KeywhizFS vs KeySync

Dickson Daniel

unread,

Nov 18, 2019, 1:42:51 PM11/18/19

to keywhiz-users

Team,

The latest source code of Keywhiz in github follows KeywhisFS or Keysync?

also there is no examples on Clients.

how does Keywhiz client retrives keys from Keywhiz server?

https://square.github.io/keywhiz/

Can anyone help me in understanding the flow?

Many Thanks!

Dickson

Matthew McPherrin

unread,

Nov 18, 2019, 1:51:28 PM11/18/19

to Dickson Daniel, keywhiz-users

KeywhizFS has been replaced by Keywhiz. Please feel free to open a github issue to update the documentation, as it should reflect that change.

Keysync uses x509 client certificates to identify clients and authenticate to the keywhiz API. Keysync downloads each client's secrets.

The "client name", as visible in the keywhiz DB, cli, and API, should be the Common Name on the certificate.

No system for generating these x509 client certificates is part of Keywhiz currently; you must have a pre-existing PKI.

In the near future (likely Q1 2020, but potentially later in the year), we will probably require the use of https://spiffe.io/ as the system for generating them.

I will be writing a Keywhiz 2.0 roadmap by the end of the year which will outline those changes.

--
You received this message because you are subscribed to the Google Groups "keywhiz-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keywhiz-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keywhiz-users/eb837a4c-296b-4db4-a792-1bef0da30e21%40googlegroups.com.

Alok Menghrajani

unread,

Nov 18, 2019, 1:55:44 PM11/18/19

to Dickson Daniel, keywhiz-users, Matthew McPherrin

> KeywhizFS has been replaced by Keywhiz.

Matthew meant to say: KeywhizFS has been replaced by Keysync.

Alok

Dickson Daniel

unread,

Nov 18, 2019, 1:56:34 PM11/18/19

to keywhiz-users

Thanks Mathew.

On Tuesday, 19 November 2019 00:21:28 UTC+5:30, Matthew McPherrin wrote:

KeywhizFS has been replaced by Keywhiz. Please feel free to open a github issue to update the documentation, as it should reflect that change.

Keysync uses x509 client certificates to identify clients and authenticate to the keywhiz API. Keysync downloads each client's secrets.
The "client name", as visible in the keywhiz DB, cli, and API, should be the Common Name on the certificate.

No system for generating these x509 client certificates is part of Keywhiz currently; you must have a pre-existing PKI.
In the near future (likely Q1 2020, but potentially later in the year), we will probably require the use of https://spiffe.io/ as the system for generating them.

I will be writing a Keywhiz 2.0 roadmap by the end of the year which will outline those changes.

On Mon, Nov 18, 2019 at 10:42 AM Dickson Daniel <dick...@gmail.com> wrote:

Team,

The latest source code of Keywhiz in github follows KeywhisFS or Keysync?

also there is no examples on Clients.

how does Keywhiz client retrives keys from Keywhiz server?

https://square.github.io/keywhiz/

Can anyone help me in understanding the flow?

Many Thanks!
Dickson

--
You received this message because you are subscribed to the Google Groups "keywhiz-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to keywhi...@googlegroups.com.

Dickson Daniel

unread,

Nov 18, 2019, 2:31:57 PM11/18/19

to keywhiz-users

Thanks Alok. I got it :)

Reply all

Reply to author

Forward