VCert Python is a Python library and SDK designed to simplify key generation and enrollment of machine identities (also known as SSL/TLS certificates and keys) that comply with enterprise security policy by using the Venafi Platform or Venafi Cloud.
This implementation is based on the original Go library, https://github.com/Venafi/vcert.
VCert supports Python 3, and Python 2.7.
Get the library using pip:
pip install vcert
You also can install latest version from github:
pip install https://github.com/Venafi/vcert-python/archive/master.zip
For code samples of programmatic use, please review the files in /examples.
Prerequisites for using with Trust Protection Platform
- A user account that has been granted WebSDK Access
- A folder (zone) where the user has been granted the following permissions: View, Read, Write, Create, Revoke (for the revoke action), and Private Key Read (for the pickup action when CSR is service generated)
- Policy applied to the folder which specifies:
- CA Template that Trust Protection Platform will use to enroll certificate requests submitted by VCert
- Subject DN values for Organizational Unit (OU), Organization (O), City (L), State (ST) and Country (C)
- Management Type not locked or locked to 'Enrollment'
- Certificate Signing Request (CSR) Generation not locked or locked to 'Service Generated CSR'
- Generate Key/CSR on Application not locked or locked to 'No'
- (Recommended) Disable Automatic Renewal set to 'Yes'
- (Recommended) Key Bit Strength set to 2048 or higher
- (Recommended) Domain Whitelisting policy appropriately assigned