I need to use a KMIP server for a project and searched for an open source solution. The only viable options I found are PyKMIP (https://github.com/OpenKMIP/PyKMIP) and KMIP4J (https://sourceforge.net/projects/kmip4j/).
The problem with PyKMIP is this warning:
"Warning: The PyKMIP server is intended for testing and demonstration purposes only. It is not a replacement for a secure, hardened, hardware-based key management appliance. It should not be used in a production-level environment, nor for critical operations."
What is the reason the Server is not usable for critical operations? Was it produced for testing the client only? What would need to change to make it viable?
KMIP4J on the other hand is an Implementation of KMIP 1.0. Can KMIP 1.0 be used in a production-level environment with the current version being 1.4 (2017)? Will I be able to use it far into the future without getting a security Problem?
As an alternative, is there a good open source solution I missed or a different protocol etc. that offers good security when managing keys?
Thank you for your help.
