Minimal web application to manage secrets like certificates/keys and the automated access to them in build processes, written in Go.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
Godeps
assets/js
resources
templates
.bowerrc
.gitignore
Gruntfile.js
Makefile
README.md
access_log.go
audit_log.go
bower.json
config.go
config.json.dist
consumer.go
crypto.go
dashboard.go
delivery.go
login.go
main.go
package.json
profile.go
restriction.go
restriction_apikey.go
restriction_date.go
restriction_file.go
restriction_limit.go
restriction_originip.go
restriction_throttle.go
restriction_time.go
restriction_tlscert.go
return_handler.go
secret.go
session.go
storage.go
templates.go
user.go
utils.go

README.md

Raziel - Managing Secrets in Build Processes

This application can be used to have one central place to manage secrets like passwords, private keys or certificates that are used in automated build processes (think of things like Jenkins build jobs that need to embed a TLS certificate in a Docker image). Access to those secrets happens via HTTPS.

For this, users can create secrets and consumers. Consumers allow automated access, given certain conditions are met (like an API key, a certain day of the week or a specific origin IP).

Secrets are stored in an encrypted fashion in a MariaDB database.

All access (attempts) and changes to secrets are logged in access and audit logs.

Build from Source

You will need a recent Go compiler, at least version 1.4.

go get github.com/xrstf/raziel
cd $GOPATH/src/github.com/xrstf/raziel
make

Installation

Create a TLS certificate if you don't have one. If you are only playing around, you can generate your own using Go's TLS package:

go run $GOROOT/src/crypto/tls/generate_cert.go --host localhost

Copy the config.json.dist and adjust it accordingly.

Now go ahead and initialize your database by executing the resources/schema.sql.

Then, run Raziel:

./raziel --config myconfig.json