Keywhiz API

A distribution system for secrets.

License

License

Categories

Categories

Square Business Logic Libraries Financial KeY Data Data Formats Formal Verification Keywhiz Security
GroupId

GroupId

com.squareup.keywhiz
ArtifactId

ArtifactId

keywhiz-api
Last Version

Last Version

0.10.1
Release Date

Release Date

Type

Type

jar
Description

Description

Keywhiz API
A distribution system for secrets.

Download keywhiz-api

How to add to project

<!-- https://jarcasting.com/artifacts/com.squareup.keywhiz/keywhiz-api/ -->
<dependency>
    <groupId>com.squareup.keywhiz</groupId>
    <artifactId>keywhiz-api</artifactId>
    <version>0.10.1</version>
</dependency>
// https://jarcasting.com/artifacts/com.squareup.keywhiz/keywhiz-api/
implementation 'com.squareup.keywhiz:keywhiz-api:0.10.1'
// https://jarcasting.com/artifacts/com.squareup.keywhiz/keywhiz-api/
implementation ("com.squareup.keywhiz:keywhiz-api:0.10.1")
'com.squareup.keywhiz:keywhiz-api:jar:0.10.1'
<dependency org="com.squareup.keywhiz" name="keywhiz-api" rev="0.10.1">
  <artifact name="keywhiz-api" type="jar" />
</dependency>
@Grapes(
@Grab(group='com.squareup.keywhiz', module='keywhiz-api', version='0.10.1')
)
libraryDependencies += "com.squareup.keywhiz" % "keywhiz-api" % "0.10.1"
[com.squareup.keywhiz/keywhiz-api "0.10.1"]

Dependencies

compile (8)

Group / Artifact Type Version
com.fasterxml.jackson.core : jackson-annotations jar 2.9.9
com.google.guava : guava jar 28.1-jre
com.google.auto.value : auto-value jar 1.6.6
com.google.auto.value : auto-value-annotations jar 1.6.6
org.apache.commons : commons-lang3 jar 3.9
org.hibernate : hibernate-validator jar 5.4.3.Final
javax.annotation : javax.annotation-api jar 1.3.2
io.dropwizard : dropwizard-jackson jar 1.3.14

test (5)

Group / Artifact Type Version
junit : junit jar 4.12
org.assertj : assertj-core jar 3.13.2
io.dropwizard : dropwizard-testing jar 1.3.14
javax.inject : javax.inject jar 1
com.squareup.keywhiz : keywhiz-testing jar 0.10.1

Project Modules

There are no modules declared in this project.

Keywhiz

license maven build

Keywhiz is a system for distributing and managing secrets. For more information, see the website.

Our Protecting infrastructure secrets with Keywhiz blog post is worth reading, as it provides some useful context.

Develop

Keywhiz requires Java 11 and MySQL 5.7 or higher.

See CONTRIBUTING for details on submitting patches.

Build Keywhiz:

mvn install

Run Keywhiz:

java -jar server/target/keywhiz-server-*-shaded.jar [COMMAND] [OPTIONS]

Useful commands to get started are migrate, add-user and server. Use with --help for a list of all available commands. Use with [COMMAND] --help to get help on a particular command.

For example, to run Keywhiz with a mysql database in development mode:

SERVER_JAR="server/target/keywhiz-server-*-shaded.jar"
KEYWHIZ_CONFIG="server/target/classes/keywhiz-development.yaml"

# Initialize dev database
java -jar $SERVER_JAR migrate $KEYWHIZ_CONFIG

# Add an administrative user
java -jar $SERVER_JAR add-user $KEYWHIZ_CONFIG

# Run server
java -jar $SERVER_JAR server $KEYWHIZ_CONFIG

To connect to a running Keywhiz instance, you will need to use the CLI.

An example helper shell script that wraps the keywhiz-cli and sets some default parameters:

#!/bin/sh

# Set the path to a compiled, shaded keywhiz-cli JAR file
KEYWHIZ_CLI_JAR="/path/to/keywhiz-cli-shaded.jar"
KEYWHIZ_SERVER_URL="https://$(hostname):4444"

# Use these flags if you want to specify a non-standard CA trust store.
# Alternatively, in development and testing specify the --devTrustStore 
# flag to use the default truststore (DO NOT use this in production, as
# the truststore is checked into Keywhiz' code).
TRUSTSTORE="-Djavax.net.ssl.trustStore=/path/to/ca-bundle.jceks"
TRUSTTYPE="-Djavax.net.ssl.trustStoreType=JCEKS"

java "$TRUSTSTORE" "$TRUSTTYPE" -jar "$KEYWHIZ_CLI_JAR" -U "$KEYWHIZ_SERVER_URL" "$@"

Keywhiz uses jOOQ to talk to its database.

If you made changes to the database model and want to regenerate sources:

mvn install -pl model/ -Pgenerate-jooq-sources

We recommend IntelliJ IDEA for development.

Clients & API

Square also maintains a Keywhiz client implementation called Keysync.

Docker

We ship a Dockerfile for building a Docker container for Keywhiz. Please see the Dockerfile for extra instructions.

License

Keywhiz is under the Apache 2.0 license. See the LICENSE file for details.

com.squareup.keywhiz

Square

Versions

Version
0.10.1
0.8.0
0.7.10-mysql
0.7.10
0.7.9-sync
0.7.9-mysql
0.7.9
0.7.8
0.7.7-2
0.7.7
0.7.6
0.7.5
0.7.4
0.7.3
0.7.2
0.7.1
0.7.0