Getting Started • Examples • Support • Contributing • License
The Python SDK for OpenZiti is a library that enables you to integrate zero trust network connectivity into your Python applications, and establish secure connections with remote network resources over an OpenZiti network. The SDK also simplifies the process of adding secure, zero-trust network connectivity built into your Python application. It's so simple that it can be done in just two lines of code!
OpenZiti is an open-source project that provides secure, zero-trust networking for applications running on any platform.
More specifically, the SDK allows you to integrate zero trust at the application level. This means your data is never exposed outside the application environment providing you with end-to-end encryption for ultimate security. See other zero trust models here.
If you don't already have an OpenZiti network running, you can follow our express install guides to set up the network that fits your needs. Or, you can try CloudZiti for free, check out more here.
The Python SDK for OpenZiti is distributed via the Python Package Index (PyPI) and can be installed using
pip package manager.
pip install openzitiWith just two lines of code, you can turn your plain old web server into a secure, zero-trust embedded application. Below is an example of just how simple it is to get started.
Provide a hostname, and port for your application, a simple monkey patch, and you're ready to go. You don't even need to know what a monkey patch is! However, if you're interested in what a monkey patch is, expand the block below.
What is Monkey Patching?
Monkey patching allows developers to modify functionality for code even when they may not have access to the original source code. Because Python has a dynamic object model allowing developers to modify objects at runtime. Monkey patching allows developers to point a function call to any function they want. We can even implement our own function that doesn't exist in the source code.
The way this Python SDK uses monkey patching is to override existing functionality in socket handling by the socket module.
Taking a look at the code below, the key lines are the last two. You can see how, for each monkey patched function, we're telling that function call on the
sockobject to be directed to the function held in_patch_methods. Therefore, this SDK can be used on any application that doesn't manage its own sockets.def __init__(self, **kwargs): self.orig_socket = sock.socket sock.socket = _patchedSocket(kwargs) self.orig_methods = {m: sock.__dict__[m] for m, _ in _patch_methods.items()} for m_name, _ in _patch_methods.items(): sock.__dict__[m_name] = _patch_methods[m_name]
cfg = dict(ztx=openziti.load('/path/to/identity.json'), service="name-of-ziti-service")
openziti.monkeypatch(bindings={('127.0.0.1', 8000): cfg})Or try our decorator pattern with a function annotation
@openziti.zitify(bindings={('127.0.0.1', 18080): {'ztx': '/path/to/identity.json', 'service': 'name-of-ziti-service'}})
def yourFunction():The binding dictionary configures what happens when the code tries to open a server socket. Standard network addresses
are mapped to ziti service configurations. For example, with his configuration
bindings = {
('0.0.0.0', 8080): { 'ztx': 'my-identity.json', 'service':'my-service' }
}when application opens a server socket and binds to address 0.0.0.0:8080 it will actually bind to the ziti service named my-service.
Binding addresses can be specified with tuples, strings, or ints(ports). ('0.0.0.0', 8080), '0.0.0.0:8080', ':8080', 8080
are all considered and treated the same.
Try it out yourself with one of our examples
Please use these community resources for getting help. We use GitHub issues for tracking bugs and feature requests and have limited bandwidth to address them.
- Read the offical docs
- Join our Developer Community
- Participate in discussion on Discourse
Do you want to get your hands dirty and help make OpenZiti better? Contribute to the OpenZiti open-source project through bug reports, bug fixes, documentation, etc. Check out our guide on contributing to our projects here.