SDK for Python

The Oracle Cloud Infrastructure SDK for Python enables you to write code to manage Oracle Cloud Infrastructure resources.

This SDK and sample is dual-licensed under the Universal Permissive License 1.0 and the Apache License 2.0; third-party content is separately licensed as described in the code.

Download: The SDK for Python is available on GitHub or the Python Package Index (PyPi).

Documentation: Available on docs.cloud.oracle.com and readthedocs.io.

Services Supported

  • Analytics Cloud
  • Announcements
  • API Gateway
  • Application Migration
  • Audit
  • Autoscaling (Compute)
  • Big Data
  • Budgets
  • Container Engine for Kubernetes
  • Content and Experience
  • Core Services (Networking, Compute, Block Volume)
  • Data Catalog
  • Data Flow
  • Data Integration
  • Data Safe
  • Data Science
  • Data Transfer
  • Database
  • Digital Assistant
  • DNS
  • Email Delivery
  • Events
  • File Storage
  • Functions
  • Health Checks
  • IAM
  • Integration Cloud
  • Key Management (for the Vault service)
  • Limits
  • Load Balancing
  • Marketplace
  • Monitoring
  • MySQL Database
  • NoSQL Database Cloud
  • Notifications
  • Object Storage
  • OS Management
  • Quotas
  • Resource Manager
  • Search
  • Secret Management (for the Vault service)
  • Streaming
  • Support Management
  • Usage

  • VMWare Solution
  • Web Application Acceleration and Security
  • Work Requests (Compute, Database)

Installing with yum

If you're using Oracle Linux 7, you can use yum to install the OCI SDK for Python.

The following example shows how to use yum to install the OCI SDK for Python 3.6:

sudo yum install python36-oci-sdk.x86_64

This example shows how to use yum to install the OCI SDK for Python 2.7:

sudo yum install python-oci-sdk.x86_64

Client-Side Encryption

Client Side Encryption allows you to encrypt data on the client side before storing it locally or using it with other Oracle Cloud Infrastructure services.

To use client-side encryption, you must create a master encryption key (MEK) using the Key Management Service. This can be done using the CreateKey or ImportKey operations.

The MEK is used to generate a Data Encryption Key (DEK) to encrypt each payload. A encrypted copy of this DEK (encrypted under the MEK) and other pieces of metadata are included in the encrypted payload returned by the SDKs so that they can be used for decryption.

Examples

The following code example shows how to encrypt a string:


import oci
 
# user supplied vars
vault_id = TEST_VAULT_OCID
master_key_id = TEST_MASTER_KEY_ID
data_to_encrypt_bytes = b"This is a secret message"
 
config = oci.config.from_file()
kms_master_key = oci.encryption.KMSMasterKey(
    config=config, master_key_id=master_key_id, vault_id=vault_id
)
 
kms_master_key_provider = oci.encryption.KMSMasterKeyProvider(
    config=config,
    kms_master_keys=[kms_master_key]
)
 
crypto_result = crypto.encrypt(kms_master_key_provider, data_to_encrypt_bytes)
ciphertext = crypto_result.get_data()
print("ciphertext: {}".format(ciphertext))
 
# decrypt string example
crypto_result = crypto.decrypt(ciphertext, kms_master_key_provider)
print("unencrypted text: {}".format(crypto_result.get_data()))

The following example shows how to encrypt a file stream:

import oci
import shutil
 
# user supplied vars
vault_id = TEST_VAULT_OCID
master_key_id = TEST_MASTER_KEY_ID
file_to_encrypt = "/file/to/encrypt/message.txt"
output_encrypted_file = "/tmp/message.txt.encrypted"
output_decrypted_file = "/tmp/message.txt.decrypted"
 
# setup OCI KMS keys
config = oci.config.from_file()
kms_master_key = oci.encryption.KMSMasterKey(
    config=config, master_key_id=master_key_id, vault_id=vault_id
)
 
kms_master_key_provider = oci.encryption.KMSMasterKeyProvider(
    config=config,
    kms_master_keys=[kms_master_key]
)
 
# encrypt stream example
with open(output_encrypted_file, 'wb') as output_stream, open(file_to_encrypt, 'rb') as stream_to_encrypt:
    with crypto.create_encryption_stream(
        kms_master_key_provider,
        stream_to_encrypt
    ) as encryption_stream:
        shutil.copyfileobj(encryption_stream, output_stream)
 
# decrypt stream example
with open(output_decrypted_file, 'wb') as output_stream, open(output_encrypted_file, 'rb') as stream_to_decrypt:
    with crypto.create_decryption_stream(
        stream_to_decrypt,
        kms_master_key_provider
    ) as decryption_stream:
        shutil.copyfileobj(decryption_stream, output_stream)

Contact Us

Contributions

Got a fix for a bug or a new feature you'd like to contribute? The SDK is open source and accepting pull requests on GitHub.

Notifications

To be notified when a new version of the SDK for Python is released, subscribe to the Atom feed.

Questions or Feedback