access methods, see https://help.aliyun.com/document_detail/378657.html open_api_config = CreateKey.create_open_api_config(os.getenv('ALIBABA_CLOUD_ACCESS_KEY_ID'), os.getenv('ALIBABA_CLOUD_ACCESS_KEY_SECRET'), 'your region id') client = CreateKey.create_client(open_api_config) enable_automatic_rotation = False rotation_interval = 'your rotationInterval' key_usage = 'your keyUsage' origin = 'your origin' description = 'your description' d_kmsinstance_id = 'your dKMSInstanceId' protection_level = 'your protectionLevel' key_spec = 'your keySpec' response = CreateKey.create_key(client, enable_automatic_rotation, rotation_interval, key_usage, origin, description, d_kmsinstance_id, protection_level, key_spec) print response if __name__ == '__main__': CreateKey.main(sys.argv[1:]) 3. You must not only perform key operations through a VPC gateway, but also manage KMS resources through a public gateway. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Refer to the following sample code to call the KMS CreateKey API and the AdvanceEncrypt API. For more API examples, see `operation samples <./example/operation>`__ 和 `manage samples <./example/manage>`__ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. code:: python # -*- coding: utf-8 -*- from __future__ import unicode_literals import sys from alibabacloud_tea_openapi import models as open_api_models from alibabacloud_kms_kms20160120.client import Client as KmsSdkClient from alibabacloud_kms20160120 import models as kms_20160120_models from alibabacloud_tea_util.client import Client as UtilClient from openapi import models as dedicated_kms_openapi_models from sdk import models as dedicated_kms_sdk_models import os class Sample(object): def __init__(self): pass @staticmethod def create_open_api_config(access_key_id, access_key_secret, region_id): config = open_api_models.Config( access_key_id=access_key_id, access_key_secret=access_key_secret, region_id=region_id ) return config @staticmethod def create_kms_instance_config(client_key_file, password, endpoint, ca_file_path): config = dedicated_kms_openapi_models.Config( client_key_file=client_key_file, password=password, endpoint=endpoint, ca_file_path=ca_file_path ) return config @staticmethod def create_client(kms_instance_config, open_api_config): return KmsSdkClient(kms_instance_config=kms_instance_config, open_api_config=open_api_config) @staticmethod def advance_encrypt(client, key_id, plaintext): request = dedicated_kms_sdk_models.AdvanceEncryptRequest( key_id=key_id, plaintext=plaintext ) return client.advance_encrypt(request) @staticmethod def create_key(client, enable_automatic_rotation, rotation_interval, key_usage, origin, description, dkmsinstance_id, protection_level, key_spec): request = kms_20160120_models.CreateKeyRequest( enable_automatic_rotation=enable_automatic_rotation, rotation_interval=rotation_interval, key_usage=key_usage, origin=origin, description=description, dkmsinstance_id=dkmsinstance_id, protection_level=protection_level, key_spec=key_spec ) return client.create_key(request) @staticmethod def main(args): #Make sure that the environment in which the code runs has environment variables ALIBABA_CLOUD_ACCESS_KEY_ID and ALIBABA_CLOUD_ACCESS_KEY_SECRET set. #Project code leakage may cause AccessKey to be leaked and threaten the security of all resources under the account. The following code example uses an environment variable to obtain the AccessKey for reference only, it is recommended to use the more secure STS mode, for more authentication access methods, see https://help.aliyun.com/document_detail/378657.html open_api_config = Sample.create_open_api_config(os.getenv('ALIBABA_CLOUD_ACCESS_KEY_ID'), os.getenv('ALIBABA_CLOUD_ACCESS_KEY_SECRET'), 'your region id') kms_instance_config = Sample.create_kms_instance_config(os.getenv('your client key file path env'), os.getenv('your client key password env'), 'your kms instance endpoint', 'your ca file path') client = Sample.create_client(kms_instance_config=kms_instance_config, open_api_config=open_api_config) key_id = 'your keyId' plaintext = UtilClient.to_bytes('your plaintext') response = Sample.advance_encrypt(client, key_id, plaintext) print response enable_automatic_rotation = False rotation_interval = 'your rotationInterval' key_usage = 'your keyUsage' origin = 'your origin' description = 'your description' d_kmsinstance_id = 'your dKMSInstanceId' protection_level = 'your protectionLevel' key_spec = 'your keySpec' response = Sample.create_key(client, enable_automatic_rotation, rotation_interval, key_usage, origin, description, d_kmsinstance_id, protection_level, key_spec) print response if __name__ == '__main__': Sample.main(sys.argv[1:]) Users who uses Alibaba Cloud SDK to access KMS 1.0 keys need to migrate to access KMS 3.0 keys. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Refer to the following sample code to call the KMS API. For more API examples, see `kms transfer samples <./example/transfer>`__ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. code:: python # -*- coding: utf-8 -*- import os from alibabacloud_kms20160120 import models as kms_20160120_models from alibabacloud_tea_openapi import models as open_api_models from alibabacloud_kms_kms20160120.models import KmsConfig, KmsRuntimeOptions from alibabacloud_kms_kms20160120.transfer_client import TransferClient def create_client(): # set config openapi_config = open_api_models.Config( # set region id region_id='', # set access key id access_key_id=os.getenv('ACCESS_KEY_ID'), # set access key secret access_key_secret=os.getenv('ACCESS_KEY_SECRET') ) # set kms config kms_config = KmsConfig( # set the request protocol to https protocol='https', # set client key file path client_key_file='', # set client key password password='', # set kms instance endpoint endpoint='' ) # create transfer client return TransferClient(config=config, kms_config=kms_config) def create_key(client): request = kms_20160120_models.CreateKeyRequest( key_spec='', key_usage='' ) # If verify server CA certificate,you can set CA certificate file path with RuntimeOptions runtime = KmsRuntimeOptions( ca='' ) # If you ignore ssl verification，you can set ignore_ssl with True related to the RuntimeOptions parameter # runtime = KmsRuntimeOptions( # ignore_ssl=True # ) try: response = client.create_key_with_options(request, runtime) print(str(response.body)) except Exception as e: print(str(e)) def generate_data_key(client): request = kms_20160120_models.GenerateDataKeyRequest( key_id='', ) # If verify server CA certificate,you can set CA certificate file path with RuntimeOptions runtime = KmsRuntimeOptions( ca='' ) # If you ignore ssl verification，you can set ignore_ssl with True related to the RuntimeOptions parameter # runtime = KmsRuntimeOptions( # ignore_ssl=True # ) try: response = client.generate_data_key_with_options(request, runtime) print(str(response.body)) except Exception as e: print(str(e)) client = create_client() create_key(client) generate_data_key(client) :: ## KMS instance performance testing If you need to use the KMS instance SDK for KMS instance performance testing, please refer to the sample code of the pressure measurement tools in the directory named benchmarks , compile it into an executable program and run it with the following command: ```shell $ python benchmark.py --case=encrypt --client_key_file=./ClientKey_****.json --client_key_password=**** --endpoint=kst-****.cryptoservice.kms.aliyuncs.com --key_id=key-**** --data_size=32 --concurrence_nums=32 --duration=600 How to compile and use the stress test tool, please refer to `the document `__. License ------- `Apache License 2.0 `__ Copyright (c) 2009-present, Alibaba Cloud All rights reserved.