Welcome to Paramiko-Cloud’s documentation!

This project aims to extend Paramiko to provide SSH keys that are backed by cloud-based key management services. Further, SSH certificate signing capabilities are added that make implementation of SSH certificate authorities straightforward.

• Keys
  • Base Key
  • Amazon Web Services
  • Microsoft Azure
  • Google Cloud Platform
• PKI
• gRPC
  • Server implementation
  • Services
  • Protobuf messages

Installation

Install Paramiko-Cloud using pip:

# Install with AWS support
pip install paramiko-cloud[aws]

# Install with Azure support
pip install paramiko-cloud[azure]

# Install with GCP support
pip install paramiko-cloud[gcp]

Examples

Amazon Web Services

from paramiko_cloud.aws.keys import ECDSAKey

ca_key = ECDSAKey(
    "arn:aws:kms:ap-northeast-1:012345678901:key/e9a4e926-b826-46fe-840d-58d44f0c6a89",
    region_name="ap-northeast-1"
)
client_key = RSAKey.generate(1024)
cert_string = ca_key.sign_certificate(
    client_key,
    ["test.user"]
).cert_string()

Microsoft Azure

from azure.identity import DefaultAzureCredential
from paramiko_cloud.azure.keys import ECDSAKey

credential = DefaultAzureCredential()

ca_key = ECDSAKey(
    credential,
    "https://your.vault.url/",
    "key_name"
)
client_key = RSAKey.generate(1024)
cert_string = ca_key.sign_certificate(
    client_key,
    ["test.user"]
).cert_string()

Google Cloud Platform

from google.cloud import kms
from paramiko_cloud.gcp.keys import ECDSAKey

kms_client = kms.KeyManagementServiceClient()
key_name = "projects/PROJECT_NAME/locations/REGION_NAME/keyRings/YOUR_KEY_RING_NAME/cryptoKeys/YOUR_KEY_NAME/cryptoKeyVersions/YOUR_KEY_VERSION"

ca_key = ECDSAKey(kms_client, key_name)
client_key = RSAKey.generate(1024)
cert_string = ca_key.sign_certificate(
    client_key,
    ["test.user"]
).cert_string()

Indices and tables

• Index

• Module Index

• Search Page