As of 9/18/23 this project is now deprecated and no longer maintained; we recommend using HashiCorp Vault as a more robust and actively supported alternative.
Keysync is a production-ready program for accessing secrets in Keywhiz.
It is a replacement for the now-deprecated FUSE-based keywhiz-fs.
Keysync must be built with Go 1.11+. You can build keysync from source:
$ git clone https://github.com/square/keysync
$ cd keysync
$ go build github.com/square/keysync/cmd/keysync
This will generate a binary called ./keysync
Keysync uses Go modules to manage dependencies. If you've cloned the repo into GOPATH
, you should export GO111MODULE=on
before running any go
commands. All deps should be automatically fetched when using go build
and go test
. Add go mod tidy
before committing.
Entire test suite:
go test ./...
Short, unit tests only:
go test -short ./...
Keysync requires access to Keywhiz to work properly. Assuming you run Keywhiz locally on default port (4444), you can start keysync with:
./keysync --config keysync-config.yaml