GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects β†’ square β†’ Keywhiz

square / Keywhiz

Licence: apache-2.0
A system for distributing and managing secrets

Programming Languages

java
68154 projects - #9 most used programming language

Labels

cryptosecretssecret-managementkeywhizenterprise-softwaresecret-distributionsecrets-managementmanage-secrets

Projects that are alternatives of or similar to Keywhiz

secrets-proxy
πŸ”‘ A secure proxy service for managing OneOps secrets.
Stars: ✭ 12 (-99.51%)
Mutual labels:  secret-management, secrets, keywhiz, secret-distribution
cli
The official CLI for interacting with your Doppler secrets and configuration.
Stars: ✭ 96 (-96.08%)
Mutual labels:  secret-management, secrets, secrets-management
Shhgit
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com
Stars: ✭ 3,316 (+35.24%)
Mutual labels:  secrets, secrets-management
Cryptr
Cryptr: a GUI for Hashicorp's Vault
Stars: ✭ 324 (-86.79%)
Mutual labels:  secrets, secret-management
Tomb
the Crypto Undertaker
Stars: ✭ 859 (-64.97%)
Mutual labels:  crypto, secret-management
envkey-ruby
EnvKey's official Ruby client library
Stars: ✭ 24 (-99.02%)
Mutual labels:  secret-management, secrets
envy
Use envy to manage environment variables with your OS keychain
Stars: ✭ 23 (-99.06%)
Mutual labels:  secrets, secrets-management
Repo Supervisor
Scan your code for security misconfiguration, search for passwords and secrets. πŸ”
Stars: ✭ 482 (-80.34%)
Mutual labels:  secrets, secret-management
Secretserver
Secret Server PowerShell Module
Stars: ✭ 82 (-96.66%)
Mutual labels:  secrets, secret-management
Envkey App
Secure, human-friendly, cross-platform secrets and config.
Stars: ✭ 83 (-96.62%)
Mutual labels:  secrets, secret-management
Secretary
DEPRECATED Secrets management for dynamic environments
Stars: ✭ 93 (-96.21%)
Mutual labels:  secrets, secret-management
Hashicorp Vault Plugin
Jenkins plugin to populate environment variables from secrets stored in HashiCorp's Vault.
Stars: ✭ 191 (-92.21%)
Mutual labels:  secrets, secret-management
terraform-provider-lastpass
Terraform Lastpass provider
Stars: ✭ 55 (-97.76%)
Mutual labels:  secret-management, secrets
envkeygo
EnvKey's official Go client library
Stars: ✭ 36 (-98.53%)
Mutual labels:  secret-management, secrets
k8s-vault-webhook
A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers
Stars: ✭ 107 (-95.64%)
Mutual labels:  secret-management, secrets
Conjur
CyberArk Conjur automatically secures secrets used by privileged users and machine identities
Stars: ✭ 441 (-82.01%)
Mutual labels:  secrets, secret-management
envkey-node
EnvKey's official Node.js client library
Stars: ✭ 46 (-98.12%)
Mutual labels:  secret-management, secrets
kubecrypt
Helper for dealing with secrets in kubernetes.
Stars: ✭ 23 (-99.06%)
Mutual labels:  crypto, secrets
Helm Secrets
DEPRECATED A helm plugin that help manage secrets with Git workflow and store them anywhere
Stars: ✭ 1,129 (-53.96%)
Mutual labels:  secrets, secret-management
Enterprise
πŸ¦„ The Enterpriseβ„’ programming language
Stars: ✭ 1,493 (-39.11%)
Mutual labels:  crypto, enterprise-software
View All Similar Projects βž”

Keywhiz

license maven build

Keywhiz is a system for distributing and managing secrets. For more information, see the website.

Our Protecting infrastructure secrets with Keywhiz blog post is worth reading, as it provides some useful context.

Develop

Keywhiz requires Java 11 and MySQL 5.7 or higher.

See CONTRIBUTING for details on submitting patches.

Build Keywhiz:

mvn install

Run Keywhiz:

java -jar server/target/keywhiz-server-*-shaded.jar [COMMAND] [OPTIONS]

Useful commands to get started are migrate, add-user and server. Use with --help for a list of all available commands. Use with [COMMAND] --help to get help on a particular command.

For example, to run Keywhiz with a mysql database in development mode:

SERVER_JAR="server/target/keywhiz-server-*-shaded.jar"
KEYWHIZ_CONFIG="server/target/classes/keywhiz-development.yaml"

# Initialize dev database
java -jar $SERVER_JAR migrate $KEYWHIZ_CONFIG

# Add an administrative user
java -jar $SERVER_JAR add-user $KEYWHIZ_CONFIG

# Run server
java -jar $SERVER_JAR server $KEYWHIZ_CONFIG

To connect to a running Keywhiz instance, you will need to use the CLI.

An example helper shell script that wraps the keywhiz-cli and sets some default parameters:

#!/bin/sh

# Set the path to a compiled, shaded keywhiz-cli JAR file
KEYWHIZ_CLI_JAR="/path/to/keywhiz-cli-shaded.jar"
KEYWHIZ_SERVER_URL="https://$(hostname):4444"

# Use these flags if you want to specify a non-standard CA trust store.
# Alternatively, in development and testing specify the --devTrustStore 
# flag to use the default truststore (DO NOT use this in production, as
# the truststore is checked into Keywhiz' code).
TRUSTSTORE="-Djavax.net.ssl.trustStore=/path/to/ca-bundle.jceks"
TRUSTTYPE="-Djavax.net.ssl.trustStoreType=JCEKS"

java "$TRUSTSTORE" "$TRUSTTYPE" -jar "$KEYWHIZ_CLI_JAR" -U "$KEYWHIZ_SERVER_URL" "$@"

Keywhiz uses jOOQ to talk to its database.

If you made changes to the database model and want to regenerate sources:

mvn install -pl model/ -Pgenerate-jooq-sources

We recommend IntelliJ IDEA for development.

Clients & API

Square also maintains a Keywhiz client implementation called Keysync.

Docker

We ship a Dockerfile for building a Docker container for Keywhiz. Please see the Dockerfile for extra instructions.

License

Keywhiz is under the Apache 2.0 license. See the LICENSE file for details.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].