1 year ago
1 changed files
Download Patch File
Download Diff File
@ -1,15 +1,15 @@
# KeyStar, an HTTP and In-process Key Management Solution
KeyStar is a lightweight key management utility that provides a RESTful HTTP
server and in-process key management for Golang applications. Presently, it only
supports file system backed storage, but plans are in progress to support bbolt,
SQLite, and eventually S3-compatible backends. Other options may be explored as
time permits or requirements change (this includes etcd).
server. Additionally, KeyStar also provides an in-process key management library
for Golang applications along with cryptographic wrapper utilities that make use
of its internal key management. Presently, it only supports file system backed
storage, but plans are in progress to support bbolt, SQLite, and eventually
S3-compatible backends. Other options may be explored as time permits or
requirements change (this includes etcd).
This is considered the authoritative HTTP API documentation and follows closely
comments in the source files.
Available in this document are the following sections:
Available in this document are the following sections; missing sections will be
added as time allows:
@ -48,6 +48,7 @@ Available in this document are the following sections:
## Why KeyStar?
@ -1415,6 +1416,20 @@ Responses from this endpoint will contain the following JSON-formatted schema:
| signature | string | Signature derived from submitted data |
| algorithm | string | Algorithm used to generate signature |
## Cryptographic Utilities
KeyStar provides an assortment of cryptographic utilities. These interface
directly with KeyStar's key types (primarily composite keys for convenience) and
provide features such as encrypt-then-MAC and time-based token generation.
Wrappers such as these may be used for encrypting cookies or user session data;
in the case of time-based token generation, this may be useful for generating
password reset tokens and similar without littering the host application
database with ephemeral data. As a bonus example, KeyStar's key namespacing
features allow applications to create isolated key stores specifically for
generating user tokens that automatically invalidate via key rotation, rendering
them completely unusable in the event an adversary attempts to attack the token
signature to control its contents.
[^1]: This needs to be a word.
-level error may be more appropriate for this circumstance, but we