{
"info": {
"author": "Custodia project Contributors",
"author_email": "cheimes@redhat.com",
"bugtrack_url": null,
"classifiers": [
"Development Status :: 4 - Beta",
"Intended Audience :: Developers",
"Programming Language :: Python :: 2.7",
"Programming Language :: Python :: 3.4",
"Programming Language :: Python :: 3.5",
"Programming Language :: Python :: 3.6",
"Topic :: Security",
"Topic :: Software Development :: Libraries :: Python Modules"
],
"description": ".. WARNING: AUTO-GENERATED FILE. DO NOT EDIT.\n\ncustodia.ipa \u2014 IPA vault plugin for Custodia\n============================================\n\n**WARNING** *custodia.ipa is a tech preview with a provisional API.*\n\ncustodia.ipa is a collection of plugins for\n`Custodia `__. It provides integration\nwith `FreeIPA `__. The *IPAVault* plugin is an\ninterface to `FreeIPA\nvault `__. Secrets are\nencrypted and stored in `Dogtag `__'s Key\nRecovery Agent. The *IPACertRequest* plugin creates private key and\nsigned certificates on-demand. Finally the *IPAInterface* plugin is a\nhelper plugin that wraps ipalib and GSSAPI authentication.\n\nRequirements\n------------\n\nInstallation\n~~~~~~~~~~~~\n\n- pip\n- setuptools >= 18.0\n\nRuntime\n~~~~~~~\n\n- custodia >= 0.5.0\n- ipalib >= 4.5.0\n- ipaclient >= 4.5.0\n- Python 2.7 (Python 3 support in IPA vault is unstable.)\n\ncustodia.ipa requires an IPA-enrolled host and a Kerberos TGT for\nauthentication. It is recommended to provide credentials with a keytab\nfile or GSS-Proxy. Furthermore *IPAVault* depends on Key Recovery Agent\nservice (``ipa-kra-install``).\n\nTesting and development\n~~~~~~~~~~~~~~~~~~~~~~~\n\n- wheel\n- tox\n\nvirtualenv requirements\n~~~~~~~~~~~~~~~~~~~~~~~\n\ncustodia.ipa depends on several binary extensions and shared libraries\nfor e.g. python-cryptography, python-gssapi, python-ldap, and\npython-nss. For installation in a virtual environment, a C compiler and\nseveral development packages are required.\n\n::\n\n $ virtualenv venv\n $ venv/bin/pip install --upgrade custodia.ipa\n\nFedora\n^^^^^^\n\n::\n\n $ sudo dnf install python2 python-pip python-virtualenv python-devel \\\n gcc redhat-rpm-config krb5-workstation krb5-devel libffi-devel \\\n nss-devel openldap-devel cyrus-sasl-devel openssl-devel\n\nDebian / Ubuntu\n^^^^^^^^^^^^^^^\n\n::\n\n $ sudo apt-get update\n $ sudo apt-get install -y python2.7 python-pip python-virtualenv python-dev \\\n gcc krb5-user libkrb5-dev libffi-dev libnss3-dev libldap2-dev \\\n libsasl2-dev libssl-dev\n\n--------------\n\nExample configuration\n---------------------\n\nCreate directories\n\n::\n\n $ sudo mkdir /etc/custodia /var/lib/custodia /var/log/custodia /var/run/custodia\n $ sudo chown USER:GROUP /var/lib/custodia /var/log/custodia /var/run/custodia\n $ sudo chmod 750 /var/lib/custodia /var/log/custodia\n\nCreate service account and keytab\n\n::\n\n $ kinit admin\n $ ipa service-add custodia/$HOSTNAME\n $ ipa service-allow-create-keytab custodia/$HOSTNAME --users=admin\n $ mkdir -p /etc/custodia\n $ ipa-getkeytab -p custodia/$HOSTNAME -k /etc/custodia/ipa.keytab\n $ chown custodia:custodia /etc/custodia/ipa.keytab\n\nThe IPA cert request plugin needs additional permissions\n\n::\n\n $ ipa privilege-add \\\n --desc=\"Create and request service certs with Custodia\" \\\n \"Custodia Service Certs\"\n $ ipa privilege-add-permission \\\n --permissions=\"Retrieve Certificates from the CA\" \\\n --permissions=\"Request Certificate\" \\\n --permissions=\"Revoke Certificate\" \\\n --permissions=\"System: Modify Services\" \\\n \"Custodia Service Certs\"\n # for add_principal=True\n $ ipa privilege-add-permission \\\n --permissions=\"System: Add Services\" \\\n \"Custodia Service Certs\"\n $ ipa role-add \\\n --desc=\"Create and request service certs with Custodia\" \\\n \"Custodia Service Cert Adminstrator\"\n $ ipa role-add-privilege \\\n --privileges=\"Custodia Service Certs\" \\\n \"Custodia Service Cert Adminstrator\"\n $ ipa role-add-member \\\n --services=\"custodia/$HOSTNAME\" \\\n \"Custodia Service Cert Adminstrator\"\n\nCreate ``/etc/custodia/ipa.conf``\n\n::\n\n # /etc/custodia/ipa.conf\n\n [global]\n debug = true\n makedirs = true\n\n [auth:ipa]\n handler = IPAInterface\n keytab = ${configdir}/${instance}.keytab\n ccache = FILE:${rundir}/ccache\n\n [auth:creds]\n handler = SimpleCredsAuth\n uid = root\n gid = root\n\n [authz:paths]\n handler = SimplePathAuthz\n paths = /. /secrets\n\n [store:vault]\n handler = IPAVault\n\n [store:cert]\n handler = IPACertRequest\n backing_store = vault\n\n [/]\n handler = Root\n\n [/secrets]\n handler = Secrets\n store = vault\n\n [/secrets/certs]\n handler = Secrets\n store = cert\n\nRun Custodia server\n\n::\n\n $ systemctl start custodia@ipa.socket\n\nIPA cert request\n----------------\n\nThe *IPACertRequest* store plugin generates or revokes certificates on\nthe fly. It uses a backing store to cache certs and private keys. The\nplugin can create service principal automatically. However the host must\nalready exist. The *IPACertRequest* does not create host entries on\ndemand.\n\nA request like ``GET /path/to/store/HTTP/client1.ipa.example`` generates\na private key and CSR for the service ``HTTP/client1.ipa.example`` with\nDNS subject alternative name ``client1.ipa.example``. The CSR is then\nforwarded to IPA and signed by Dogtag. The resulting cert and its trust\nchain is returned together with the private key as a PEM bundle.\n\n::\n\n $ export CUSTODIA_INSTANCE=ipa\n $ custodia-cli get /certs/HTTP/client1.ipa.example\n -----BEGIN RSA PRIVATE KEY-----\n ...\n -----END RSA PRIVATE KEY-----\n\n Issuer: organizationName=IPA.EXAMPLE, commonName=Certificate Authority\n Subject: organizationName=IPA.EXAMPLE, commonName=client1.ipa.example\n Serial Number: 22\n Validity:\n Not Before: 2017-04-27 09:44:20\n Not After: 2019-04-28 09:44:20\n -----BEGIN CERTIFICATE-----\n ...\n -----END CERTIFICATE-----\n\n Issuer: organizationName=IPA.EXAMPLE, commonName=Certificate Authority\n Issuer: organizationName=IPA.EXAMPLE, commonName=Certificate Authority\n Serial Number: 1\n Validity:\n Not Before: 2017-04-26 08:24:11\n Not After: 2037-04-26 08:24:11\n -----BEGIN CERTIFICATE-----\n ...\n -----END CERTIFICATE-----\n\nA DELETE request removes the cert/key pair from the backing store and\nrevokes the cert at the same time.\n\nAutomatical renewal of revoked or expired certificates is not\nimplemented yet.\n\nFreeIPA 4.4 support\n~~~~~~~~~~~~~~~~~~~\n\nThe default settings and permissions are tuned for FreeIPA >= 4.5. For\n4.4, the plugin must be configured with ``chain=False``. The additional\npermission ``Request Certificate with SubjectAltName`` is required, too.\n\n::\n\n ipa privilege-add-permission \\\n --permissions=\"Request Certificate with SubjectAltName\" \\\n \"Custodia Service Certs\"\n\n\n",
"description_content_type": null,
"docs_url": null,
"download_url": "",
"downloads": {
"last_day": -1,
"last_month": -1,
"last_week": -1
},
"home_page": "https://github.com/latchset/custodia.ipa",
"keywords": "",
"license": "GPLv3+",
"maintainer": "",
"maintainer_email": "",
"name": "custodia.ipa",
"package_url": "https://pypi.org/project/custodia.ipa/",
"platform": "",
"project_url": "https://pypi.org/project/custodia.ipa/",
"project_urls": {
"Homepage": "https://github.com/latchset/custodia.ipa"
},
"release_url": "https://pypi.org/project/custodia.ipa/0.4.2/",
"requires_dist": [
"custodia (>=0.5.0)",
"ipalib (>=4.5.0)",
"ipaclient (>=4.5.0)",
"six",
"mock; python_version<\"3.3\"",
"coverage; extra == 'test'",
"pytest; extra == 'test'",
"docutils; extra == 'test_docs'",
"markdown; extra == 'test_docs'",
"flake8; extra == 'test_pep8'",
"flake8-import-order; extra == 'test_pep8'",
"pep8-naming; extra == 'test_pep8'",
"pylint; extra == 'test_pylint'",
"coverage; extra == 'test_pylint'",
"pytest; extra == 'test_pylint'"
],
"requires_python": "",
"summary": "FreeIPA Vault plugin for Custodia",
"version": "0.4.2"
},
"last_serial": 2962207,
"releases": {
"0.1.0": [
{
"comment_text": "",
"digests": {
"md5": "726b47908fedcd55cc90760e4722b488",
"sha256": "a1784f65d82eba0b92cf592b0614b760bc02aeb8858951ed8c21e641a0086137"
},
"downloads": -1,
"filename": "custodia.ipa-0.1.0-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "726b47908fedcd55cc90760e4722b488",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 9061,
"upload_time": "2017-03-28T10:24:59",
"url": "https://files.pythonhosted.org/packages/b4/dc/4816cb721fae4e9d45ad86ff84860d4bb2b157cd26f046af370d30b646fc/custodia.ipa-0.1.0-py2.py3-none-any.whl"
},
{
"comment_text": "",
"digests": {
"md5": "812c8cdf0d9aca9bf0df60f39820ee50",
"sha256": "a43f4ca5fee175e574f6a8f2ff7197bbff7a2815ca732c961b15b3d100f999f4"
},
"downloads": -1,
"filename": "custodia.ipa-0.1.0.tar.gz",
"has_sig": false,
"md5_digest": "812c8cdf0d9aca9bf0df60f39820ee50",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 21280,
"upload_time": "2017-03-28T10:25:00",
"url": "https://files.pythonhosted.org/packages/51/a8/5ecb27883399dee022a48931607f1202572cfad1243793ad71c563cff5e4/custodia.ipa-0.1.0.tar.gz"
}
],
"0.2.0": [
{
"comment_text": "",
"digests": {
"md5": "be5722fb592e1579bd4cfb3adacbeb6c",
"sha256": "7ba73671334531aff0687a9e66a5edc5a4dc3de73b7598998aef190fc7035d52"
},
"downloads": -1,
"filename": "custodia.ipa-0.2.0-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "be5722fb592e1579bd4cfb3adacbeb6c",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 14768,
"upload_time": "2017-04-19T13:58:09",
"url": "https://files.pythonhosted.org/packages/cc/66/540fb20bff03d9f474f57009c56dbff52f4bd403e3e4b2b78a6aafec4cd8/custodia.ipa-0.2.0-py2.py3-none-any.whl"
},
{
"comment_text": "",
"digests": {
"md5": "533bab7ae872fe9e753949bed01e0fc7",
"sha256": "b8d2d72e32506effa9501ef83e9d76c709ebc90d2883c92b55e189e6c7b1b2d6"
},
"downloads": -1,
"filename": "custodia.ipa-0.2.0.tar.gz",
"has_sig": false,
"md5_digest": "533bab7ae872fe9e753949bed01e0fc7",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 31656,
"upload_time": "2017-04-19T13:58:10",
"url": "https://files.pythonhosted.org/packages/29/a6/7e816f0588c18c4c49e91b72be8148e60d5ebded9301421f1e7d8d0f7867/custodia.ipa-0.2.0.tar.gz"
}
],
"0.2.1": [
{
"comment_text": "",
"digests": {
"md5": "f418cd3ddfb618563fdb0e8728dbe392",
"sha256": "31713ee7a40ae76048443431b899e22e30a6df9073001066f626d1d48e537605"
},
"downloads": -1,
"filename": "custodia.ipa-0.2.1-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "f418cd3ddfb618563fdb0e8728dbe392",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 15004,
"upload_time": "2017-04-24T07:35:47",
"url": "https://files.pythonhosted.org/packages/57/cb/3c13a8279b9d9039cc6ed6a0fc9d4197f74b95efd7f96e81d870752f1bf9/custodia.ipa-0.2.1-py2.py3-none-any.whl"
},
{
"comment_text": "",
"digests": {
"md5": "9c25f358cb66bf50e91125af86e63ae7",
"sha256": "0507f5a895b35662d7deee08bc57c10bbdffbdf98a26bd579c9da308942c4cc7"
},
"downloads": -1,
"filename": "custodia.ipa-0.2.1.tar.gz",
"has_sig": false,
"md5_digest": "9c25f358cb66bf50e91125af86e63ae7",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 32109,
"upload_time": "2017-04-24T07:35:48",
"url": "https://files.pythonhosted.org/packages/0e/5a/f5385d5ab041ae75b9fddc755f4c5d76585371c745a59a9a2ea517a087d6/custodia.ipa-0.2.1.tar.gz"
}
],
"0.2.2": [
{
"comment_text": "",
"digests": {
"md5": "3a274743ba021951adcba15ad408be10",
"sha256": "8927e08432520c6ec773eff963e6608c7d0260725d04ee5574673cb89a4e7fd7"
},
"downloads": -1,
"filename": "custodia.ipa-0.2.2-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "3a274743ba021951adcba15ad408be10",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 15311,
"upload_time": "2017-04-24T17:05:18",
"url": "https://files.pythonhosted.org/packages/85/42/40e573e37012ee97ed01c373011a704178ad7da40d6b1defe27fbf5ea5db/custodia.ipa-0.2.2-py2.py3-none-any.whl"
},
{
"comment_text": "",
"digests": {
"md5": "a329199634fcd8c3616cce187d0f5dbf",
"sha256": "ac4cae3e4bde1d592293143ce0b2e71156ab199efdfa67066811e991f479e51d"
},
"downloads": -1,
"filename": "custodia.ipa-0.2.2.tar.gz",
"has_sig": false,
"md5_digest": "a329199634fcd8c3616cce187d0f5dbf",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 32518,
"upload_time": "2017-04-24T17:05:21",
"url": "https://files.pythonhosted.org/packages/6d/7e/140f25f01e6ae96affcf116a097c1e0ac54a08d6e2f7c9136f85656d8986/custodia.ipa-0.2.2.tar.gz"
}
],
"0.3.0": [
{
"comment_text": "",
"digests": {
"md5": "14c352e72c32b7d08b8652fa6e7633be",
"sha256": "a7d6364a0155ea2f9c03bdf540fc1494036856cdf7def086226c14e0c86bdc98"
},
"downloads": -1,
"filename": "custodia.ipa-0.3.0-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "14c352e72c32b7d08b8652fa6e7633be",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 16052,
"upload_time": "2017-05-05T11:24:14",
"url": "https://files.pythonhosted.org/packages/cc/1e/41e8bf45b5bd119e2653d1b5265a6391b5b25f827f524c613f8c7f12b223/custodia.ipa-0.3.0-py2.py3-none-any.whl"
},
{
"comment_text": "",
"digests": {
"md5": "d8f0515e61467f640eefc236132c09d4",
"sha256": "c6adb7ff25395ec58ac9995fbaa815cc24ef02a61e486d790d203a4a8e5dd242"
},
"downloads": -1,
"filename": "custodia.ipa-0.3.0.tar.gz",
"has_sig": false,
"md5_digest": "d8f0515e61467f640eefc236132c09d4",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 33519,
"upload_time": "2017-05-05T11:24:15",
"url": "https://files.pythonhosted.org/packages/a3/2f/7dbb3b5f8f711d95c8543d13e2a5e74aa4e8df09744a02e938249cd9d157/custodia.ipa-0.3.0.tar.gz"
}
],
"0.4.0": [
{
"comment_text": "",
"digests": {
"md5": "cf53139eb69274312037f70d3ecccef1",
"sha256": "791abe7153ac77fcdb03406ab7cf6fae22dac80580588f61b8b0cafa03d880d2"
},
"downloads": -1,
"filename": "custodia.ipa-0.4.0-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "cf53139eb69274312037f70d3ecccef1",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 16488,
"upload_time": "2017-05-11T06:25:20",
"url": "https://files.pythonhosted.org/packages/5c/b5/a3782f80acc819f8ba4cd2c2a4b8301b6a75bd6e95b8115e5f6b450c9bd1/custodia.ipa-0.4.0-py2.py3-none-any.whl"
},
{
"comment_text": "",
"digests": {
"md5": "33f8077bb8e5dd249aa55705d870ed8b",
"sha256": "5ea2eee7b75577eef66e9875d172f969dd21616425d751d5fe2fc93722f3463e"
},
"downloads": -1,
"filename": "custodia.ipa-0.4.0.tar.gz",
"has_sig": false,
"md5_digest": "33f8077bb8e5dd249aa55705d870ed8b",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 33854,
"upload_time": "2017-05-11T06:25:21",
"url": "https://files.pythonhosted.org/packages/8c/6e/4ed479418426c22eb3e499f1cce87ce1f27845c19a8793c1b010cef05733/custodia.ipa-0.4.0.tar.gz"
}
],
"0.4.1": [
{
"comment_text": "",
"digests": {
"md5": "0e5f146517fcdcc2419d6d6ef7110e8a",
"sha256": "e1e5a16d782e2ecaf38a3192e6352ee3b524d6e56e971e23da9e74856c3869a8"
},
"downloads": -1,
"filename": "custodia.ipa-0.4.1-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "0e5f146517fcdcc2419d6d6ef7110e8a",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 16540,
"upload_time": "2017-05-11T07:29:04",
"url": "https://files.pythonhosted.org/packages/d0/a8/b07af9a565d4e57b80390c29a02d3f15d373b79bd089c6793bad9e6e6cf5/custodia.ipa-0.4.1-py2.py3-none-any.whl"
},
{
"comment_text": "",
"digests": {
"md5": "07c05c2106c565947b52822d4b595068",
"sha256": "c9457cdbfb3c67cae8e77b7cbf7c4a19e184ea3edd65d3e8d85739b9de48a92f"
},
"downloads": -1,
"filename": "custodia.ipa-0.4.1.tar.gz",
"has_sig": false,
"md5_digest": "07c05c2106c565947b52822d4b595068",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 33919,
"upload_time": "2017-05-11T07:29:06",
"url": "https://files.pythonhosted.org/packages/bc/27/4cb6e780a98a5e8ab817008ea314a2b44857dabf9331d192509bfc9d4b0b/custodia.ipa-0.4.1.tar.gz"
}
],
"0.4.2": [
{
"comment_text": "",
"digests": {
"md5": "bbcf8c2db821913897f3723ad4c79b2c",
"sha256": "78e7d963d4923f8565d8c73781f29e756bf815642e1a42342dcd5b27d4311ca7"
},
"downloads": -1,
"filename": "custodia.ipa-0.4.2-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "bbcf8c2db821913897f3723ad4c79b2c",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 16559,
"upload_time": "2017-06-20T13:38:52",
"url": "https://files.pythonhosted.org/packages/0e/6e/ecfe5a2b12e5dd7285b4ed0ad0f021850ae17261edce6664040255375740/custodia.ipa-0.4.2-py2.py3-none-any.whl"
},
{
"comment_text": "",
"digests": {
"md5": "0882f1ca477541a00833152dc4e721f2",
"sha256": "c4ede27b40bd863769bdf0e8e540551bce9c00571fe51142f65318e9e1098feb"
},
"downloads": -1,
"filename": "custodia.ipa-0.4.2.tar.gz",
"has_sig": false,
"md5_digest": "0882f1ca477541a00833152dc4e721f2",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 33933,
"upload_time": "2017-06-20T13:38:55",
"url": "https://files.pythonhosted.org/packages/f9/87/26f25ae5b9b44698aa349012ce7d025ef936dc2923dbd81b0c77ae5137fd/custodia.ipa-0.4.2.tar.gz"
}
]
},
"urls": [
{
"comment_text": "",
"digests": {
"md5": "bbcf8c2db821913897f3723ad4c79b2c",
"sha256": "78e7d963d4923f8565d8c73781f29e756bf815642e1a42342dcd5b27d4311ca7"
},
"downloads": -1,
"filename": "custodia.ipa-0.4.2-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "bbcf8c2db821913897f3723ad4c79b2c",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 16559,
"upload_time": "2017-06-20T13:38:52",
"url": "https://files.pythonhosted.org/packages/0e/6e/ecfe5a2b12e5dd7285b4ed0ad0f021850ae17261edce6664040255375740/custodia.ipa-0.4.2-py2.py3-none-any.whl"
},
{
"comment_text": "",
"digests": {
"md5": "0882f1ca477541a00833152dc4e721f2",
"sha256": "c4ede27b40bd863769bdf0e8e540551bce9c00571fe51142f65318e9e1098feb"
},
"downloads": -1,
"filename": "custodia.ipa-0.4.2.tar.gz",
"has_sig": false,
"md5_digest": "0882f1ca477541a00833152dc4e721f2",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 33933,
"upload_time": "2017-06-20T13:38:55",
"url": "https://files.pythonhosted.org/packages/f9/87/26f25ae5b9b44698aa349012ce7d025ef936dc2923dbd81b0c77ae5137fd/custodia.ipa-0.4.2.tar.gz"
}
]
}