keyhouse's Introduction

Keyhouse

Keyhouse is a skeleton of general-purpose Key Management System. Keyhouse is not an off-the-shelf system, and it's not ready for production. It's a skeleton of KMS.

Keyhouse depends on Spire based zero trust infrastructure.
Keyhouse provides a control plane for users to manage their Customer Keys, and a data plane which responds to data key encoding/decoding requests for data encryption and decryption.
Keyhouse provides a "secret service" which stores a piece of data and responds to inqueries.
Keyhouse uses etcd for stage.

More info can be found in the CNCF Cloud Native Rust Day 2021 presentation pdf and video.

Keyhouse is only a Rust lib (not a bin). To implement a real KMS, you must implement the KeyhouseImpl trait:

pub trait KeyhouseImpl: Send + Sync + Clone + std::fmt::Debug {
    type MasterKeyProvider: MasterKeyProvider + 'static; // Master key provider
    type CustomerItem: CodingItem + 'static;             // Customer Key codec
    type IntermediateItem: CodingItem + 'static;         // Intermediate Key codec
    type ClientCoding: ClientCoding + 'static;           // Data Key codec
    type ControlPlaneAuth: ControlPlaneAuth + 'static;   // Control plane authentication/authorization
    type AlternateDataAuthToken: AlternateDataAuthToken + 'static; // Secondary token-based authentication
    type AlternateDataAuthProvider: AlternateDataAuthProvider<Self::AlternateDataAuthToken> + 'static;
    type KeyhouseExt: KeyhouseExt + 'static;             // Handy functions for regioning/logging/authorization
}

We will provide a reference implementation in the future to provide:

AES-256-GCM encryption for IntermediateKey/CustomerKey/DataKey/Secrets
Go/C++/Python/Java client SDKs
Sample setup of Spire based zero trust infrastructure and Keyhouse's integration

Documents

Project structure

.
├── Cargo.lock              # dependency lock file
├── Cargo.toml              # main Cargo.toml
├── Readme.md
├── build.rs                # project build script
├── certs                   # dummy certificate for testing
├── conf                    # dummy configurations
├── docs                    # open source documentation
├── examples                # sample server
├── proto                   # grpc proto definition
├── src                     # source code
├── test_etcd               # scripts to launch testing etcd service
├── tests                   # self-contained end-to-end roundtrip setup
└── vendor                  # vendored dependencies

Build

The default cargo build only builds the library.

Example server

cargo build --examples

The output binary is at ./target/debug/examples/server. This example does not contain real crypto primitives. It is intentional, as every user might have their own encryption standard.

fn encode_data_with_iv(&mut self, mut input: Vec<u8>, _iv: &[u8]) -> Result<Vec<u8>> {
    if !input.is_empty() {
        input[0] = input[0].wrapping_add(1);
    }
    input.reverse();
    Ok(input)
}

fn decode_data_with_iv(&mut self, mut input: Vec<u8>, _iv: &[u8]) -> Result<Vec<u8>> {
    input.reverse();
    if !input.is_empty() {
        input[0] = input[0].wrapping_sub(1);
    }
    Ok(input)
}

Testing

First, make sure you have this line in your /etc/hosts:

127.0.0.1 localtest.me

Then, start an etcd using ./test_etcd/local.sh and keep it running. Next, run

cargo test

Authors

and the fine folks at ByteDance

License

Apache 2.0

keyhouse's People

Contributors

Stargazers

Watchers

keyhouse's Issues

Provide reference implementation

Bump Tonic Version to fix the cargo audit issue

Blocked on hyperium/tonic#891

cargo audit give errors and warnings

Run "cargo audit" gives following errors:

Crate: brotli-sys
Version: 0.3.2
Title: Integer overflow in the bundled Brotli C library
Date: 2021-12-20
ID: RUSTSEC-2021-0131
URL: https://rustsec.org/advisories/RUSTSEC-2021-0131
Solution: No safe upgrade is available!
Dependency tree:
brotli-sys 0.3.2
└── brotli2 0.3.2
└── actix-http 3.0.0-beta.10
└── actix-web 4.0.0-beta.9
└── keyhouse 0.1.0

Crate: chrono
Version: 0.4.19
Title: Potential segfault in localtime_r invocations
Date: 2020-11-10
ID: RUSTSEC-2020-0159
URL: https://rustsec.org/advisories/RUSTSEC-2020-0159
Solution: No safe upgrade is available!
Dependency tree:
chrono 0.4.19
├── x509-parser 0.9.2
│ └── spire-workload 1.1.4
│ └── keyhouse 0.1.0
├── simple_asn1 0.4.1
│ └── jsonwebtoken 7.2.0
│ └── spire-workload 1.1.4
├── sentry-types 0.23.0
│ └── sentry-core 0.23.0
│ ├── sentry-panic 0.23.0
│ │ └── sentry 0.23.0
│ │ └── keyhouse 0.1.0
│ ├── sentry-contexts 0.23.0
│ │ └── sentry 0.23.0
│ ├── sentry-backtrace 0.23.0
│ │ ├── sentry-panic 0.23.0
│ │ └── sentry 0.23.0
│ └── sentry 0.23.0
└── sentry-core 0.23.0

Crate: time
Version: 0.1.43
Title: Potential segfault in the time crate
Date: 2020-11-18
ID: RUSTSEC-2020-0071
URL: https://rustsec.org/advisories/RUSTSEC-2020-0071
Solution: Upgrade to >=0.2.23
Dependency tree:
time 0.1.43

Crate: net2
Version: 0.2.37
Warning: unmaintained
Title: net2 crate has been deprecated; use socket2 instead
Date: 2020-05-01
ID: RUSTSEC-2020-0016
URL: https://rustsec.org/advisories/RUSTSEC-2020-0016
Dependency tree:
net2 0.2.37
├── miow 0.2.2
└── mio 0.6.23

Crate: stdweb
Version: 0.4.20
Warning: unmaintained
Title: stdweb is unmaintained
Date: 2020-05-04
ID: RUSTSEC-2020-0056
URL: https://rustsec.org/advisories/RUSTSEC-2020-0056
Dependency tree:
stdweb 0.4.20
└── time 0.2.27

Crate: sha2
Version: 0.9.8
Warning: yanked
Dependency tree:
sha2 0.9.8
└── keyhouse 0.1.0

bytedance / keyhouse Goto Github PK