Identity

An Identity is an entity (such as user, device, or another service) registered with Delta and is comprised of a number of attributes, of which two rely on cryptographic primitives. These are the long-lived key pairs:

  • Encryption key pair - An asymmetric key pair, associated with an identity for the purposes of encrypting and decrypting secret encryption keys:

    • Public encryption key - The public key that functions as a key encryption key, to encrypt a secret encryption key. The public encryption key is stored in Delta as part of the identity creation process.
    • Private decryption key - The private key used to decrypt a secret

    encryption key. The private decryption key must be managed outside of Delta.

  • Signing key pair - An asymmetric key pair, associated with an identity for the purpose of request signing and authentication:

    • Public signing verification key - The public key used to verify request authenticity and ownership. The public signing verification key is stored in Delta as part of the identity creation process and is not publicly visible (unlike the public encryption key).
    • Private signing key - The private key used to sign requests as required by Delta so that the requests can be verified. The private signing key must be managed outside of Delta.
class covata.delta.Identity(parent, identity_id, public_encryption_key, external_id, metadata)[source]

An instance of this class encapsulates an identity in Covata Delta. An identity can be a user, application, device or any other identifiable entity that can create secrets and/or be target recipient of a secret.

An has two sets of asymmetric keys, for encryption and for signing of requests. Identities may also have optional, public, searchable metadata and a reference to an identifier in an external system.

Creates a new identity in Delta with the provided metadata and external id.

Parameters:
  • parent (Client) – the Delta client that constructed this instance
  • identity_id – the id of the identity
  • public_encryption_key (str) – the public signing key of the identity
  • external_id (str | None) – the external id of the identity
  • metadata (dict[str, str] | None) – the metadata belonging to the identity
create_secret(content)[source]

Creates a new secret in Delta with the given contents.

Parameters:content (bytes) – the secret content
Returns:the secret
Return type:Secret
delete_secret(secret_id)[source]

Deletes the secret with the given secret id.

Parameters:secret_id (str) – the secret id
get_events(secret_id=None, rsa_key_owner_id=None)[source]

Gets a list of events associated filtered by secret id or RSA key owner or both secret id and RSA key owner.

Parameters:
  • secret_id (str | None) – the secret id of interest
  • rsa_key_owner_id (str | None) – the rsa key owner id of interest
Returns:

a generator of audit events
Return type:

generator of Event
get_identities_by_metadata(metadata, page=None, page_size=None)[source]

Gets a list of identities matching the given metadata key and value pairs, bound by the pagination parameters.

Parameters:
  • metadata (dict[str, str]) – the metadata key and value pairs to filter
  • page (int | None) – the page number
  • page_size (int | None) – the page size
Returns:

a generator of Identity satisfying the request
Return type:

generator of [Identity]
get_identity(identity_to_retrieve=None)[source]

Gets the identity matching the given identity id.

Returns:the identity
Return type:Identity
get_secrets(base_secret_id=None, created_by=None, rsa_key_owner_id=None, metadata=None, lookup_type=<SecretLookupType.any: 3>, page=None, page_size=None)[source]

Gets a list of secrets based on the query parameters, bound by the pagination parameters.

Parameters:
  • base_secret_id (str | None) – the id of the base secret
  • created_by (str | None) – the id of the secret creator
  • rsa_key_owner_id (str | None) – the id of the RSA key owner
  • metadata (dict[str, str] | None) – the metadata associated with the secret
  • lookup_type (SecretLookupType) – the type of the lookup query
  • page (int | None) – the page number
  • page_size (int | None) – the page size
Returns:

a generator of secrets satisfying the search criteria
Return type:

generator of Secret
retrieve_secret(secret_id)[source]

Retrieves a secret with this identity.

Parameters:secret_id (str) – the secret id
Returns:the secret
Return type:Secret