Getting Started
Tutorial¶
For end to end tutorial, you can find it here: https://github.com/jarrid-xyz/keyper-tutorial
Quick Start¶
Pull Docker Image¶
Pull Keyper's pre-packaged docker images: ghcr.io/jarrid-xyz/keyper:v0.0.3
Create App Configuration and Credentials¶
-
Follow Keyper Configuration to create
app.<env>.yaml
to configure Terraform provider and backend accordingly. -
Follow Create GCP KMS Admin Service Account to create
.cdktf-sa-key.json
. This service account credential is needed to create actual resources via Terraform.
Run Keyper Command¶
Validate that docker image is working properly.
docker run -it --rm --name keyper-cli \
-v ./configs:/home/keyper/configs \
-v ./cdktf.out:/home/keyper/cdktf.out \
-v ./.cdktf-sa-key.json:/home/keyper/gcp.json \
-v ./app.local.yaml:/home/keyper/app.local.yaml \
ghcr.io/jarrid-xyz/keyper:v0.0.3 -h
Create Deployment, Role and Key¶
Create the resource configurations locally.
docker run -it --rm --name keyper-cli \
-v ./configs:/home/keyper/configs \
-v ./cdktf.out:/home/keyper/cdktf.out \
-v ./.cdktf-sa-key.json:/home/keyper/gcp.json \
-v ./app.local.yaml:/home/keyper/app.local.yaml \
ghcr.io/jarrid-xyz/keyper:v0.0.3 resource create -t deployment
docker run -it --rm --name keyper-cli \
-v ./configs:/home/keyper/configs \
-v ./cdktf.out:/home/keyper/cdktf.out \
-v ./.cdktf-sa-key.json:/home/keyper/gcp.json \
-v ./app.local.yaml:/home/keyper/app.local.yaml \
ghcr.io/jarrid-xyz/keyper:v0.0.3 resource create -t role -n app-role
docker run -it --rm --name keyper-cli \
-v ./configs:/home/keyper/configs \
-v ./cdktf.out:/home/keyper/cdktf.out \
-v ./.cdktf-sa-key.json:/home/keyper/gcp.json \
-v ./app.local.yaml:/home/keyper/app.local.yaml \
ghcr.io/jarrid-xyz/keyper:v0.0.3 resource create -t key
Deploy via Terraform¶
Provision resource on the cloud based on the resource configurations.
docker run -it --rm --name keyper-cli \
-v ./configs:/home/keyper/configs \
-v ./cdktf.out:/home/keyper/cdktf.out \
-v ./.cdktf-sa-key.json:/home/keyper/gcp.json \
-v ./app.local.yaml:/home/keyper/app.local.yaml \
ghcr.io/jarrid-xyz/keyper:v0.0.3 deploy apply
Encrypt/Decrypt Data with Key¶
docker run -it --rm --name keyper-cli \
-v ./configs:/home/keyper/configs \
-v ./cdktf.out:/home/keyper/cdktf.out \
-v ./.cdktf-sa-key.json:/home/keyper/gcp.json \
-v ./app.local.yaml:/home/keyper/app.local.yaml \
ghcr.io/jarrid-xyz/keyper:v0.0.3 data encrypt -k <key-id> --plaintext <secret>
docker run -it --rm --name keyper-cli \
-v ./configs:/home/keyper/configs \
-v ./cdktf.out:/home/keyper/cdktf.out \
-v ./.cdktf-sa-key.json:/home/keyper/gcp.json \
-v ./app.local.yaml:/home/keyper/app.local.yaml \
ghcr.io/jarrid-xyz/keyper:v0.0.3 data decrypt -k <key-id> --ciphertext <secret>
You just successfully use KMS key to encrypt/decrypt data.