{"id":46293746,"url":"https://github.com/rhodey/lock.host-keys","last_synced_at":"2026-03-04T09:04:45.561Z","repository":{"id":339872289,"uuid":"1069790110","full_name":"rhodey/lock.host-keys","owner":"rhodey","description":"Lock.host key servers","archived":false,"fork":false,"pushed_at":"2026-02-22T00:47:13.000Z","size":96306,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-22T08:53:04.276Z","etag":null,"topics":["crypto","enclave","nitro"],"latest_commit_sha":null,"homepage":"https://lock.host","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rhodey.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-04T16:20:08.000Z","updated_at":"2026-02-22T00:47:17.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/rhodey/lock.host-keys","commit_stats":null,"previous_names":["rhodey/lock.host-keys"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/rhodey/lock.host-keys","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhodey%2Flock.host-keys","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhodey%2Flock.host-keys/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhodey%2Flock.host-keys/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhodey%2Flock.host-keys/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rhodey","download_url":"https://codeload.github.com/rhodey/lock.host-keys/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhodey%2Flock.host-keys/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30076935,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-04T08:01:56.766Z","status":"ssl_error","status_checked_at":"2026-03-04T08:00:42.919Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crypto","enclave","nitro"],"created_at":"2026-03-04T09:04:45.466Z","updated_at":"2026-03-04T09:04:45.552Z","avatar_url":"https://github.com/rhodey.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Lock.host-keys\nThe [Lock.host](https://github.com/rhodey/lock.host) key servers operate as a three node [RAFT](https://en.wikipedia.org/wiki/Raft_(algorithm)) cluster and will be available to devs who deploy [WASM](https://en.wikipedia.org/wiki/WebAssembly) apps with us. Devs who want to use the key servers without deploying WASM apps will be able to do WASM registration and use the access keys. We will be doing `us-east-1`, `us-east-2`, and `us-west-2` and the APIs will be:\n```\nhttps://use1.lock.host/api/k/v1/*\nhttps://use2.lock.host/api/k/v1/*\nhttps://usw2.lock.host/api/k/v1/*\n```\n\n## Build app\nThis is how PCR hashes are checked:\n```\njust serve-alpine\njust build-app\n...\n{\n  \"Measurements\": {\n    \"HashAlgorithm\": \"Sha384 { ... }\",\n    \"PCR0\": \"f7f1050667c96ce70b983f6953df7d9b72856b4cf6ff5664664656900ff80d9f7c819e7d3ada267ccda6c7fdb9cda402\",\n    \"PCR1\": \"4b4d5b3661b3efc12920900c80e126e4ce783c522de6c02a2a5bf7af3a2b9327b86776f188e4be1c1c404a129dbda493\",\n    \"PCR2\": \"ccc277d1274e343ba35dc6360d2038adfc69134b4aeaa59870080b90ef0098aa5c029c4f6142333092473e175e2b4ca4\"\n  }\n}\n```\n\nSee that [run.yml](.github/workflows/run.yml) is testing that PCRs in this readme match the build\n\n## Test\n+ In test containers emulate TEEs\n+ Two fifos /tmp/read and /tmp/write emulate a vsock\n```\njust serve-alpine\njust build-test-app build-test-khost\njust make-test-fifos\ncp example.yml config.yml\ncp example.env .env\ndocker compose up -d\nsleep 10 \u0026\u0026 just do-test khost1\n```\n\n## Prod\n+ In prod all I/O passes through /dev/vsock\n```\njust serve-alpine\njust build-app build-khost\n(upload config.yml to prod bucket)\ncp example.env .env\njust run-app\njust run-khost\n```\n\n## Apks\nModify apk/Dockerfile.fetch to include all apks then run:\n```\njust proxy-alpine\njust fetch-alpine\n```\n\n## License\nhello@lock.host\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frhodey%2Flock.host-keys","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frhodey%2Flock.host-keys","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frhodey%2Flock.host-keys/lists"}