This is meant to be a bitwarden/hashicorp vault replacement.
The goal is to implement a standard REST interface that both machines and humans can interact with. It should do all permissions processing server side.
Relevant Issues:
Hashicorp /sercret/search
Bitwarden external-secrets operator support
keyguard (kg)
GET keyguard get/g
keyguard g secretname
# returns all keys (not values)
keyguard g secretname.key
# returns value for key
POST keyguard update/u
keyguard u secretname
# update all keys (if valid input)
keyguard u secretname.key
# update value for key
DELETE keyguard delete/d
keyguard d secretname
# update entire
keyguard d secretname.key
# update value for key
keyguard serve -p port
- should we try to mirror kubernetes permissions style?
- look at kubewarden
- look at ldap
- look at how hashicorp does it
- check how google/aws do it
General data format: key: { key: value }
- top level key is the logical name for the "group" (name of entity eg. UCLA, RancherGov, ExampleApplication, A website, etc)
- subkeys are names of the keys themselves (username, password, secure note, certificate, etc)
- value is the actual value
machine accounts and user accounts:
- ?
All formats should be encrypted
- default to protobuf
- yaml/json should also be supported
- encrypted protobuf
- should add optional memory encrytion as well for confidential computing (low prio)