Client

class covata.delta.Client(key_store, api_client_factory=<class covata.delta.apiclient.ApiClient>)[source]

The main entry point for the Delta SDK.

An instance of this class will provide an interface to work and interact with the Delta API. The core domain objects (Identity, Secret and Event) are returned from method calls to this class, and themselves provide fluent interface that can be used to continue interactive with the Delta API. Consumers of this SDK can therefore choose whether they wish to construct all the calls from base values (i.e. id strings such as identity_id, secret_id, etc) or via the fluent interfaces (or a mixture of both).

Creates a new DeltaClient instance from the provided configuration.

Parameters:
add_secret_metadata(identity_id, secret_id, metadata)[source]

Adds metadata to the given secret. The version number is required for optimistic locking on concurrent updates. An attempt to update metadata with outdated version will be rejected by the server. Passing in an empty metadata map will result in no changes to the metadata or version number.

Parameters:
  • identity_id (str) – the authenticating identity id
  • secret_id (str) – the secret id
  • metadata (dict[str, str]) – a map of metadata key and value pairs
create_identity(external_id=None, metadata=None)[source]

Creates a new identity in Delta.

Parameters:
  • external_id (str | None) – the external id to associate with the identity
  • metadata (dict[str, str] | None) – the metadata to associate with the identity
Returns:

the identity
Return type:

Identity
create_secret(identity_id, content)[source]

Creates a new secret in Delta with the given byte contents.

Parameters:
  • identity_id (str) – the authenticating identity id
  • content (bytes) – the secret contents
Returns:

the secret
Return type:

Secret
delete_secret(identity_id, secret_id)[source]

Deletes the secret with the given secret id.

Parameters:
  • identity_id (str) – the authenticating identity id
  • secret_id (str) – the secret id
get_events(identity_id, secret_id=None, rsa_key_owner_id=None)[source]

Gets a list of events associated filtered by secret id or RSA key owner or both secret id and RSA key owner.

Parameters:
  • identity_id (str) – the authenticating identity id
  • secret_id (str | None) – the secret id of interest
  • rsa_key_owner_id (str | None) – the rsa key owner id of interest
Returns:

a generator of audit events
Return type:

generator of Event
get_identities_by_metadata(identity_id, metadata, page=None, page_size=None)[source]

Gets a list of identities matching the given metadata key and value pairs, bound by the pagination parameters.

Parameters:
  • identity_id (str) – the authenticating identity id
  • metadata (dict[str, str]) – the metadata key and value pairs to filter
  • page (int | None) – the page number
  • page_size (int | None) – the page size
Returns:

a generator of Identity satisfying the request
Return type:

generator of Identity
get_identity(identity_id, identity_to_retrieve=None)[source]

Gets the identity matching the given identity id.

Parameters:identity_id (str) – the authenticating identity id
Returns:the identity
Return type:Identity
get_secret(identity_id, secret_id)[source]

Gets the given secret by id.

Parameters:
  • identity_id (str) – the authenticating identity id
  • secret_id (str) – the id of the secret to retrieve
Returns:

the secret
Return type:

Secret
get_secret_content(identity_id, secret_id, symmetric_key, initialisation_vector)[source]

Gets the plaintext content, given the symmetric key and initialisation vector used for encryption.

Parameters:
  • identity_id (str) – the authenticating identity id
  • secret_id (str) – the secret id
  • symmetric_key (str) – the symmetric key used for encryption encoded in base64
  • initialisation_vector (str) – the initialisation vector encoded in base64
Returns:

the plaintext content of the secret
Return type:

bytes
get_secret_content_encrypted(identity_id, secret_id)[source]

Gets the base64 encoded encrypted content given the secret id.

Note that the returned encrypted content when decoded from base64 has a trailing 16 byte GCM authentication tag appended (i.e. the cipher text is the byte range [:-16] and the authentication tag is the remaining [-16:] bytes).

Parameters:
  • identity_id (str) – the authenticating identity id
  • secret_id (str) – the secret id
Returns:

the encrypted content encoded in base64
Return type:

str
get_secret_metadata(identity_id, secret_id)[source]

Gets the metadata key and value pairs for the given secret.

Parameters:
  • identity_id (str) – the authenticating identity id
  • secret_id (str) – the secret id to be retrieved
Returns:

the retrieved secret metadata dictionary and version tuple
Return type:

(dict[str, str], int)
get_secrets(identity_id, base_secret_id=None, created_by=None, rsa_key_owner_id=None, metadata=None, lookup_type=<SecretLookupType.any: 3>, page=None, page_size=None)[source]

Gets a list of secrets based on the query parameters, bound by the pagination parameters.

Parameters:
  • identity_id (str) – the authenticating identity id
  • base_secret_id (str | None) – the id of the base secret
  • created_by (str | None) – the id of the secret creator
  • rsa_key_owner_id (str | None) – the id of the RSA key owner
  • metadata (dict[str, str] | None) – the metadata associated with the secret
  • lookup_type (SecretLookupType) – the type of the lookup query
  • page (int | None) – the page number
  • page_size (int | None) – the page size
Returns:

a generator of secrets satisfying the search criteria
Return type:

generator of Secret
share_secret(identity_id, recipient_id, secret_id)[source]

Shares the base secret with the specified recipient. The contents will be encrypted with the public encryption key of the RSA key owner, and a new secret key and initialisation vector will be generated. This call will result in a new derived secret being created and returned.

Parameters:
  • identity_id (str) – the authenticating identity id
  • recipient_id (str) – the target identity id to share the base secret
  • secret_id (str) – the base secret id
Returns:

the derived secret
Return type:

Secret