local-mini-kms

Mini-KMS runs local written by Rust

Init

New random master key:

head -c 32 /dev/random | base64

Generate Yubikey encrypted master key

Generate encrypted master key with Yubikey:

local-mini-kms yubikey-init-master-key --generate-key [--yubikey-challenge *challenge*]

Startup Server

Startup without init:

local-mini-kms serve

Init with Yubikey:

local-mini-kms serve [--init-encrypted-master-key LKMS:*** [--yubikey-challenge *challenge*]]

Local Client

local-mini-kms cli --init

local-mini-kms cli --offline-init

local-mini-kms cli --direct-init --value-base64 wNdr9sZN4**** [--yubikey-challenge *challenge*]

local-mini-kms cli --encrypt --value hello

local-mini-kms cli --decrypt --value LKMS:***

local-mini-kms cli --read --name test

local-mini-kms cli --write --name test --value hello [--force-write] [--comment *comment*]

cURL

Write value:

curl -X POST http://127.0.0.1:5567/write \
     -H "Content-Type: application/json" \
     -d '{"name":"test","value":{"value":"hello"}}'

Read value:

curl -X POST http://127.0.0.1:5567/read \
     -H "Content-Type: application/json" \
     -d '{"name":"test"}'

Generate data key:

curl -X POST http://127.0.0.1:5567/datakey \
     -H "Content-Type: application/json" \
     -d '{"key_type":"aes", "key_spec":"256", "return_plaintext": true}'

Upgrade to v3.2

ALTER TABLE keys ADD COLUMN comment TEXT;

1.6 KiB Raw Blame History

local-mini-kms

Init

Generate Yubikey encrypted master key

Startup Server

Local Client

cURL

1.6 KiB

Raw Blame History