{"id":18892400,"url":"https://github.com/hf/kmspgp","last_synced_at":"2025-04-14T23:31:36.389Z","repository":{"id":143824599,"uuid":"469940411","full_name":"hf/kmspgp","owner":"hf","description":"Allows you to use AWS KMS asymmetric keys as PGP/GPG keys.","archived":false,"fork":false,"pushed_at":"2022-03-19T23:08:50.000Z","size":5304,"stargazers_count":16,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2024-04-14T16:08:23.646Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hf.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-03-14T23:41:49.000Z","updated_at":"2024-01-15T23:56:54.000Z","dependencies_parsed_at":null,"dependency_job_id":"123027a6-915e-46e1-b940-080c3a145501","html_url":"https://github.com/hf/kmspgp","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hf%2Fkmspgp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hf%2Fkmspgp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hf%2Fkmspgp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hf%2Fkmspgp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hf","download_url":"https://codeload.github.com/hf/kmspgp/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223651389,"owners_count":17179919,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T08:02:00.522Z","updated_at":"2024-11-08T08:03:06.329Z","avatar_url":"https://github.com/hf.png","language":"Kotlin","funding_links":[],"categories":[],"sub_categories":[],"readme":"# KMS for PGP/GPG\n\nThis tool allows you to use [AWS KMS][aws-kms] asymmetric keys as if they were\nPGP/GPG keys. (Only for signatures for now.)\n\nThis can be useful if you have CI/CD pipelines signing code or artifacts and\nyou don't wish to do all the hassle of proper cryptographic key management.\n\nIt's also useful if you wish to use AWS CloudHSM keys via the KMS API for\nPGP/GPG operations.\n\n## How to use?\n\nDownload the latest release from the Github Releases page. Since this is a Java\nproject you can get the Jar, distribution Zip (which you can conveniently\ninstall on any OS) or a GraalVM native-image build for a fat binary that only\ndepends on the OS and architecture (no Java needed).\n\n`kmspgp` only runs when the proper AWS credentials are set. It uses the AWS SDK\ndefaults which obey environment variables, profile files and/or instance\nmetadata credentials.\n\nYou should have already created an asymmetric key for signing/verification\nonly in KMS, and have the proper access to the key (`DescribeKey`,\n`GetPublicKey` must be allowed). To list keys additionally the `ListKeys`\naction should be allowed.\n\n### Listing keys\n\nYou can list all usable keys with the `list` subcommand.\n\n### Exporting a key\n\nExporting a key in the PGP/GPG format so that it can be shared publicly is done\nusing the `export` subcommand. You must pass the `--user-name`, `--user-email`\noptions wich govern the PGP/GPG user ID (`NAME \u003cEMAIL\u003e (COMMENT)` format).\n\nExporting requires the `Sign` action to be allowed, since it performs a signing\noperation.\n\nUsually you do this once, and then share the exported file.\n\n### Signing data\n\nYou can sign data by using the `sign` subcommand. It reads from `STDIN` and\nthen signs the data using the provided key.\n\n### GPG fallback mode for Git signing\n\nYou can use `kmspgp` in GPG fallback mode to sign Git commits. In your Git\nproject specify the following configuration:\n\n```\ngit config --local gpg.program \u003cPATH-TO-KMSPGP\u003e\ngit config --local user.signingkey \u003cKMS-KEY-ARN\u003e\ngit config --local commit.gpgsign true\ngit config --local tag.forceSignAnnotated true\n```\n\nWhenever you call `git commit` you would need AWS credentials setup so that\nsigning can take place.\n\n## License\n\nThis software is Copyright \u0026copy; Stojan Dimitrovski 2022.\n\nLicensed under the MIT License. You can get a copy of it in the `LICENSE` file.\n\nThis distribution includes the excellent [Bouncy Castle library for Java][bc]\nwhich is also licensed under the MIT license.\n\nAdditionally, some dependencies may be licensed under the Apache 2.0 license.\n\n[aws-kms]: https://docs.aws.amazon.com/kms/latest/developerguide/overview.html\n[bc]: https://www.bouncycastle.org/java.html\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhf%2Fkmspgp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhf%2Fkmspgp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhf%2Fkmspgp/lists"}