cryptkeeper

command module
v0.0.0-...-6371a9c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 31, 2024 License: MIT Imports: 9 Imported by: 0

README

CryptKeeper

Manage all your secrets from a single place

Getting Started

.
├── Dockerfile
├── docker-compose.yml
├── k8s
│   ├── namespace.yaml
├── cryptkeeper-ui
│   ├── Dockerfile
│   ├── package.json
│   ├── package-lock.json
│   ├── public
│   └── src
├── cryptkeeper-cli
│   ├── main.go
└── main.go

For most parts, you can do docker-compose up --build and it should build and start the UI, API, Database and Redis containers. If after changes, you want to restart a specific container you can do docker-compose up -d --no-deps --build app

Database Setup
  • Download postgres image and run it locally
docker run --name mypostgres -e POSTGRES_PASSWORD=mysecretpassword -p 5432:5432 -d postgres

# Exec into the container
docker exec -it mypostgres psql -U postgres

# Create Database Cryptkeeper
create database cryptkeeper;
\c cryptkeeper;
Server Setup
  • Running the API server
go run main.go
UI setup
cd cryptkeeper-ui
npm install
npm start
Testing out external secrets sync
Vault Setup
brew install hashicorp/tap/vault
brew install hashicorp/tap/vault

Run the vault server

vault server -dev

Set things up

export VAULT_ADDR='http://127.0.0.1:8200'
export VAULT_TOKEN='hvs.rrULZA1jgRSNayppSL5I9EcQ'
vault login $VAULT_TOKEN

# enabled KV engine
vault secrets enable -path=cryptkeeper kv

# test things out
vault kv put secret/my-secret value="my-secret-value"
vault kv get secret/my-secret

Supported Features (as of now)

Secret Management

Create, rotate, and manage secrets with version control.

  • Create Secrets: Create new secrets specifying path, key, value, metadata, expiration date, and one-time use option.
  • Rotate Secrets: Periodically update secret values for enhanced security.
  • Version Control: Track changes over time with version control.
Access Control

CryptKeeper allows granular authorizaiton to maintain secrets.

  • Users and Groups

    • Users: Each user in CryptKeeper can be assigned to one or more groups. Groups help in organizing users and defining access levels collectively rather than individually.
    • Groups: Groups are collections of users. By assigning permissions to a group, all users in that group inherit those permissions.

  • Paths

    • Paths: Paths represent specific locations in the CryptKeeper system where secrets are stored. They act as namespaces for organizing secrets.
    • Assigning Paths to Groups: Paths can be assigned to groups, which allows users within those groups to interact with secrets stored in those paths.

  • Roles and Permissions

    • Roles: Roles are defined sets of permissions that dictate what actions users can perform. For example, a "Viewer" role might only have read permissions, while an "Editor" role might have both read and write permissions.
    • Permissions: Permissions are specific actions that users can perform, such as read, write, delete, or manage secrets.

Secret Sharing

Generate one-time use links for securely sharing secrets.

  • Shared Links: Create links for sharing secrets with optional expiration times.
Advanced Search and Filters

Find secrets based on path, key, metadata, and creation dates.

  • Search Secrets: Advanced search capabilities to find secrets.
  • Filters: Apply filters to narrow down search results.
Audit Logging

Track all actions performed within the system for accountability.

  • Audit Logs: Track actions like secret creation, rotation, deletion, and access control changes.
  • Detailed Logs: Include user ID, action performed, secret ID, and timestamp.
Secret Detection

Detect secrets in code repositories using the CLI.

  • CLI Integration: Use the CLI to detect secrets and ensure sensitive information is not exposed.
UI and UX Enhancements

  • Toggle between dark and light themes for a comfortable user experience.

    • Dark/Light Mode: Switch between themes.

  • Responsive Design: Seamless experience across different devices.

Approval Workflows

Implement secret approval workflows for critical changes.

  • Approval Requests: Require approval for actions like secret creation, update, or deletion.
  • Approval Management: View and manage approval requests.

TODO

  • Secrets sync to Vault, AWS secrets manager, AKS etc

  • Revert secret revision (version)

  • Single value vs multi value secret

  • Secret Rotation Policies

  • Custom Metadata

  • Secrets Backup and Restore

  • Secret Usage Auditing

  • Sidecar and env injection

  • Create set of default policies and attach on path creation.

Consuming Secrets

  • REST API
  • CLI - Alternate interface for interacting with Cryptkeeper
  • SDK - API libraries to integrate with Cryptkeeper
  • Inject Secrets - Interface for fetching secrets from cryptkeer and exporting the secret values as environment variables to a sub-process environment.
  • Agent/Broker - Connect securely to services and other resources, without ever having to fetch or manage secrets
  • Clients - k8s operator

Tags as seperate fields in secrets table Should we expand the path to be inside a folder or namespace?

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
pkg/utils
pkg
config
crypto
db
detection
handlers
handlers/lineage.go
 handlers/lineage.go
models
pki
scheduler
sync
utils

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.