{"id":26227682,"url":"https://github.com/theboringhumane/xyphos","last_synced_at":"2026-02-17T06:32:03.570Z","repository":{"id":275781699,"uuid":"927080636","full_name":"theboringhumane/Xyphos","owner":"theboringhumane","description":"🔐 Xyphos : Open Source Key Management System (KMS): A secure, multi-tenant key management system built in Go. An open-source alternative to Google Cloud KMS with enhanced features.","archived":false,"fork":false,"pushed_at":"2025-02-05T13:57:39.000Z","size":2785,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"sudo","last_synced_at":"2025-12-22T13:37:36.030Z","etag":null,"topics":["cloudkms","cryptography","encryption","encryption-decryption","kms","mathematics"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/theboringhumane.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-02-04T11:22:36.000Z","updated_at":"2025-02-28T16:54:09.000Z","dependencies_parsed_at":"2025-04-19T16:19:37.739Z","dependency_job_id":"2af5952f-e381-4156-991e-920544bcd95b","html_url":"https://github.com/theboringhumane/Xyphos","commit_stats":null,"previous_names":["theboringhumane/xyphos"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/theboringhumane/Xyphos","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/theboringhumane%2FXyphos","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/theboringhumane%2FXyphos/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/theboringhumane%2FXyphos/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/theboringhumane%2FXyphos/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/theboringhumane","download_url":"https://codeload.github.com/theboringhumane/Xyphos/tar.gz/refs/heads/sudo","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/theboringhumane%2FXyphos/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29535971,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-17T05:00:25.817Z","status":"ssl_error","status_checked_at":"2026-02-17T04:57:16.126Z","response_time":100,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloudkms","cryptography","encryption","encryption-decryption","kms","mathematics"],"created_at":"2025-03-12T20:18:48.598Z","updated_at":"2026-02-17T06:32:03.555Z","avatar_url":"https://github.com/theboringhumane.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🔐 Xyphos\n\n\u003e Why did the cryptographer bring a ladder to work? Because they heard the encryption keys were stored at a higher level! 🪜\n\nA secure, multi-tenant key management system built in Go. Think Google Cloud KMS, but open source and running in your own infrastructure! \n\n[![GitHub stars](https://img.shields.io/github/stars/theboringhumane/xyphos?style=social)](https://github.com/theboringhumane/xyphos/stargazers)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n[![Go Report Card](https://goreportcard.com/badge/github.com/theboringhumane/xyphos)](https://goreportcard.com/report/github.com/theboringhumane/xyphos)\n\n## 🌟 Overview\n\nXyphos is a complete key management solution with two main components:\n\n1. 🔒 **Server** ([Documentation](docs/server/README.md))\n   - Go-based KMS service with BadgerDB storage\n   - FIPS 140-2 compliant cryptographic operations\n   - Secure key storage and management\n   \n2. 🌐 **Frontend Dashboard**\n   - Modern React/Next.js interface\n   - WebCrypto API integration\n   - Real-time key management\n\n## 🔐 Encryption Documentation\n\nFor detailed information on the encryption process, key management, and client configuration, see the [Encryption Documentation](docs/encryption.md).\n\n## 🏗️ System Architecture\n\n```mermaid\ngraph TD\n    A[Frontend - Next.js] --\u003e|HTTPS| B[API Gateway - Go/Gin]\n    B --\u003e C[Auth Service]\n    B --\u003e D[KMS Service]\n    D --\u003e E[HSM Service]\n    D --\u003e F[BadgerDB]\n    D --\u003e G[Audit Service]\n    \n    style A fill:#f9f,stroke:#333,stroke-width:2px\n    style B fill:#bbf,stroke:#333,stroke-width:2px\n    style C fill:#dfd,stroke:#333,stroke-width:2px\n    style D fill:#fdd,stroke:#333,stroke-width:2px\n```\n\n## 🚀 Quick Start\n\n\u003e Why do developers prefer dark mode? Because light attracts bugs! 🪲\n\n### Prerequisites\n\n- 🐹 Go 1.21+\n- 📦 Node.js 18+\n- 🐳 Docker (optional)\n- ☕ Coffee (lots of it!)\n\n### Setup\n\n1. Clone the repo:\n```bash\ngit clone https://github.com/theboringhumane/xyphos.git\ncd xyphos\n```\n\n2. Set up the server:\n```bash\ncp .env.example .env\n# Generate JWT secret\nopenssl rand -base64 32  # Copy to JWT_SECRET in .env\ngo run cmd/main.go\n```\n\n3. Set up the frontend:\n```bash\ncd frontend\ncp .env.example .env\n# Generate NextAuth secret\nopenssl rand -base64 32  # Copy to NEXTAUTH_SECRET in .env\nnpm install \u0026\u0026 npm run dev\n```\n\nFor detailed server documentation, including API endpoints and security architecture, see the [Server Documentation](docs/server/README.md).\n\n## 🎮 Client SDK\n\n### 📦 Installation\n\n```bash\nnpm install @xyphos/client\n# or\nyarn add @xyphos/client\n```\n\n### 🔧 Configuration\n\n```typescript\ninterface ClientConfig {\n  baseURL: string;\n  clientConfigId: string;\n  clientConfigSecret: string;\n  timeout?: number;        // Default: 30000ms\n  retryConfig?: {\n    maxRetries: number;    // Default: 3\n    backoffFactor: number; // Default: 0.1\n    statusForcelist: number[]; // Default: [500, 502, 503, 504, 429]\n  };\n  privateKey?: string;     // RSA private key for request encryption\n}\n```\n\n### 🚀 Basic Usage\n\n```typescript\nimport { APIClient } from '@xyphos/client'\n\n// Initialize with basic config\nconst client = new APIClient({\n  baseURL: 'http://localhost:8080',\n  clientConfigId: 'your-client-id',\n  clientConfigSecret: 'your-client-secret'\n})\n\n// Or with full configuration including encryption\nconst secureClient = new APIClient({\n  baseURL: 'http://localhost:8080',\n  clientConfigId: 'your-client-id',\n  clientConfigSecret: 'your-client-secret',\n  timeout: 30000,\n  retryConfig: {\n    maxRetries: 3,\n    backoffFactor: 0.1,\n    statusForcelist: [500, 502, 503, 504, 429]\n  },\n  privateKey: '-----BEGIN PRIVATE KEY-----\\n...\\n-----END PRIVATE KEY-----'\n})\n\n// 🔐 Encrypt data\nconst { ciphertext, keyVersion } = await client.encrypt({\n  projectId: 'my-project',\n  locationId: 'us-west1',\n  keyringId: 'app-keys',\n  keyId: 'encryption-key',\n  plaintext: 'super secret message'\n})\n\n// 🔓 Decrypt data\nconst { plaintext } = await client.decrypt({\n  projectId: 'my-project',\n  locationId: 'us-west1',\n  keyringId: 'app-keys',\n  keyId: 'encryption-key',\n  keyVersion: keyVersion,\n  ciphertext: ciphertext\n})\n```\n\n### 🔄 Automatic Retries\n\nThe client includes built-in retry logic for handling transient failures:\n\n```typescript\n// Custom retry configuration\nconst client = new APIClient({\n  // ... other config\n  retryConfig: {\n    maxRetries: 5,                    // Maximum number of retry attempts\n    backoffFactor: 0.2,              // Exponential backoff multiplier\n    statusForcelist: [500, 502, 503]  // Status codes that trigger retries\n  }\n})\n```\n\n### 🔐 End-to-End Encryption\n\nWhen initialized with a private key, the client automatically handles request/response encryption:\n\n```typescript\n// The client will automatically:\n// 1. Encrypt request bodies using RSA-OAEP\n// 2. Decrypt encrypted responses\n// 3. Handle key rotation and management\nconst encryptedClient = new APIClient({\n  // ... other config\n  privateKey: process.env.CLIENT_PRIVATE_KEY\n})\n\n// All requests/responses will be automatically encrypted\nconst result = await encryptedClient.encrypt({\n  projectId: 'my-project',\n  keyringId: 'app-keys',\n  keyId: 'encryption-key',\n  plaintext: 'This request will be encrypted'\n})\n```\n\n### 🚨 Error Handling\n\n```typescript\ntry {\n  await client.encrypt(/*...*/)\n} catch (error) {\n  if (error instanceof AuthenticationError) {\n    // Handle authentication failure\n  } else if (error instanceof PermissionError) {\n    // Handle permission issues\n  } else if (error instanceof NotFoundError) {\n    // Handle missing resources\n  } else if (error instanceof InvalidInputError) {\n    // Handle invalid input\n  } else if (error instanceof KMSError) {\n    // Handle general KMS errors\n  }\n}\n```\n\n## 🤝 Contributing\n\n\u003e How many developers does it take to change a light bulb? None, that's a hardware problem! 💡\n\nContributions are welcome! Check out our [Contributing Guide](CONTRIBUTING.md).\n\n## 📝 License\n\nMIT License - see [LICENSE](LICENSE)\n\n## 🧑‍💻 Author\n\nCreated with ❤️ by [Harsh VARDHAN GOSWAMI](https://github.com/theboringhumane)\n\n\u003e Why did the developer go broke? Because they used up all their cache! 💰\n\n---\n*Remember: In cryptography we trust, but we still verify! 🔍*","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftheboringhumane%2Fxyphos","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftheboringhumane%2Fxyphos","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftheboringhumane%2Fxyphos/lists"}