This is a simple app to encrypt and create secrets to a file and also decrypt and retrieve these from file. It uses JWT to enable access to its functionalities.
Kripto uses self-signed certificates to keep things wrapped under ssl. One can always replace those with an actual valid CA.
Generate self-signed certificates running:
make certificates
make build
make run
Before running tests be sure to have created the private and public rsa keys for the app.
One can run as below in order to do that:
make signature
Also remember to create and add permission to the default directories /data/rsa, /data/authdb and /data/secrets
make test
make wrap
make docker-run
Add user from kripto CLI. One can optionally pass a time value for token duration, default expiration time is 24h.
Valid units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”.
user@machine:~$ kripto Welcome to Kripto CLI! Type help for valid commands. <kripto>::@ useradd ffhenkes@test 30m User added successfully "ffhenkes@***********" <kripto>::@ quit Good bye! Thank you for using Kripto!
Generate a JWT for further authentication
Returns 201 - Created
curl -v -k \
-XPOST \
-d '{
"username": "ffhenkes",
"password": "test"
}' \
https://localhost:20443/v1/authenticate
Create secrets for an app
Returns 201 - Created
curl -v -k \
-XPOST \
-H "Authorization: <your bearer token here>" \
-d '{
"app": "sample_app",
"vars": {
"SAMPLE_URI": "db://localhost:27017/sample",
"SAMPLE_USER": "sampler",
"SAMPLE_PASSWD": "onesamplepassword"
}
}' \
https://localhost:20443/v1/secrets
Retrieve secrets from an app
Returns 200 - Ok
curl -v -k \ -XGET \ -H "Authorization: <your bearer token here>" \ https://localhost:20443/v1/secrets?app=sample_app
Remove secrets from an app
Returns 204 - No Content
curl -v -k \ -XDELETE \ -H "Authorization: <your bearer token here>" \ https://localhost:20443/v1/secrets?app=sample_app