apikeyman

module
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 10, 2024 License: MIT

README

Build Status Go Report Card PkgGoDev

Simple authentication service to store and validate API keys. Intended to be used with ORY oathkeeper or similar proxies to authenticate request using API keys.

Features

  • Store API keys in sql database. Available databases are: postgres, sqlite
  • Generate API keys
  • Check API keys with care
  • Generate and validate signatures for requests using assymetric encryption. See below

Signature algorithms

Names are taken from this list

Algorithm Description
RS256 RSASSA-PKCS1-v1_5 using SHA-256
RS512 RSASSA-PKCS1-v1_5 using SHA-512
ES256 ECDSA using P-256 and SHA-256
ES256K ECDSA using secp256k1 and SHA-256
EdDSA Ed25519

Public keys encoded as PKIX and private as PKCS8 asn1 binary. String encoding depends on usage - for REST API it is base64 encoded(same as middle part of PEM file), comman line uses PEM files.

Installation

Local

Download binary release from releases page. Start the service with the following command:

./apikeyman server --db postgres://user:password@localhost:5432/dbname

See Configuration for more details.

Docker compose

cd deploy/compose
docker-compose up

Helm chart

Repo: https://jaspeen.github.io/apikeyman

helm show all apikeyman --repo https://jaspeen.github.io/apikeyman

Usage

Command line

There are commands to generate, sign and verify signatures. See helm in apikeyman -h and example usages in cmd/apikeyman/tests/openssl-compat-tests.sh

Service

Create API Key
$ curl http://localhost:8080/apikeys -d '{"sub": "users:ci", "alg": "ES256", "name": "gh_action_token", 'exp_sec': 86400}' -H 'Content-Type: application/json'
{
  "apikey":"1:HFqAdqST5gdRrV8KT7YqCm2Hcby4C7Y7znD5CTAWiMLc",
  "publickey":"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEt6RHimLFlLD8Q0ts+yNCdK39PxE4We9BAdFkhY6cX9RosnBYwD07GN88V1OySgUUOa3hYzehpFZrwJpmm4R6CA==",
  "privatekey":"MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgtp3DF6oKRBDKSFrtbkJNtlwxIhDNkJD7wYHMD0OVRqqhRANCAAS3pEeKYsWUsPxDS2z7I0J0rf0/EThZ70EB0WSFjpxf1GiycFjAPTsY3zxXU7JKBRQ5reFjN6GkVmvAmmabhHoI"
}
Check API Key
curl -X POST http://localhost:8080/check  -H 'X-API-KEY: 1:HFqAdqST5gdRrV8KT7YqCm2Hcby4C7Y7znD5CTAWiMLc' -d 'anybody'
{
  "sub": "users:ci"
}
Verify signature
curl -X POST http://localhost:8080/verify -H 'X-API-KEY: 1:HFqAdqST5gdRrV8KT7YqCm2Hcby4C7Y7znD5CTAWiMLc' -H "X-Timestamp: "$(date +%s) -H 'X-Signature: XXX' -d 'anybody'
{
  "sub": "users:ci"
}

License

MIT

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Directories

Path Synopsis
all
rsa
cmd
db

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL