Browse Source

Updated README.

capstan-migrations
Benjamin Shelton 1 year ago
parent
commit
fc1a7fb284
1 changed files with 23 additions and 8 deletions
  1. +23
    -8
      README.md

+ 23
- 8
README.md View File

@ -1,15 +1,15 @@
# KeyStar, an HTTP and In-process Key Management Solution
KeyStar is a lightweight key management utility that provides a RESTful HTTP
server and in-process key management for Golang applications. Presently, it only
supports file system backed storage, but plans are in progress to support bbolt,
SQLite, and eventually S3-compatible backends. Other options may be explored as
time permits or requirements change (this includes etcd).
server. Additionally, KeyStar also provides an in-process key management library
for Golang applications along with cryptographic wrapper utilities that make use
of its internal key management. Presently, it only supports file system backed
storage, but plans are in progress to support bbolt, SQLite, and eventually
S3-compatible backends. Other options may be explored as time permits or
requirements change (this includes etcd).
This is considered the authoritative HTTP API documentation and follows closely
comments in the source files.
Available in this document are the following sections:
Available in this document are the following sections; missing sections will be
added as time allows:
* [Why KeyStar?](#why-keystar)
* [Command Line](#command-line)
@ -48,6 +48,7 @@ Available in this document are the following sections:
* [Byte Generation](#byte-generation)
* [Key Generation](#key-generation)
* [Signature Generation](#signature-generation)
* [Cryptographic Utilities](#cryptographic-utilities)
## Why KeyStar?
@ -1415,6 +1416,20 @@ Responses from this endpoint will contain the following JSON-formatted schema:
| signature | string | Signature derived from submitted data |
| algorithm | string | Algorithm used to generate signature |
## Cryptographic Utilities
KeyStar provides an assortment of cryptographic utilities. These interface
directly with KeyStar's key types (primarily composite keys for convenience) and
provide features such as encrypt-then-MAC and time-based token generation.
Wrappers such as these may be used for encrypting cookies or user session data;
in the case of time-based token generation, this may be useful for generating
password reset tokens and similar without littering the host application
database with ephemeral data. As a bonus example, KeyStar's key namespacing
features allow applications to create isolated key stores specifically for
generating user tokens that automatically invalidate via key rotation, rendering
them completely unusable in the event an adversary attempts to attack the token
signature to control its contents.
[^1]: This needs to be a word.
[^2]: A **500**-level error may be more appropriate for this circumstance, but we


Loading…
Cancel
Save