local-mini-kms

Mini-KMS runs local written by Rust

Build

cargo build --release [--no-default-features]

Init

New random master key:

head -c 32 /dev/random | base64

Generate Yubikey encrypted master key

Generate encrypted master key with Yubikey:

local-mini-kms yubikey-init-master-key --generate-key [--yubikey-challenge *challenge*]

Startup Server

Startup without init:

local-mini-kms serve

Init with Yubikey:

local-mini-kms serve [--init-encrypted-master-key LKMS:*** [--yubikey-challenge *challenge*]]

Local Client

local-mini-kms cli --init

local-mini-kms cli --offline-init

local-mini-kms cli --direct-init --value-base64 wNdr9sZN4**** [--yubikey-challenge *challenge*]

local-mini-kms cli --encrypt --value hello

local-mini-kms cli --decrypt --value LKMS:***

local-mini-kms cli --read --name test

local-mini-kms cli --write --name test --value hello [--force-write] [--comment *comment*]

cURL

Write value:

curl -X POST http://127.0.0.1:5567/write \
     -H "Content-Type: application/json" \
     -d '{"name":"test","value":{"value":"hello"}}'

Read value:

curl -X POST http://127.0.0.1:5567/read \
     -H "Content-Type: application/json" \
     -d '{"name":"test"}'

Generate data key:

curl -X POST http://127.0.0.1:5567/datakey \
     -H "Content-Type: application/json" \
     -d '{"type":"aes", "spec":"256", "exportable": true, "return_plaintext": true, "name": "key001", "comment": "the comment"}'

xh POST http://127.0.0.1:5567/datakey \
     type=aes \
     spec=256 \
     exportable:=false \
     name=testkey01 \
     comment='this is a test key 01'

xh POST http://127.0.0.1:5567/list type=value name=name limit:=10

Key	Comment
type	aes
spec	128, 192, 256 if type == aes
exportable	[optional] true or false , default true
return_plaintext	[optional] true or false, default false
name	[optional] Data key name
comment	[optional] Data key comment

Upgrade to v3.2

ALTER TABLE keys
    ADD COLUMN comment TEXT;