Skip to content

Getting Started

Tutorial

For end to end tutorial, you can find it here: https://github.com/jarrid-xyz/keyper-tutorial

Quick Start

Pull Docker Image

Pull Keyper's pre-packaged docker images: ghcr.io/jarrid-xyz/keyper:v0.0.3

docker pull ghcr.io/jarrid-xyz/keyper:v0.0.3

Create App Configuration and Credentials

  1. Follow Keyper Configuration to create app.<env>.yaml to configure Terraform provider and backend accordingly.

  2. Follow Create GCP KMS Admin Service Account to create .cdktf-sa-key.json. This service account credential is needed to create actual resources via Terraform.

Run Keyper Command

Validate that docker image is working properly.

docker run -it --rm --name keyper-cli \
    -v ./configs:/home/keyper/configs \
    -v ./cdktf.out:/home/keyper/cdktf.out \
    -v ./.cdktf-sa-key.json:/home/keyper/gcp.json \
    -v ./app.local.yaml:/home/keyper/app.local.yaml \
    ghcr.io/jarrid-xyz/keyper:v0.0.3 -h

Create Deployment, Role and Key

Create the resource configurations locally.

docker run -it --rm --name keyper-cli \
    -v ./configs:/home/keyper/configs \
    -v ./cdktf.out:/home/keyper/cdktf.out \
    -v ./.cdktf-sa-key.json:/home/keyper/gcp.json \
    -v ./app.local.yaml:/home/keyper/app.local.yaml \
    ghcr.io/jarrid-xyz/keyper:v0.0.3 resource create -t deployment

docker run -it --rm --name keyper-cli \
    -v ./configs:/home/keyper/configs \
    -v ./cdktf.out:/home/keyper/cdktf.out \
    -v ./.cdktf-sa-key.json:/home/keyper/gcp.json \
    -v ./app.local.yaml:/home/keyper/app.local.yaml \
    ghcr.io/jarrid-xyz/keyper:v0.0.3 resource create -t role -n app-role

docker run -it --rm --name keyper-cli \
    -v ./configs:/home/keyper/configs \
    -v ./cdktf.out:/home/keyper/cdktf.out \
    -v ./.cdktf-sa-key.json:/home/keyper/gcp.json \
    -v ./app.local.yaml:/home/keyper/app.local.yaml \
    ghcr.io/jarrid-xyz/keyper:v0.0.3 resource create -t key

Deploy via Terraform

Provision resource on the cloud based on the resource configurations.

docker run -it --rm --name keyper-cli \
    -v ./configs:/home/keyper/configs \
    -v ./cdktf.out:/home/keyper/cdktf.out \
    -v ./.cdktf-sa-key.json:/home/keyper/gcp.json \
    -v ./app.local.yaml:/home/keyper/app.local.yaml \
    ghcr.io/jarrid-xyz/keyper:v0.0.3 deploy apply

Encrypt/Decrypt Data with Key

docker run -it --rm --name keyper-cli \
    -v ./configs:/home/keyper/configs \
    -v ./cdktf.out:/home/keyper/cdktf.out \
    -v ./.cdktf-sa-key.json:/home/keyper/gcp.json \
    -v ./app.local.yaml:/home/keyper/app.local.yaml \
    ghcr.io/jarrid-xyz/keyper:v0.0.3 data encrypt -k <key-id> --plaintext <secret>

docker run -it --rm --name keyper-cli \
    -v ./configs:/home/keyper/configs \
    -v ./cdktf.out:/home/keyper/cdktf.out \
    -v ./.cdktf-sa-key.json:/home/keyper/gcp.json \
    -v ./app.local.yaml:/home/keyper/app.local.yaml \
    ghcr.io/jarrid-xyz/keyper:v0.0.3 data decrypt -k <key-id> --ciphertext <secret>

You just successfully use KMS key to encrypt/decrypt data. 🎉