OneKMS

OneKMS is a local web application for viewing and managing AWS and GCP KMS keys, credentials, and compliance results from a browser UI.

Tar Builds

Prepackaged archives are available under build/:

• build/windows.tar.gz
• build/linux.tar.gz
• build/mac.tar.gz

Each archive contains:

• the onekms server binary for that OS
• the web/ folder required by the UI

Archive layout:

• windows/onekms.exe and windows/web/
• linux/onekms and linux/web/
• mac/onekms and mac/web/

Run From Tar Build

Extract the archive for your OS.

Linux:

tar -xzf build/linux.tar.gz
cd linux
./onekms

macOS:

tar -xzf build/mac.tar.gz
cd mac
./onekms

Windows:

1. Extract build/windows.tar.gz
2. Open the extracted windows folder
3. Run onekms.exe

The server starts on http://localhost:8080 by default.

Runtime Files

The app expects the binary and the web/ folder to stay together in the same extracted OS folder.

By default, the SQLite database is created in the current working directory as:

onekms.sqlite3

Configuration

Environment variables:

• PORT: HTTP port or full bind address
• SQLITE_DSN: SQLite database path

Examples:

PORT=9090 ./onekms

SQLITE_DSN=./data/onekms.sqlite3 ./onekms

Web UI

Open:

http://localhost:8080

The web UI provides:

• cloud summary for AWS and GCP
• key listing and key details
• compliance results and compliance table
• credential CRUD for AWS and GCP
• request console for direct API calls

Basic UI Flow

1. Start the server.
2. Open the browser at http://localhost:8080.
3. Add AWS or GCP credentials in the Credentials section.
4. Use Key List to load and inspect keys.
5. Switch compliance frameworks from the top tabs.
6. Review compliance results, recommendations, and key metadata.

Notes

• The server serves web/index.html and static assets from web/.
• If the browser UI shows request errors, the alert banner near the top displays them.
• If PORT is unset, OneKMS listens on :8080.