A system for distributing and managing secrets
Java JavaScript HTML Ruby Shell CSS Other
Latest commit 8d5485f Jan 19, 2017 @mcpherrinm mcpherrinm committed on GitHub Merge pull request #307 from square/mmc/close-body
Make sure we close body before throwing
Permalink
Failed to load latest commit information.
api Send group metadata along with the secret expiries Dec 22, 2016
cli Use new update endpoint in Keywhiz client Dec 5, 2016
client Make sure we close body before throwing Jan 19, 2017
docker Remove line about generating certs Feb 18, 2016
hkdf Remove calls to Mac.update() Dec 9, 2016
log Add logging of all state-altering operations Oct 6, 2016
model Fixing NPE in Timestamp converter for client last seen that is never … Sep 29, 2016
server Fix NPE arising from a secret not belonging in any groups in expiry v… Jan 19, 2017
testing Migrate to okhttp3. Feb 8, 2016
ui Delete withVersion from controllers.js Jun 1, 2016
website Instruct people to add-user instead of db-seed Sep 6, 2016
.gitignore Adds ability to choose different database backends. Jun 3, 2015
.travis.yml Compute coverage information, update build scripts Apr 15, 2016
BUG-BOUNTY.md Includes this repo in our open source bug bounty program. May 11, 2015
CHANGELOG.md prepare for v0.7.9 release Nov 11, 2015
CONTRIBUTING.md Initial open-source commit Mar 27, 2015
CONTRIBUTORS Initial open-source commit Mar 27, 2015
Dockerfile added missing file to Dockerfile Oct 9, 2016
LICENSE Initial open-source commit Mar 27, 2015
README.md Instruct people to add-user instead of db-seed Sep 6, 2016
checkstyle.xml Initial open-source commit Mar 27, 2015
deploy.sh use mktemp to create temporary directory Oct 19, 2015
findbugs-exclude.xml Enable and fixup findbugs Jun 3, 2015
pom.xml Add logging of all state-altering operations Oct 6, 2016

README.md

Keywhiz

license maven build

Keywhiz is a system for distributing and managing secrets. For more information, see the website.

Our Protecting infrastructure secrets with Keywhiz blog post is worth reading, as it provides some useful context.

Develop

See CONTRIBUTING for details on submitting patches.

Build keywhiz:

# Build keywhiz for H2
mvn install -P h2

# Build keywhiz for MySQL
mvn install -P mysql

Run Keywhiz:

java -jar server/target/keywhiz-server-*-shaded.jar [COMMAND] [OPTIONS] 

Useful commands to get started are migrate, add-user and server. Use with --help for a list of all available commands. Use with [COMMAND] --help to get help on a particular command.

For example, to run Keywhiz with an H2 database in development mode:

export SERVER_JAR=server/target/keywhiz-server-*-shaded.jar
export KEYWHIZ_CONFIG=server/target/classes/keywhiz-development.yaml.h2

# Initialize dev database (H2)
java -jar $SERVER_JAR migrate $KEYWHIZ_CONFIG

# Add an administrative user
java -jar $SERVER_JAR add-user $KEYWHIZ_CONFIG

# Run server
java -jar $SERVER_JAR server $KEYWHIZ_CONFIG

Keywhiz uses jOOQ to talk to its database.

If you made changes to the database model and want to regenerate sources:

mvn install -pl model/ -Pgenerate-jooq-sources

We recommend IntelliJ IDEA for development.

Docker

We ship a Dockerfile for building a Docker container for keywhiz. Please see the Dockerfile for extra instructions.

License

Keywhiz is under the Apache 2.0 license. See the LICENSE file for details.