{"id":21745167,"url":"https://github.com/zuazo/keywhiz-docker","last_synced_at":"2025-08-24T06:17:31.948Z","repository":{"id":34515984,"uuid":"38457756","full_name":"zuazo/keywhiz-docker","owner":"zuazo","description":"Docker image with Keywhiz: A system for managing and distributing secrets.","archived":false,"fork":false,"pushed_at":"2015-12-14T05:16:53.000Z","size":58,"stargazers_count":9,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-26T22:05:08.769Z","etag":null,"topics":["credentials","devops","docker","encrypted-store","entrypoint","keywhiz","passwords","secret-distribution","secret-management","secrets"],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/zuazo/keywhiz/","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zuazo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-07-02T21:26:24.000Z","updated_at":"2025-01-07T05:46:29.000Z","dependencies_parsed_at":"2022-09-15T04:01:06.172Z","dependency_job_id":null,"html_url":"https://github.com/zuazo/keywhiz-docker","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zuazo%2Fkeywhiz-docker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zuazo%2Fkeywhiz-docker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zuazo%2Fkeywhiz-docker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zuazo%2Fkeywhiz-docker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zuazo","download_url":"https://codeload.github.com/zuazo/keywhiz-docker/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248665743,"owners_count":21142123,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["credentials","devops","docker","encrypted-store","entrypoint","keywhiz","passwords","secret-distribution","secret-management","secrets"],"created_at":"2024-11-26T07:13:48.736Z","updated_at":"2025-04-13T05:12:24.349Z","avatar_url":"https://github.com/zuazo.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"### Keywhiz Docker Container\n\n[![GitHub](http://img.shields.io/badge/github-zuazo/keywhiz--docker-blue.svg?style=flat)](https://github.com/zuazo/keywhiz-docker) [![ImageLayers Size](https://img.shields.io/imagelayers/image-size/zuazo/keywhiz/latest.svg)](https://imagelayers.io/?images=zuazo/keywhiz:latest) [![Docker Repository on Quay.io](https://quay.io/repository/zuazo/keywhiz/status \"Docker Repository on Quay.io\")](https://quay.io/repository/zuazo/keywhiz) [![Circle CI](https://circleci.com/gh/zuazo/keywhiz-docker/tree/master.svg?style=shield)](https://circleci.com/gh/zuazo/keywhiz-docker/tree/master)\n\nA [Docker](https://www.docker.com/) image with [Keywhiz](http://square.github.io/keywhiz/).\n\n#### Supported Tags and Respective `Dockerfile` Links\n\n* `0.7.10`, `0.7`, `latest` ([*/Dockerfile*](https://github.com/zuazo/keywhiz-docker/tree/master/Dockerfile))\n* `0.7.7` ([*/Dockerfile*](https://github.com/zuazo/keywhiz-docker/blob/0.7.7/Dockerfile))\n* `0.7.6` ([*/Dockerfile*](https://github.com/zuazo/keywhiz-docker/blob/0.7.6/Dockerfile))\n\n#### What Is Keywhiz?\n\nFrom [its own website](http://square.github.io/keywhiz/):\n\n*Keywhiz is a system for managing and distributing secrets. It can fit well with a service oriented architecture (SOA).*\n*[...]*\n\n*Keywhiz makes managing secrets easier and more secure. Keywhiz servers in a cluster centrally store secrets encrypted in a database. Clients use mutually authenticated TLS (mTLS) to retrieve secrets they have access to. Authenticated users administer Keywhiz via CLI or web app UI. To enable workflows, Keywhiz has automation APIs over mTLS and support for simple secret generation plugins.*\n\n*Keywhiz should be considered alpha at this point. Upcoming changes may break API backward compatibility. See our [roadmap](http://square.github.io/keywhiz/#roadmap).*\n\n#### How to Use This Image\n\n##### Download the Image\n\n    $ docker pull zuazo/keywhiz\n\n##### Run a Keywhiz Server With Development Data\n\n    $ docker run -d -p 4444:4444 zuazo/keywhiz\n\nYou can now open [https://127.0.0.1:4444/](https://127.0.0.1:4444/) to navigate the Keywhiz server. The development data provides a `keywhizAdmin:adminPass` account.\n\nSee the [*examples/*](https://github.com/zuazo/keywhiz-docker/tree/master/examples) directory for more examples.\n\n##### Configuration\n\nThis image starts Keywhiz with the development data by default. All the `CMD` calls will have the Keywhiz JAR file as entrypoint (`java -jar [...]/keywhiz-server-shaded.jar`).\n\nIf you don't want to use development data, you should generate at least the following data:\n\n* A new CA (and the *truststore.p12* file).\n* Client certificates.\n* A server certificate (and the *keystore.p12* file).\n\nThe following image generates the following data in the entrypoint script:\n\n* A base derivation key using `gen-aes` in *derivation.jceks*.\n* Random cookie key in *server/target/classes/cookiekey.base64*.\n\nYou can use them directly from your YAML configuration file or generate your own.\n\nSee how to generate all this data in the [Keywhiz development key material generation documentation](https://github.com/square/keywhiz/wiki/Development-and-test-key-material).\n\n#### Build from Sources\n\nInstead of installing the image from Docker Hub, you can build the image from sources if you prefer:\n\n    $ git clone https://github.com/zuazo/keywhiz-docker keywhiz\n    $ cd keywhiz\n    $ docker build -t zuazo/keywhiz .\n\n#### Exposed TCP/IP Ports\n\n* `4444`: Keywhiz application HTTPS port.\n\n#### Environment Variables Used at Runtime by the Entrypoint Script\n\n* `COOKIEKEY_PATH`: Randomly generated cookie key path (`server/target/classes/cookiekey.base64`).\n* `KEYSTORE_PASS`: Password used to generate the derivation key (randomly generated).\n* `JAVA_ARGS`: Some java arguments.\n\nYou can change them using `docker run -e [...]` or in your *Dockerfile*, using the `ENV` instruction.\n\n#### Read-only Environment Variables Used at Build Time\n\n* `KEYWHIZ_VERSION`: Keywhiz version to install (`0.7.6`).\n* `KEYWHIZ_PREFIX`: Keywhiz parent directory (`/opt`).\n* `JAR`: Keywhiz JAR file path (`server/target/keywhiz-server-shaded.jar`).\n* `ENTRYPOINT`: Entrypoint, used to run the Keywhiz binary (`java -jar server/target/keywhiz-server-shaded.jar`). You can use it to call the Keywhiz application with some arguments: `RUN $ENTRYPOINT check`, `RUN $ENTRYPOINT migrate`, `RUN $ENTRYPOINT db-seed`, ...\n\nThe docker working directory is set to the main Keywhiz directory (`/opt/keywhiz-VERSION`).\n\n### License and Author\n\n|                      |                                          |\n|:---------------------|:-----------------------------------------|\n| **Author:**          | [Xabier de Zuazo](https://github.com/zuazo) (xabier@zuazo.org)\n| **Copyright:**       | Copyright (c) 2015\n| **License:**         | Apache License, Version 2.0\n\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzuazo%2Fkeywhiz-docker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzuazo%2Fkeywhiz-docker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzuazo%2Fkeywhiz-docker/lists"}