2.4 KiB
2.4 KiB
local-mini-kms
Mini-KMS runs local written by Rust
Build
cargo build --release [--no-default-features]
Init
New random master key:
head -c 32 /dev/random | base64
Generate Yubikey encrypted master key
Generate encrypted master key with Yubikey:
local-mini-kms yubikey-init-master-key --generate-key [--yubikey-challenge *challenge*]
Startup Server
Startup without init:
local-mini-kms serve
Init with Yubikey:
local-mini-kms serve [--init-encrypted-master-key LKMS:*** [--yubikey-challenge *challenge*]]
Local Client
local-mini-kms cli --init
local-mini-kms cli --offline-init
local-mini-kms cli --direct-init --value-base64 wNdr9sZN4**** [--yubikey-challenge *challenge*]
local-mini-kms cli --encrypt --value hello
local-mini-kms cli --decrypt --value LKMS:***
local-mini-kms cli --read --name test
local-mini-kms cli --write --name test --value hello [--force-write] [--comment *comment*]
cURL
Write value:
curl -X POST http://127.0.0.1:5567/write \
-H "Content-Type: application/json" \
-d '{"name":"test","value":{"value":"hello"}}'
Read value:
curl -X POST http://127.0.0.1:5567/read \
-H "Content-Type: application/json" \
-d '{"name":"test"}'
Generate data key:
curl -X POST http://127.0.0.1:5567/datakey \
-H "Content-Type: application/json" \
-d '{"type":"aes", "spec":"256", "exportable": true, "return_plaintext": true, "name": "key001", "comment": "the comment"}'
xh POST http://127.0.0.1:5567/datakey \
type=aes \
spec=256 \
exportable:=false \
name=testkey01 \
comment='this is a test key 01'
| Key | Comment |
|---|---|
| type | aes |
| spec | 128, 192,256 if type == aes |
| exportable | [optional] true or false , default true |
| return_plaintext | [optional] true or false, default false |
| name | [optional] Data key name |
| comment | [optional] Data key comment |
Upgrade to v3.2
ALTER TABLE keys
ADD COLUMN comment TEXT;