Keywhiz alternatives and similar libraries
Based on the "Security" category.
Alternatively, view Keywhiz alternatives based on common mentions on social networks and blogs.
9.3 9.6 L2 Keywhiz VS KeycloakIntegrated SSO and IDM for browser apps and RESTful web services.
8.7 6.6 L3 Keywhiz VS Apache ShiroPerforms authentication, authorization, cryptography and session management.
8.4 9.5 L5 Keywhiz VS CryptomatorMultiplatform transparent client-side encryption of files in the cloud.
7.5 9.5 L2 Keywhiz VS Bouncy CastleAll-purpose cryptographic library. JCA provider, wide range of functions from basic helpers to PGP/SMIME operations.
6.4 7.2 Keywhiz VS jCasbinAn authorization library that supports access control models like ACL, RBAC, ABAC in Java
6.0 0.0 Keywhiz VS Google KeyczarEasy to use, yet safe encryption framework with key versioning.
5.9 8.1 L3 Keywhiz VS Themis by Cossack LabsCrypto library for storage and messaging for Swift, ObjC, Android, С++, JS, Python, Ruby, PHP, Go
The Okta Spring Boot Starter can be used to add OAuth 2.0 authorization to Spring Boot applications.
3.7 2.5 L2 Keywhiz VS HdivRuntime application self-protection against OWASP Top 10 security risks such us Insecure Direct Object References, SQL injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF) and much more.
3.1 0.0 L1 Keywhiz VS OACC FrameworkOACC (Object ACcess Control) is an advanced Java Application Security Framework
The Okta Authentication SDK can be used in scenarios where using OAuth 2.0 is not possible.
Secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets. It handles leasing, key revocation, key rolling, and auditing. Through a unified API, users can access an encrypted Key/Value store and network encryption-as-a-service, or generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH credentials, and more.
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest. Visit our partner's website for more details.
Do you think we are missing an alternative of Keywhiz or a related project?
Keywhiz is a system for distributing and managing secrets. For more information, see the website.
Our Protecting infrastructure secrets with Keywhiz blog post is worth reading, as it provides some useful context.
Keywhiz requires Java 11 and MySQL 5.7 or higher.
See [CONTRIBUTING](CONTRIBUTING.md) for details on submitting patches.
java -jar server/target/keywhiz-server-*-shaded.jar [COMMAND] [OPTIONS]
Useful commands to get started are
server. Use with
--help for a list of all available commands. Use with
[COMMAND] --help to
get help on a particular command.
For example, to run Keywhiz with a mysql database in development mode:
SERVER_JAR="server/target/keywhiz-server-*-shaded.jar" KEYWHIZ_CONFIG="server/target/classes/keywhiz-development.yaml" # Initialize dev database java -jar $SERVER_JAR migrate $KEYWHIZ_CONFIG # Add an administrative user java -jar $SERVER_JAR add-user $KEYWHIZ_CONFIG # Run server java -jar $SERVER_JAR server $KEYWHIZ_CONFIG
To connect to a running Keywhiz instance, you will need to use the CLI.
An example helper shell script that wraps the keywhiz-cli and sets some default parameters:
#!/bin/sh # Set the path to a compiled, shaded keywhiz-cli JAR file KEYWHIZ_CLI_JAR="/path/to/keywhiz-cli-shaded.jar" KEYWHIZ_SERVER_URL="https://$(hostname):4444" # Use these flags if you want to specify a non-standard CA trust store. # Alternatively, in development and testing specify the --devTrustStore # flag to use the default truststore (DO NOT use this in production, as # the truststore is checked into Keywhiz' code). TRUSTSTORE="-Djavax.net.ssl.trustStore=/path/to/ca-bundle.jceks" TRUSTTYPE="-Djavax.net.ssl.trustStoreType=JCEKS" java "$TRUSTSTORE" "$TRUSTTYPE" -jar "$KEYWHIZ_CLI_JAR" -U "$KEYWHIZ_SERVER_URL" "[email protected]"
Keywhiz uses jOOQ to talk to its database.
If you made changes to the database model and want to regenerate sources:
mvn install -pl model/ -Pgenerate-jooq-sources
We recommend IntelliJ IDEA for development.
Clients & API
Square also maintains a Keywhiz client implementation called Keysync.
We ship a [Dockerfile](Dockerfile) for building a Docker container for Keywhiz. Please see the Dockerfile for extra instructions.
Keywhiz is under the Apache 2.0 license. See the [LICENSE](LICENSE) file for details.
*Note that all licence references and agreements mentioned in the Keywhiz README section above are relevant to that project's source code only.