Skip to content
A system for distributing and managing secrets
Java Other
  1. Java 98.2%
  2. Other 1.8%
Branch: master
Clone or download
mbyczkowski Merge pull request #595 from square/dependabot/maven/org.apache.maven…
….plugins-maven-checkstyle-plugin-3.1.1

Bump maven-checkstyle-plugin from 3.1.0 to 3.1.1
Latest commit ada7e3c Feb 18, 2020

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
api Bump dropwizard-jackson from 1.3.17 to 1.3.18 Feb 3, 2020
cli Run intellij's optimize imports Dec 17, 2019
client Run intellij's optimize imports Dec 17, 2019
docker remove h2 and convert travis-ci to use mysql Aug 2, 2019
docs Update README and docs Jan 4, 2020
hkdf [maven-release-plugin] prepare for next development iteration Sep 6, 2019
log [maven-release-plugin] prepare for next development iteration Sep 6, 2019
model Update Flyway to 6.0.4 Oct 9, 2019
server
testing Run intellij's optimize imports Dec 17, 2019
.gitignore remove h2 and convert travis-ci to use mysql Aug 2, 2019
.travis.yml remove h2 and convert travis-ci to use mysql Aug 2, 2019
BUG-BOUNTY.md
CHANGELOG.md Update changelog for release Sep 6, 2019
CONTRIBUTING.md Update README and docs Jan 4, 2020
CONTRIBUTORS Initial open-source commit Mar 27, 2015
Dockerfile bump maven to 3.6 Nov 14, 2019
LICENSE Initial open-source commit Mar 27, 2015
README.md Update README and docs Jan 4, 2020
checkstyle.xml Initial open-source commit Mar 27, 2015
findbugs-exclude.xml Delete unused servlet after UI removal May 15, 2017
pom.xml Merge pull request #595 from square/dependabot/maven/org.apache.maven… Feb 18, 2020
update-javadocs.sh A little script to update javadocs Jun 27, 2017

README.md

Keywhiz

license maven build

Keywhiz is a system for distributing and managing secrets. For more information, see the website.

Our Protecting infrastructure secrets with Keywhiz blog post is worth reading, as it provides some useful context.

Develop

Keywhiz requires Java 11 and MySQL 5.7 or higher.

See CONTRIBUTING for details on submitting patches.

Build Keywhiz:

mvn install

Run Keywhiz:

java -jar server/target/keywhiz-server-*-shaded.jar [COMMAND] [OPTIONS]

Useful commands to get started are migrate, add-user and server. Use with --help for a list of all available commands. Use with [COMMAND] --help to get help on a particular command.

For example, to run Keywhiz with a mysql database in development mode:

SERVER_JAR="server/target/keywhiz-server-*-shaded.jar"
KEYWHIZ_CONFIG="server/target/classes/keywhiz-development.yaml"

# Initialize dev database
java -jar $SERVER_JAR migrate $KEYWHIZ_CONFIG

# Add an administrative user
java -jar $SERVER_JAR add-user $KEYWHIZ_CONFIG

# Run server
java -jar $SERVER_JAR server $KEYWHIZ_CONFIG

To connect to a running Keywhiz instance, you will need to use the CLI.

An example helper shell script that wraps the keywhiz-cli and sets some default parameters:

#!/bin/sh

# Set the path to a compiled, shaded keywhiz-cli JAR file
KEYWHIZ_CLI_JAR="/path/to/keywhiz-cli-shaded.jar"
KEYWHIZ_SERVER_URL="https://$(hostname):4444"

# Use these flags if you want to specify a non-standard CA trust store
TRUSTSTORE="-Djavax.net.ssl.trustStore=/path/to/ca-bundle.jceks"
TRUSTTYPE="-Djavax.net.ssl.trustStoreType=JCEKS"

java "$TRUSTSTORE" "$TRUSTTYPE" -jar "$KEYWHIZ_CLI_JAR" -U "$KEYWHIZ_SERVER_URL" "$@"

Keywhiz uses jOOQ to talk to its database.

If you made changes to the database model and want to regenerate sources:

mvn install -pl model/ -Pgenerate-jooq-sources

We recommend IntelliJ IDEA for development.

Clients & API

Square also maintains a Keywhiz client implementation called Keysync.

Docker

We ship a Dockerfile for building a Docker container for Keywhiz. Please see the Dockerfile for extra instructions.

License

Keywhiz is under the Apache 2.0 license. See the LICENSE file for details.

You can’t perform that action at this time.