95 lines
1.6 KiB
Markdown
95 lines
1.6 KiB
Markdown
# local-mini-kms
|
|
|
|
Mini-KMS runs local written by Rust
|
|
|
|
## Build
|
|
|
|
```shell
|
|
cargo build --release [--no-default-features]
|
|
```
|
|
|
|
## Init
|
|
|
|
New random master key:
|
|
```shell
|
|
head -c 32 /dev/random | base64
|
|
```
|
|
|
|
## Generate Yubikey encrypted master key
|
|
|
|
Generate encrypted master key with Yubikey:
|
|
```shell
|
|
local-mini-kms yubikey-init-master-key --generate-key [--yubikey-challenge *challenge*]
|
|
```
|
|
|
|
## Startup Server
|
|
|
|
Startup without init:
|
|
```shell
|
|
local-mini-kms serve
|
|
```
|
|
|
|
Init with Yubikey:
|
|
```shell
|
|
local-mini-kms serve [--init-encrypted-master-key LKMS:*** [--yubikey-challenge *challenge*]]
|
|
```
|
|
|
|
## Local Client
|
|
|
|
```shell
|
|
local-mini-kms cli --init
|
|
```
|
|
|
|
```shell
|
|
local-mini-kms cli --offline-init
|
|
```
|
|
|
|
```shell
|
|
local-mini-kms cli --direct-init --value-base64 wNdr9sZN4**** [--yubikey-challenge *challenge*]
|
|
```
|
|
|
|
```shell
|
|
local-mini-kms cli --encrypt --value hello
|
|
```
|
|
|
|
```shell
|
|
local-mini-kms cli --decrypt --value LKMS:***
|
|
```
|
|
|
|
```shell
|
|
local-mini-kms cli --read --name test
|
|
```
|
|
|
|
```shell
|
|
local-mini-kms cli --write --name test --value hello [--force-write] [--comment *comment*]
|
|
```
|
|
|
|
## cURL
|
|
|
|
Write value:
|
|
```shell
|
|
curl -X POST http://127.0.0.1:5567/write \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"name":"test","value":{"value":"hello"}}'
|
|
```
|
|
|
|
Read value:
|
|
```shell
|
|
curl -X POST http://127.0.0.1:5567/read \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"name":"test"}'
|
|
```
|
|
|
|
Generate data key:
|
|
```shell
|
|
curl -X POST http://127.0.0.1:5567/datakey \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"key_type":"aes", "key_spec":"256", "return_plaintext": true}'
|
|
```
|
|
|
|
Upgrade to v3.2
|
|
```sql
|
|
ALTER TABLE keys ADD COLUMN comment TEXT;
|
|
```
|
|
|