# local-mini-kms

Mini-KMS runs local written by Rust

## Build

```shell
cargo build --release [--no-default-features]
```

## Init

New random master key:
```shell
head -c 32 /dev/random | base64
```

## Generate Yubikey encrypted master key

Generate encrypted master key with Yubikey:
```shell
local-mini-kms yubikey-init-master-key --generate-key [--yubikey-challenge *challenge*]
```

## Startup Server

Startup without init:
```shell
local-mini-kms serve
```

Init with Yubikey:
```shell
local-mini-kms serve [--init-encrypted-master-key LKMS:*** [--yubikey-challenge *challenge*]]
```

## Local Client

```shell
local-mini-kms cli --init
```

```shell
local-mini-kms cli --offline-init
```

```shell
local-mini-kms cli --direct-init --value-base64 wNdr9sZN4**** [--yubikey-challenge *challenge*]
```

```shell
local-mini-kms cli --encrypt --value hello
```

```shell
local-mini-kms cli --decrypt --value LKMS:***
```

```shell
local-mini-kms cli --read --name test
```

```shell
local-mini-kms cli --write --name test --value hello [--force-write] [--comment *comment*]
```

## cURL

Write value:
```shell
curl -X POST http://127.0.0.1:5567/write \
     -H "Content-Type: application/json" \
     -d '{"name":"test","value":{"value":"hello"}}'
```

Read value:
```shell
curl -X POST http://127.0.0.1:5567/read \
     -H "Content-Type: application/json" \
     -d '{"name":"test"}'
```

Generate data key:
```shell
curl -X POST http://127.0.0.1:5567/datakey \
     -H "Content-Type: application/json" \
     -d '{"key_type":"aes", "key_spec":"256", "return_plaintext": true}'
```

Upgrade to v3.2
```sql
ALTER TABLE keys ADD COLUMN comment TEXT;
```