{ "info": { "author": "Custodia project Contributors", "author_email": "simo@redhat.com", "bugtrack_url": null, "classifiers": [ "Intended Audience :: Developers", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Topic :: Security", "Topic :: Software Development :: Libraries :: Python Modules" ], "description": ".. WARNING: AUTO-GENERATED FILE. DO NOT EDIT.\n\n|Build Status|\n\nCustodia\n========\n\nA tool for managing secrets.\n\nSee our `Quick Start Guide `__\n\nCustodia is a project that aims to define an API for modern cloud\napplications that allows to easily store and share passwords, tokens,\ncertificates and any other secret in a way that keeps data secure,\nmanageable and auditable.\n\nThe Custodia project offers example implementations of clear text and\nencrypted backends, and aims to soon provide drivers to store data in\nexternal data stores like the Vault Project, OpenStack's Barbican,\nFreeIPA's Vault and similar.\n\nIn future the Custodia project plans to enhance and enrich the API to\nprovide access to even more secure means of dealing with private keys,\nlike HSM as a Service and other similar security systems.\n\nSee the Custodia documentation for more information:\nhttps://custodia.readthedocs.io\n\nRequirements\n------------\n\nRuntime\n~~~~~~~\n\n- configparser (Python 2.7)\n- cryptography\n- jwcrypto >= 0.2\n- requests\n- six\n\nTesting\n~~~~~~~\n\n- pip\n- setuptools >= 18.0\n- tox >= 2.3.1\n- wheel\n\ncustodia.ipa depends on several binary extensions and shared libraries\nfor e.g. python-cryptography, python-gssapi, python-ldap, and\npython-nss. For testing and installation in a virtual environment, a C\ncompiler and several development packages are required.\n\nFedora\n^^^^^^\n\n::\n\n $ sudo dnf install python2 python-pip python-virtualenv python-devel \\\n gcc redhat-rpm-config krb5-workstation krb5-devel libffi-devel \\\n nss-devel openldap-devel cyrus-sasl-devel openssl-devel\n\nDebian / Ubuntu\n^^^^^^^^^^^^^^^\n\n::\n\n $ sudo apt-get update\n $ sudo apt-get install -y python2.7 python-pip python-virtualenv python-dev \\\n gcc krb5-user libkrb5-dev libffi-dev libnss3-dev libldap2-dev \\\n libsasl2-dev libssl-dev\n\nAPI stability\n-------------\n\nSome APIs are provisional and may change in the future.\n\n- Command line interface in module ``custodia.cli``.\n- The script custodia-cli.\n- *custodia.ipa* plugins\n\n--------------\n\ncustodia.ipa \u2014 IPA plugins for Custodia\n=======================================\n\n**WARNING** *custodia.ipa is a tech preview with a provisional API.*\n\ncustodia.ipa is a collection of plugins for\n`Custodia `__. It provides integration\nwith `FreeIPA `__. The *IPAVault* plugin is an\ninterface to `FreeIPA\nvault `__. Secrets are\nencrypted and stored in `Dogtag `__'s Key\nRecovery Agent. The *IPACertRequest* plugin creates private key and\nsigned certificates on-demand. Finally the *IPAInterface* plugin is a\nhelper plugin that wraps ipalib and GSSAPI authentication.\n\ncustodia.ipa requirements\n-------------------------\n\n- ipalib >= 4.5.0\n- ipaclient >= 4.5.0\n- Python 2.7 (Python 3 support in IPA vault is unstable.)\n\nipalib and ipaclient are not pulled in and install by default. The\npackages depend on additional OS packages for Kerberos/GSSAPI, LDAP and\nNSS crypto library. The dependencies are listed under *testing*\nrequirements above.\n\n::\n\n $ pip install custodia[ipa]\n\ncustodia.ipa requires an IPA-enrolled host and a Kerberos TGT for\nauthentication. It is recommended to provide credentials with a keytab\nfile or GSS-Proxy. Furthermore *IPAVault* depends on Key Recovery Agent\nservice (``ipa-kra-install``).\n\n--------------\n\nExample configuration\n---------------------\n\nCreate directories\n\n::\n\n $ sudo mkdir /etc/custodia /var/lib/custodia /var/log/custodia /var/run/custodia\n $ sudo chown USER:GROUP /var/lib/custodia /var/log/custodia /var/run/custodia\n $ sudo chmod 750 /var/lib/custodia /var/log/custodia\n\nCreate service account and keytab\n\n::\n\n $ kinit admin\n $ ipa service-add custodia/$HOSTNAME\n $ ipa service-allow-create-keytab custodia/$HOSTNAME --users=admin\n $ mkdir -p /etc/custodia\n $ ipa-getkeytab -p custodia/$HOSTNAME -k /etc/custodia/ipa.keytab\n $ chown custodia:custodia /etc/custodia/ipa.keytab\n\nThe IPA cert request plugin needs additional permissions\n\n::\n\n $ ipa privilege-add \\\n --desc=\"Create and request service certs with Custodia\" \\\n \"Custodia Service Certs\"\n $ ipa privilege-add-permission \\\n --permissions=\"Retrieve Certificates from the CA\" \\\n --permissions=\"Request Certificate\" \\\n --permissions=\"Revoke Certificate\" \\\n --permissions=\"System: Modify Services\" \\\n \"Custodia Service Certs\"\n # for add_principal=True\n $ ipa privilege-add-permission \\\n --permissions=\"System: Add Services\" \\\n \"Custodia Service Certs\"\n $ ipa role-add \\\n --desc=\"Create and request service certs with Custodia\" \\\n \"Custodia Service Cert Adminstrator\"\n $ ipa role-add-privilege \\\n --privileges=\"Custodia Service Certs\" \\\n \"Custodia Service Cert Adminstrator\"\n $ ipa role-add-member \\\n --services=\"custodia/$HOSTNAME\" \\\n \"Custodia Service Cert Adminstrator\"\n\nCreate ``/etc/custodia/ipa.conf``\n\n::\n\n # /etc/custodia/ipa.conf\n\n [global]\n debug = true\n makedirs = true\n\n [auth:ipa]\n handler = IPAInterface\n keytab = ${configdir}/${instance}.keytab\n ccache = FILE:${rundir}/ccache\n\n [auth:creds]\n handler = SimpleCredsAuth\n uid = root\n gid = root\n\n [authz:paths]\n handler = SimplePathAuthz\n paths = /. /secrets\n\n [store:vault]\n handler = IPAVault\n\n [store:cert]\n handler = IPACertRequest\n backing_store = vault\n\n [/]\n handler = Root\n\n [/secrets]\n handler = Secrets\n store = vault\n\n [/secrets/certs]\n handler = Secrets\n store = cert\n\nCreate ``/etc/systemd/system/custodia@ipa.service.d/override.conf``\n\nOn Fedora 26 and newer, the Custodia service file defaults to Python 3.\nAlthough FreeIPA 4.5 has support for Python 3, it's not stable yet.\nTherefore it is necessary to run the ``custodia.ipa`` plugins with\nPython 2.7. You can either use ``systemctl edit custodia@py2.service``\nto create an override or copy the file manually. Don't forget to run\n``systemctl daemon-reload`` in the latter case.\n\n::\n\n [Service]\n ExecStart=\n ExecStart=/usr/sbin/custodia-2 --instance=%i /etc/custodia/%i.conf\n\nRun Custodia server\n\n::\n\n $ systemctl start custodia@ipa.socket\n\nIPA cert request\n----------------\n\nThe *IPACertRequest* store plugin generates or revokes certificates on\nthe fly. It uses a backing store to cache certs and private keys. The\nplugin can create service principal automatically. However the host must\nalready exist. The *IPACertRequest* does not create host entries on\ndemand.\n\nA request like ``GET /path/to/store/HTTP/client1.ipa.example`` generates\na private key and CSR for the service ``HTTP/client1.ipa.example`` with\nDNS subject alternative name ``client1.ipa.example``. The CSR is then\nforwarded to IPA and signed by Dogtag. The resulting cert and its trust\nchain is returned together with the private key as a PEM bundle.\n\n::\n\n $ export CUSTODIA_INSTANCE=ipa\n $ custodia-cli get /certs/HTTP/client1.ipa.example\n -----BEGIN RSA PRIVATE KEY-----\n ...\n -----END RSA PRIVATE KEY-----\n\n Issuer: organizationName=IPA.EXAMPLE, commonName=Certificate Authority\n Subject: organizationName=IPA.EXAMPLE, commonName=client1.ipa.example\n Serial Number: 22\n Validity:\n Not Before: 2017-04-27 09:44:20\n Not After: 2019-04-28 09:44:20\n -----BEGIN CERTIFICATE-----\n ...\n -----END CERTIFICATE-----\n\n Issuer: organizationName=IPA.EXAMPLE, commonName=Certificate Authority\n Issuer: organizationName=IPA.EXAMPLE, commonName=Certificate Authority\n Serial Number: 1\n Validity:\n Not Before: 2017-04-26 08:24:11\n Not After: 2037-04-26 08:24:11\n -----BEGIN CERTIFICATE-----\n ...\n -----END CERTIFICATE-----\n\nA DELETE request removes the cert/key pair from the backing store and\nrevokes the cert at the same time.\n\nAutomatic renewal of revoked or expired certificates is not implemented\nyet.\n\nFreeIPA 4.4 support\n~~~~~~~~~~~~~~~~~~~\n\nThe default settings and permissions are tuned for FreeIPA >= 4.5. For\n4.4, the plugin must be configured with ``chain=False``. The additional\npermission ``Request Certificate with SubjectAltName`` is required, too.\n\n::\n\n ipa privilege-add-permission \\\n --permissions=\"Request Certificate with SubjectAltName\" \\\n \"Custodia Service Certs\"\n\n.. |Build Status| image:: https://travis-ci.org/latchset/custodia.svg?branch=master\n :target: https://travis-ci.org/latchset/custodia\n\n\n", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/latchset/custodia", "keywords": "", "license": "GPLv3+", "maintainer": "", "maintainer_email": "", "name": "custodia", "package_url": "https://pypi.org/project/custodia/", "platform": "", "project_url": "https://pypi.org/project/custodia/", "project_urls": { "Homepage": "https://github.com/latchset/custodia" }, "release_url": "https://pypi.org/project/custodia/0.6.0/", "requires_dist": [ "cryptography", "jwcrypto", "six", "requests", "configparser; python_version<\"3.4\"", "mock; python_version<\"3.4\"", "requests-gssapi; extra == 'gssapi'", "ipalib (>=4.5.0); extra == 'ipa'", "ipaclient (>=4.5.0); extra == 'ipa'", "coverage; extra == 'test'", "pytest; extra == 'test'", "docutils; extra == 'test_docs'", "markdown; extra == 'test_docs'", "sphinx-argparse; extra == 'test_docs'", "sphinxcontrib-spelling; extra == 'test_docs'", "ipalib (>=4.5.0); extra == 'test_docs'", "ipaclient (>=4.5.0); extra == 'test_docs'", "coverage; extra == 'test_extras'", "pytest; extra == 'test_extras'", "requests-gssapi; extra == 'test_extras'", "ipalib (>=4.5.0); extra == 'test_extras'", "ipaclient (>=4.5.0); extra == 'test_extras'", "flake8; extra == 'test_pep8'", "flake8-import-order; extra == 'test_pep8'", "pep8-naming; extra == 'test_pep8'", "pylint; extra == 'test_pylint'", "coverage; extra == 'test_pylint'", "pytest; extra == 'test_pylint'", "requests-gssapi; extra == 'test_pylint'", "ipalib (>=4.5.0); extra == 'test_pylint'", "ipaclient (>=4.5.0); extra == 'test_pylint'" ], "requires_python": ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*", "summary": "A service to manage, retrieve and store secrets.", "version": "0.6.0" }, "last_serial": 4000194, "releases": { "0.2.0": [ { "comment_text": "", "digests": { "md5": "22f3b11579dfa2dc3d385be5384b5f4f", "sha256": "0a7f99fcf973178b5a221455854903b1a335fe04d7c28144961ccedfb952c07d" }, "downloads": -1, "filename": "custodia-0.2.0-py2.py3-none-any.whl", "has_sig": true, "md5_digest": "22f3b11579dfa2dc3d385be5384b5f4f", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 40839, "upload_time": "2016-10-27T16:02:24", "url": "https://files.pythonhosted.org/packages/30/78/0cce9cd727d8f9e1113fa857319aa37a7d25e47225ae8b17ba36f883aa63/custodia-0.2.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "7cc3e7b38868b530d2e3f6c5fe27d8bd", "sha256": "872d48beecc541fdb6d7ddf8599ae090b30725c0c31e1b62b79d42f684daf265" }, "downloads": -1, "filename": "custodia-0.2.0.tar.gz", "has_sig": true, "md5_digest": "7cc3e7b38868b530d2e3f6c5fe27d8bd", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 88577, "upload_time": "2016-10-27T16:02:28", "url": "https://files.pythonhosted.org/packages/08/ef/3b056812e06f4bd238085722cc7b4cdc06cba15ce0cea73cd3b4985f86e2/custodia-0.2.0.tar.gz" } ], "0.3.0": [ { "comment_text": "", "digests": { "md5": "e3ebae47404835a4d83978f316673553", "sha256": "e25e98c11ce213aa58327daf3f9d89466b1f950c18a935776a822eae69502bb5" }, "downloads": -1, "filename": "custodia-0.3.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "e3ebae47404835a4d83978f316673553", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 41214, "upload_time": "2017-03-01T14:28:14", "url": "https://files.pythonhosted.org/packages/12/fb/25061895d0c0665f413cde110a8bcacb532d09d5f3960eaa90cd0def54bb/custodia-0.3.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "e501cd0ff14e3f59254cfa36ffb117c2", "sha256": "83d00e158a1fe32d3d83e797d7962edfe26bc686a530e3b3f8bf5c71d5f1d513" }, "downloads": -1, "filename": "custodia-0.3.0.tar.gz", "has_sig": false, "md5_digest": "e501cd0ff14e3f59254cfa36ffb117c2", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 92032, "upload_time": "2017-03-01T14:28:17", "url": "https://files.pythonhosted.org/packages/f4/dc/3313188700fb8be280db9330ef1c164f49acb8e82dd55c59e9237d1aed0b/custodia-0.3.0.tar.gz" } ], "0.3.1": [ { "comment_text": "", "digests": { "md5": "621a0d4ef222284b277462cd4ebf8a5c", "sha256": "629273942773ef897db3e067f4420997273ed99423620d768a0f7d85ed38ab4f" }, "downloads": -1, "filename": "custodia-0.3.1-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "621a0d4ef222284b277462cd4ebf8a5c", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 42495, "upload_time": "2017-03-27T20:44:13", "url": "https://files.pythonhosted.org/packages/3e/c9/960fd7e5c0dd95369254eb20f18c6a9c5deebad205b98c2687ce63f192da/custodia-0.3.1-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "59a06cd5c76525a187e045440088c320", "sha256": "0399840f56cd688faf1c7ff599b501cb58941d7c1773b13ba531e9b1b2e2f719" }, "downloads": -1, "filename": "custodia-0.3.1.tar.gz", "has_sig": false, "md5_digest": "59a06cd5c76525a187e045440088c320", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 94186, "upload_time": "2017-03-27T20:44:15", "url": "https://files.pythonhosted.org/packages/df/98/1101879192cc4e9c17c3e9291674f124303ce4da8b78622a2fc2e2171202/custodia-0.3.1.tar.gz" } ], "0.4.0": [ { "comment_text": "", "digests": { "md5": "291dd450cb5106ea951fe0e2d4efc078", "sha256": "0e0e68ac33efeb3045deb4a7412a768ecc9735e0b56274c8b6a6afeb46e3aef9" }, "downloads": -1, "filename": "custodia-0.4.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "291dd450cb5106ea951fe0e2d4efc078", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 44780, "upload_time": "2017-05-04T13:32:18", "url": "https://files.pythonhosted.org/packages/0c/f7/2a76c9734fed9d9cf9b1ba941a2a54573360ec70d097691bdc9e6f3a844f/custodia-0.4.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "f721cca00902a792558f1eb4cdfc5d72", "sha256": "e5a5eb06342c2d0773e2f850137175f90b20a969c456c840e423cf0a63edd74b" }, "downloads": -1, "filename": "custodia-0.4.0.tar.gz", "has_sig": false, "md5_digest": "f721cca00902a792558f1eb4cdfc5d72", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 99510, "upload_time": "2017-05-04T13:32:21", "url": "https://files.pythonhosted.org/packages/04/84/979d39e7a45a75b428beabe9908da4ba7fdc6b1018770293e6851d363105/custodia-0.4.0.tar.gz" } ], "0.5.0": [ { "comment_text": "", "digests": { "md5": "731921330b27c2ffd481597f759c10f0", "sha256": "d1d6892e919a3715724eac2e6968a6dc3520f1f7ebf21d884299717f8900c48c" }, "downloads": -1, "filename": "custodia-0.5.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "731921330b27c2ffd481597f759c10f0", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 47444, "upload_time": "2017-05-10T16:14:02", "url": "https://files.pythonhosted.org/packages/ee/d1/99e78ac3c2a7f5c9159be3d0e6106e53f8829588ef60fd33ac61da998000/custodia-0.5.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "da2cd8368aa20aae1e7183c78b7e0cc2", "sha256": "c7e8b6ad70ede9a8639e12cf671f0cae9df10862f879afb31fed5c91cade1a46" }, "downloads": -1, "filename": "custodia-0.5.0.tar.gz", "has_sig": false, "md5_digest": "da2cd8368aa20aae1e7183c78b7e0cc2", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 103072, "upload_time": "2017-05-10T16:14:04", "url": "https://files.pythonhosted.org/packages/98/d3/e4496876fc10422d187aedab555a2037aaf695418af49cae84fa537103c2/custodia-0.5.0.tar.gz" } ], "0.6.0": [ { "comment_text": "", "digests": { "md5": "f378a6fbae6d36f0609a98fe00581308", "sha256": "081ba6dd8f07a87030f52c19ccd263171f76af5bb9c00be52e6d19c2c08d0b58" }, "downloads": -1, "filename": "custodia-0.6.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "f378a6fbae6d36f0609a98fe00581308", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*", "size": 60787, "upload_time": "2018-06-25T12:59:47", "url": "https://files.pythonhosted.org/packages/6d/1b/67126e6ad6336b5606c27f6575f62095238896aa7003511ed28582a46720/custodia-0.6.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "dab82555e37608fc6fc49fdb487a2114", "sha256": "3ed56cfedf56f48967c26ffafd1a82d97a8b799ff1a404fc0e39ab063aac0c02" }, "downloads": -1, "filename": "custodia-0.6.0.tar.gz", "has_sig": false, "md5_digest": "dab82555e37608fc6fc49fdb487a2114", "packagetype": "sdist", "python_version": "source", "requires_python": ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*", "size": 133057, "upload_time": "2018-06-25T12:59:48", "url": "https://files.pythonhosted.org/packages/20/5c/743fe2fb22279815688cd42eca1fdb1cb8d693c07a081a8909bd65e3cade/custodia-0.6.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "f378a6fbae6d36f0609a98fe00581308", "sha256": "081ba6dd8f07a87030f52c19ccd263171f76af5bb9c00be52e6d19c2c08d0b58" }, "downloads": -1, "filename": "custodia-0.6.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "f378a6fbae6d36f0609a98fe00581308", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*", "size": 60787, "upload_time": "2018-06-25T12:59:47", "url": "https://files.pythonhosted.org/packages/6d/1b/67126e6ad6336b5606c27f6575f62095238896aa7003511ed28582a46720/custodia-0.6.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "dab82555e37608fc6fc49fdb487a2114", "sha256": "3ed56cfedf56f48967c26ffafd1a82d97a8b799ff1a404fc0e39ab063aac0c02" }, "downloads": -1, "filename": "custodia-0.6.0.tar.gz", "has_sig": false, "md5_digest": "dab82555e37608fc6fc49fdb487a2114", "packagetype": "sdist", "python_version": "source", "requires_python": ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*", "size": 133057, "upload_time": "2018-06-25T12:59:48", "url": "https://files.pythonhosted.org/packages/20/5c/743fe2fb22279815688cd42eca1fdb1cb8d693c07a081a8909bd65e3cade/custodia-0.6.0.tar.gz" } ] }