Keywhiz is a system for distributing and managing secrets. For more information, see the website.
Our Protecting infrastructure secrets with Keywhiz blog post is worth reading, as it provides some useful context.
See CONTRIBUTING for details on submitting patches.
# Build keywhiz for H2 mvn install -P h2 # Build keywhiz for MySQL mvn install -P mysql
java -jar server/target/keywhiz-server-*-shaded.jar [COMMAND] [OPTIONS]
Useful commands to get started are
server. Use with
--help for a list of all available commands. Use with
[COMMAND] --help to
get help on a particular command.
For example, to run Keywhiz with an H2 database in development mode:
export SERVER_JAR=server/target/keywhiz-server-*-shaded.jar export KEYWHIZ_CONFIG=server/target/classes/keywhiz-development.yaml.h2 # Initialize dev database (H2) java -jar $SERVER_JAR migrate $KEYWHIZ_CONFIG # Add an administrative user java -jar $SERVER_JAR add-user $KEYWHIZ_CONFIG # Run server java -jar $SERVER_JAR server $KEYWHIZ_CONFIG
Keywhiz uses jOOQ to talk to its database.
If you made changes to the database model and want to regenerate sources:
mvn install -pl model/ -Pgenerate-jooq-sources
We recommend IntelliJ IDEA for development.
We ship a Dockerfile for building a Docker container for keywhiz. Please see the Dockerfile for extra instructions.
Keywhiz is under the Apache 2.0 license. See the LICENSE file for details.