Skip to content

Overview

About

Keyper by Jarrid is a suite of crypto key management APIs to simplify key creation, management, deployment, encryption/decryption in a standardized and secure way. Operations are file-based and can be easily automated, tracked, audited, and managed via file-based processes such as GitOps. Fully integrated with cloud KMS services such as AWS KMS or GCP KMS, leverage managed crypto key generation and reduce infrastructure maintenance burden.

The library has three main modules:

  1. Resource: Create key and service account configs as JSON files. Configuration helps you manage key implementations in a simple, trackable, and readable way.
  2. Deploy: Take the existing key configs (in JSON files), plan and deploy via Terraform accordingly. Take advantage of Terraform's existing functionalities such as state management, dependency resolution, and drift tracking without losing the flexibility to modularize deployment as granular as needed.
  3. Data: Run various encrypt and decrypt data flows with pre-defined keys. Adjust the level of security depending on use cases without additional implementation.

Demo

In only three steps, you can create a key, deploy the key on cloud KMS, and encrypt/decrypt data. Everything is wrapped and managed in Keyper.

Create Resources and Deploy

Encrypt/Decrypt

keyper data encrypt --key-id <> --plaintext <>

keyper data decrypt --key-id <> --ciphertext <>

Getting Started

Tutorial

For end to end tutorial, you can find it here: https://github.com/jarrid-xyz/keyper-tutorial

Quick Start

Pull Docker Image

Pull Keyper's pre-packaged docker images: ghcr.io/jarrid-xyz/keyper:v0.0.3

docker pull ghcr.io/jarrid-xyz/keyper:v0.0.3

Create App Configuration and Credentials

  1. Follow Keyper Configuration to create app.<env>.yaml to configure Terraform provider and backend accordingly.

  2. Follow Create GCP KMS Admin Service Account to create .cdktf-sa-key.json. This service account credential is needed to create actual resources via Terraform.

Run Keyper Command

Validate that docker image is working properly.

docker run -it --rm --name keyper-cli \
    -v ./configs:/home/keyper/configs \
    -v ./cdktf.out:/home/keyper/cdktf.out \
    -v ./.cdktf-sa-key.json:/home/keyper/gcp.json \
    -v ./app.local.yaml:/home/keyper/app.local.yaml \
    ghcr.io/jarrid-xyz/keyper:v0.0.3 -h

Create Deployment, Role and Key

Create the resource configurations locally.

docker run -it --rm --name keyper-cli \
    -v ./configs:/home/keyper/configs \
    -v ./cdktf.out:/home/keyper/cdktf.out \
    -v ./.cdktf-sa-key.json:/home/keyper/gcp.json \
    -v ./app.local.yaml:/home/keyper/app.local.yaml \
    ghcr.io/jarrid-xyz/keyper:v0.0.3 resource create -t deployment

docker run -it --rm --name keyper-cli \
    -v ./configs:/home/keyper/configs \
    -v ./cdktf.out:/home/keyper/cdktf.out \
    -v ./.cdktf-sa-key.json:/home/keyper/gcp.json \
    -v ./app.local.yaml:/home/keyper/app.local.yaml \
    ghcr.io/jarrid-xyz/keyper:v0.0.3 resource create -t role -n app-role

docker run -it --rm --name keyper-cli \
    -v ./configs:/home/keyper/configs \
    -v ./cdktf.out:/home/keyper/cdktf.out \
    -v ./.cdktf-sa-key.json:/home/keyper/gcp.json \
    -v ./app.local.yaml:/home/keyper/app.local.yaml \
    ghcr.io/jarrid-xyz/keyper:v0.0.3 resource create -t key

Deploy via Terraform

Provision resource on the cloud based on the resource configurations.

docker run -it --rm --name keyper-cli \
    -v ./configs:/home/keyper/configs \
    -v ./cdktf.out:/home/keyper/cdktf.out \
    -v ./.cdktf-sa-key.json:/home/keyper/gcp.json \
    -v ./app.local.yaml:/home/keyper/app.local.yaml \
    ghcr.io/jarrid-xyz/keyper:v0.0.3 deploy apply

Encrypt/Decrypt Data with Key

docker run -it --rm --name keyper-cli \
    -v ./configs:/home/keyper/configs \
    -v ./cdktf.out:/home/keyper/cdktf.out \
    -v ./.cdktf-sa-key.json:/home/keyper/gcp.json \
    -v ./app.local.yaml:/home/keyper/app.local.yaml \
    ghcr.io/jarrid-xyz/keyper:v0.0.3 data encrypt -k <key-id> --plaintext <secret>

docker run -it --rm --name keyper-cli \
    -v ./configs:/home/keyper/configs \
    -v ./cdktf.out:/home/keyper/cdktf.out \
    -v ./.cdktf-sa-key.json:/home/keyper/gcp.json \
    -v ./app.local.yaml:/home/keyper/app.local.yaml \
    ghcr.io/jarrid-xyz/keyper:v0.0.3 data decrypt -k <key-id> --ciphertext <secret>

You just successfully use KMS key to encrypt/decrypt data. 🎉

Releases

Keyper publish release every Monday. Stay updated with our latest developments by checking out our release notes. If you have a specific feature in mind that you'd like to see implemented, feel free to submit a feature request. You can also track the progress of ongoing feature requests and see what's coming next.

Need Help?

We are a small but ambitious team actively looking to expand our capabilities. We'd love to learn about your use cases and feedback. If you need help with implementation or have questions about crypto key or data and software security in general, don't hesitate to reach out.

Contact Us Try Now