Skip to content

bodaay/multikey

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits

Faisal

Faisal

 
 

cmd

cmd

 
 

multikey

multikey

 
 

.gitignore

.gitignore

 
 

BuildForLinux.bat

BuildForLinux.bat

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

main.go

main.go

 
 

main.go.withHex

main.go.withHex

 
 

Repository files navigation

multikey - Require n-of-N keys to decrypt

Go Report Card GitHub issues Documentation license

Allows for the creation of decryption rules for secrets at rest, for example:

  • Decrypt if any of 5 keys are provided
  • Decrypt if all of 5 keys are provided
  • Decrypt if at least 3 of 5 keys are provided

Example use cases:

  • I want anyone on my team to be able to decrypt shared application runtime secrets with their own key locally, and have my deployments be able to decrypt the same secrets by fetching a decryption key from AWS KMS
  • I want my team to be able to access a highly privileged secret in emergency situations, by having n/N team members provide their key

... many more

Benefits of using this:

  • Allows for managing secrets with complex rules
  • Allows for secrets to be encrypted at rest, which means they can live on your Github, and you don't have to pay for a database or rely on an external service

Usage

import "github.com/bodaay/multikey"

Encrypt:

mkEncryptedSecret, err := multikey.Encrypt(plainTxtSecret, pubKeys, requireN)
checkErr(err)

Decrypt:

plainTxtSecret, err := multikey.Decrypt(mkEncryptedSecret, privKeys)
checkErr(err)

About

n-out-of-N-keys encryption framework based on shamir's secret sharing algorithm

Resources

Readme

License

MPL-2.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Go 99.9%
  • Batchfile 0.1%