{"id":13451782,"url":"https://github.com/square/keywhiz","last_synced_at":"2025-09-27T07:31:11.619Z","repository":{"id":29332700,"uuid":"32866430","full_name":"square/keywhiz","owner":"square","description":"A system for distributing and managing secrets","archived":true,"fork":false,"pushed_at":"2023-09-18T18:01:03.000Z","size":5957,"stargazers_count":2620,"open_issues_count":46,"forks_count":216,"subscribers_count":60,"default_branch":"master","last_synced_at":"2024-11-03T07:32:07.623Z","etag":null,"topics":["crypto","enterprise-software","keywhiz","manage-secrets","secret-distribution","secret-management","secrets","secrets-management"],"latest_commit_sha":null,"homepage":"https://square.github.io/keywhiz/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/square.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null}},"created_at":"2015-03-25T13:31:39.000Z","updated_at":"2024-10-29T19:18:48.000Z","dependencies_parsed_at":"2023-02-16T04:15:31.706Z","dependency_job_id":"ae92c720-e6da-44f9-9b89-62761a9aad19","html_url":"https://github.com/square/keywhiz","commit_stats":null,"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/square%2Fkeywhiz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/square%2Fkeywhiz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/square%2Fkeywhiz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/square%2Fkeywhiz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/square","download_url":"https://codeload.github.com/square/keywhiz/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234410050,"owners_count":18828128,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crypto","enterprise-software","keywhiz","manage-secrets","secret-distribution","secret-management","secrets","secrets-management"],"created_at":"2024-07-31T07:01:02.291Z","updated_at":"2025-09-27T07:31:10.641Z","avatar_url":"https://github.com/square.png","language":"Java","readme":"# Deprecated\n**As of 9/18/23 this project is now deprecated and no longer maintained; we recommend using HashiCorp Vault as a more robust and actively supported alternative.**\n\n# Keywhiz\n\n[![license](https://img.shields.io/badge/license-apache_2.0-red.svg?style=flat)](https://raw.githubusercontent.com/square/keywhiz/master/LICENSE)\n[![maven](https://img.shields.io/maven-central/v/com.squareup.keywhiz/keywhiz-server.svg)](https://search.maven.org/#search%7Cga%7C1%7Cg%3A%22com.squareup.keywhiz%22)\n[![build](https://img.shields.io/travis/square/keywhiz/master.svg?style=flat)](https://travis-ci.org/square/keywhiz)\n\nKeywhiz is a system for distributing and managing secrets.\nFor more information, see the [website][1].\n\nOur [Protecting infrastructure secrets with Keywhiz][2] blog post is worth\nreading, as it provides some useful context.\n\n## Develop\n\nKeywhiz requires Java 11 and MySQL 5.7 or higher.\n\nSee [CONTRIBUTING](CONTRIBUTING.md) for details on submitting patches.\n\nBuild Keywhiz:\n\n    mvn install\n\nRun Keywhiz:\n\n    java -jar server/target/keywhiz-server-*-shaded.jar [COMMAND] [OPTIONS]\n\nUseful commands to get started are `migrate`, `add-user` and `server`. Use with\n`--help` for a list of all available commands. Use with `[COMMAND] --help` to\nget help on a particular command.\n\nFor example, to run Keywhiz with a mysql database in development mode:\n\n    SERVER_JAR=\"server/target/keywhiz-server-*-shaded.jar\"\n    KEYWHIZ_CONFIG=\"server/target/classes/keywhiz-development.yaml\"\n\n    # Initialize dev database\n    java -jar $SERVER_JAR migrate $KEYWHIZ_CONFIG\n\n    # Add an administrative user\n    java -jar $SERVER_JAR add-user $KEYWHIZ_CONFIG\n\n    # Run server\n    java -jar $SERVER_JAR server $KEYWHIZ_CONFIG\n\nTo connect to a running Keywhiz instance, you will need to use the CLI.\n\nAn example helper shell script that wraps the keywhiz-cli and sets some default parameters:\n\n    #!/bin/sh\n\n    # Set the path to a compiled, shaded keywhiz-cli JAR file\n    KEYWHIZ_CLI_JAR=\"/path/to/keywhiz-cli-shaded.jar\"\n    KEYWHIZ_SERVER_URL=\"https://$(hostname):4444\"\n\n    # Use these flags if you want to specify a non-standard CA trust store.\n    # Alternatively, in development and testing specify the --devTrustStore \n    # flag to use the default truststore (DO NOT use this in production, as\n    # the truststore is checked into Keywhiz' code).\n    TRUSTSTORE=\"-Djavax.net.ssl.trustStore=/path/to/ca-bundle.jceks\"\n    TRUSTTYPE=\"-Djavax.net.ssl.trustStoreType=JCEKS\"\n\n    java \"$TRUSTSTORE\" \"$TRUSTTYPE\" -jar \"$KEYWHIZ_CLI_JAR\" -U \"$KEYWHIZ_SERVER_URL\" \"$@\"\n\nKeywhiz uses [jOOQ](http://www.jooq.org/) to talk to its database.\n\nIf you made changes to the database model and want to regenerate sources:\n\n    mvn install -pl model/ -Pgenerate-jooq-sources\n\nWe recommend [IntelliJ IDEA](https://www.jetbrains.com/idea/) for development.\n\n## IntelliJ IDEA\n\nTo enable auto-completion, code navigation, etc., open the `keywhiz` repository in IDEA, \nright click `pom.xml` in the repository root, and select \"Add as Maven Project\".\n\n## Clients \u0026 API\n\nSquare also maintains a Keywhiz client implementation called [Keysync](https://github.com/square/keysync).\n\n## Docker\n\nWe ship a [Dockerfile](Dockerfile) for building a Docker container for Keywhiz.\nPlease see the Dockerfile for extra instructions.\n\n## License\n\nKeywhiz is under the Apache 2.0 license. See the [LICENSE](LICENSE) file for details.\n\n[1]: https://square.github.io/keywhiz\n[2]: https://developer.squareup.com/blog/protecting-infrastructure-secrets-with-keywhiz\n","funding_links":[],"categories":["Java","Projects","Frameworks and Libs","Cryptography","项目","安全","VI. Program languages and applications that were written with Java"],"sub_categories":["Security","Java","安全","5. Opensource applications that were written with Java"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsquare%2Fkeywhiz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsquare%2Fkeywhiz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsquare%2Fkeywhiz/lists"}