Identity¶
An Identity is an entity (such as user, device, or another service) registered with Delta and is comprised of a number of attributes, of which two rely on cryptographic primitives. These are the long-lived key pairs:
Encryption key pair - An asymmetric key pair, associated with an identity for the purposes of encrypting and decrypting secret encryption keys:
- Public encryption key - The public key that functions as a key encryption key, to encrypt a secret encryption key. The public encryption key is stored in Delta as part of the identity creation process.
- Private decryption key - The private key used to decrypt a secret
encryption key. The private decryption key must be managed outside of Delta.
Signing key pair - An asymmetric key pair, associated with an identity for the purpose of request signing and authentication:
- Public signing verification key - The public key used to verify request authenticity and ownership. The public signing verification key is stored in Delta as part of the identity creation process and is not publicly visible (unlike the public encryption key).
- Private signing key - The private key used to sign requests as required by Delta so that the requests can be verified. The private signing key must be managed outside of Delta.
-
class
covata.delta.
Identity
(parent, identity_id, public_encryption_key, external_id, metadata)[source]¶ An instance of this class encapsulates an identity in Covata Delta. An identity can be a user, application, device or any other identifiable entity that can create secrets and/or be target recipient of a secret.
An has two sets of asymmetric keys, for encryption and for signing of requests. Identities may also have optional, public, searchable metadata and a reference to an identifier in an external system.
Creates a new identity in Delta with the provided metadata and external id.
Parameters: - parent (
Client
) – the Delta client that constructed this instance - identity_id – the id of the identity
- public_encryption_key (str) – the public signing key of the identity
- external_id (str | None) – the external id of the identity
- metadata (dict[str, str] | None) – the metadata belonging to the identity
-
create_secret
(content)[source]¶ Creates a new secret in Delta with the given contents.
Parameters: content (bytes) – the secret content Returns: the secret Return type: Secret
-
delete_secret
(secret_id)[source]¶ Deletes the secret with the given secret id.
Parameters: secret_id (str) – the secret id
-
get_events
(secret_id=None, rsa_key_owner_id=None)[source]¶ Gets a list of events associated filtered by secret id or RSA key owner or both secret id and RSA key owner.
Parameters: - secret_id (str | None) – the secret id of interest
- rsa_key_owner_id (str | None) – the rsa key owner id of interest
Returns: a generator of audit events
Return type: generator of
Event
-
get_identities_by_metadata
(metadata, page=None, page_size=None)[source]¶ Gets a list of identities matching the given metadata key and value pairs, bound by the pagination parameters.
Parameters: - metadata (dict[str, str]) – the metadata key and value pairs to filter
- page (int | None) – the page number
- page_size (int | None) – the page size
Returns: a generator of
Identity
satisfying the requestReturn type: generator of [
Identity
]
-
get_identity
(identity_to_retrieve=None)[source]¶ Gets the identity matching the given identity id.
Returns: the identity Return type: Identity
-
get_secrets
(base_secret_id=None, created_by=None, rsa_key_owner_id=None, metadata=None, lookup_type=<SecretLookupType.any: 3>, page=None, page_size=None)[source]¶ Gets a list of secrets based on the query parameters, bound by the pagination parameters.
Parameters: - base_secret_id (str | None) – the id of the base secret
- created_by (str | None) – the id of the secret creator
- rsa_key_owner_id (str | None) – the id of the RSA key owner
- metadata (dict[str, str] | None) – the metadata associated with the secret
- lookup_type (
SecretLookupType
) – the type of the lookup query - page (int | None) – the page number
- page_size (int | None) – the page size
Returns: a generator of secrets satisfying the search criteria
Return type: generator of
Secret
- parent (