Skip to content

Yash-Chandrani/KeeperOfSecrets

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Keeper of Secrets

A lightweight Secrets Management System demonstrating PKI and secrets platform concepts.

Features

  • REST API for secret management (create, read, update, delete)
  • AES-256-GCM encryption for secrets at rest
  • Mutual TLS authentication
  • SQLite storage backend
  • Audit logging
  • Kubernetes secrets sync simulation

Prerequisites

  • Go 1.21 or later
  • OpenSSL (for certificate generation)

Quick Start

  1. Generate certificates:
./scripts/generate-certs.sh
  1. Set the master encryption key:
export MASTER_KEY=$(openssl rand -hex 32)
  1. Run the server:
go run cmd/server/main.go

API Endpoints

  • POST /secret - Store a new secret
  • GET /secret/:name - Retrieve a secret
  • PUT /secret/:name - Rotate a secret
  • DELETE /secret/:name - Delete a secret
  • POST /sync/k8s - Sync secrets to Kubernetes

Security Features

  • Mutual TLS authentication
  • AES-256-GCM encryption
  • Audit logging
  • Certificate-based client authentication

Development

Project Structure

.
├── cmd/
│   └── server/
│       └── main.go
├── internal/
│   ├── crypto/
│   │   └── crypto.go
│   ├── storage/
│   │   └── storage.go
│   ├── handlers/
│   │   └── handlers.go
│   └── certs/
│       └── certs.go
├── scripts/
│   └── generate-certs.sh
└── certs/
    ├── ca/
    ├── server/
    └── client/

Certificate Generation

The scripts/generate-certs.sh script creates:

  • Root CA certificate
  • Server certificate
  • Client certificate

Running Tests

go test ./...

Security Considerations

  • Master key should be stored securely in production
  • Regular key rotation is recommended
  • Audit logs should be monitored
  • Client certificates should be properly managed

License

MIT

About

A lightweight Secrets Management System demonstrating PKI and secrets platform concepts.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published