Skip to content
Python library and SDK that simplifies integration with Venafi certificate services.
Branch: master
Clone or download
Latest commit d0a457a Feb 7, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs second commit with code Dec 27, 2018
examples fix revoke and add examples Feb 6, 2019
tests fix for python2 Jan 25, 2019
vcert fix revoke and add examples Feb 6, 2019
.gitignore fixes Dec 27, 2018
Dockerfile Adding make test Dec 27, 2018
LICENSE initial commit Dec 27, 2018
Makefile misprints Jan 9, 2019
README.md Updating readme Jan 14, 2019
requirements.txt config requirements version Jan 24, 2019
setup.py push version Feb 7, 2019

README.md

VCert Python

VCert Python is a Python library and SDK designed to simplify key generation and enrollment of machine identities (also known as SSL/TLS certificates and keys) that comply with enterprise security policy by using the Venafi Platform or Venafi Cloud.

This implementation is based on the original Go library, https://github.com/Venafi/vcert.

VCert supports Python 3, and Python 2.7.

Installation

Get the library using pip:
pip install vcert

You also can install latest version from github:
pip install https://github.com/Venafi/vcert-python/archive/master.zip

Usage example

For code samples of programmatic use, please review the files in /examples.

Prerequisites for using with Trust Protection Platform

  1. A user account that has been granted WebSDK Access
  2. A folder (zone) where the user has been granted the following permissions: View, Read, Write, Create, Revoke (for the revoke action), and Private Key Read (for the pickup action when CSR is service generated)
  3. Policy applied to the folder which specifies:
    1. CA Template that Trust Protection Platform will use to enroll certificate requests submitted by VCert
    2. Subject DN values for Organizational Unit (OU), Organization (O), City (L), State (ST) and Country (C)
    3. Management Type not locked or locked to 'Enrollment'
    4. Certificate Signing Request (CSR) Generation not locked or locked to 'Service Generated CSR'
    5. Generate Key/CSR on Application not locked or locked to 'No'
    6. (Recommended) Disable Automatic Renewal set to 'Yes'
    7. (Recommended) Key Bit Strength set to 2048 or higher
    8. (Recommended) Domain Whitelisting policy appropriately assigned
You can’t perform that action at this time.