Coder Social home page Coder Social logo

rluetzner / kes Goto Github PK

View Code? Open in Web Editor NEW

This project forked from minio/kes

0.0 0.0 0.0 1.36 MB

Key Managament Server [not just] for Object Storage

Home Page: https://kes.dev

License: GNU Affero General Public License v3.0

Go 99.84% Dockerfile 0.16%

kes's Introduction


KES is a cloud-native distributed key management and encryption server designed to secure modern applications at scale.

What is KES?

KES is a distributed key management server that scales horizontally. It can either be run as edge server close to the applications reducing latency to and load on a central key management system (KMS) or as central key management service. KES nodes are self-contained stateless instances that can be scaled up and down automatically.

Install

The KES server and CLI is available as a single binary, container image or can be build from source.

Homebrew
brew install minio/stable/kes
Docker

Pull the latest release via:

docker pull minio/kes
Binary Releases
OS ARCH Binary
linux amd64 linux-amd64
linux arm64 linux-arm64
darwin arm64 darwin-arm64
windows amd64 windows-amd64

Download the binary via curl but replace <OS> and <ARCH> with your operating system and CPU architecture.

curl -sSL --tlsv1.2 'https://github.com/minio/kes/releases/latest/download/kes-<OS>-<ARCH>' -o ./kes
chmod +x ./kes

You can also verify the binary with minisign by downloading the corresponding .minisig signature file. Run:

curl -sSL --tlsv1.2 'https://github.com/minio/kes/releases/latest/download/kes-<OS>-<ARCH>.minisig' -o ./kes.minisig
minisign -Vm ./kes -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav
Build from source

Download and install the binary via your Go toolchain:

go install github.com/minio/kes/cmd/kes@latest

Quick Start

We run a public KES instance at https://play.min.io:7373 as playground. You can interact with our play instance either via the KES CLI or cURL. Alternatively, you can get started by setting up your own KES server in less than five minutes.

First steps

1. Configure CLI

Point the KES CLI to the KES server at https://play.min.io:7373 and use the following API key:

export KES_SERVER=https://play.min.io:7373
export KES_API_KEY=kes:v1:AD9E7FSYWrMD+VjhI6q545cYT9YOyFxZb7UnjEepYDRc

3. Create a Key

Create a new root encryption key - e.g. my-key.

kes key create my-key

Note that creating a new key will fail with key already exist if it already exist.

4. Generate a DEK

Derive a new data encryption keys (DEK).

kes key dek my-key

The plaintext part of the DEK would be used by an application to encrypt some data. The ciphertext part of the DEK would be stored alongside the encrypted data for future decryption.

Docs

If you want to learn more about KES checkout our documentation.

FAQs

I have received an insufficient permissions error

This means that you are using a KES identity that is not allowed to perform a specific operation, like creating or listing keys.

The KES admin identity can perform any general purpose API operation. You should never experience a not authorized: insufficient permissions error when performing general purpose API operations using the admin identity.

In addition to the admin identity, KES supports a policy-based access control model. You will receive a not authorized: insufficient permissions error in the following two cases:

  1. You are using a KES identity that is not assigned to any policy. KES rejects requests issued by unknown identities.

    This can be fixed by assigning a policy to the identity. Checkout the examples.

  2. You are using a KES identity that is assigned to a policy but the policy either not allows or even denies the API call.

    In this case, you have to grant the API permission in the policy assigned to the identity. Checkout the list of APIs. For example, when you want to create a key you should allow the /v1/key/create/<key-name>. The <key-name> can either be a specific key name, like my-key-1 or a pattern allowing arbitrary key names, like my-key*.

    Also note that deny rules take precedence over allow rules. Hence, you have to make sure that any deny pattern does not accidentally matches your API request.


License

Use of KES is governed by the AGPLv3 license that can be found in the LICENSE file.

kes's People

Contributors

aead avatar harshavardhana avatar shtripat avatar dependabot[bot] avatar donatello avatar alevsk avatar ymchun avatar nitisht avatar reivaj05 avatar jhutchings1 avatar lu1as avatar travoltino avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.