A simple Toolkit to act as a GPG Creator / Signer / Verifier. This abstracts the use of the GPG and makes easy to sign / verify any GPG document using just a POST request.
- Getting Started
- Creating GPG Keys
- Setting up Keys
- Listing loaded private keys
- Unlock Private Key
- Signing Data
- Listing cached public keys
- Verifying Signatures
- Encrypting Data
- Decrypting Data
- Cluster Mode
- Vault Backend
- Quanto Agent
- Binary Builds
- Docker
- Building
These are the Environment Variables that you can set to manage the webserver:
PRIVATE_KEY_FOLDER
=> Folder to load / store encrypted private keys. (defaults to './keys')SYSLOG_IP
=> IP of the Syslog Server to send Console Messages (defaults to '127.0.0.1') Does not apply for WindowsSYSLOG_FACILITY
=> Facility of the Syslog to use. (defaults to 'LOG_USER')SKS_SERVER
=> SKS Server to fetch / put public keys. (defaults to 'https://pgp.mit.edu/')KEY_PREFIX
=> Prefix of the name of the keys to load (for example a key prefixtest_
will load any key namedtest_XXXX
).MAX_KEYRING_CACHE_SIZE
=> Maximum Number of Public Keys to cache (does not include Private Keys derived Public Keys). (defaults to 1000)ENABLE_RETHINKDB_SKS
=> Enables Internal SKS Server using RethinkDB (default: false)RETHINKDB_HOST
=> Hostname of RethinkDB Server (default: "rethinkdb")RETHINKDB_USERNAME
=> Username of RethinkDB Server (default "admin")RETHINKDB_PASSWORD
=> Password of RethinKDB ServerRETHINK_TOKEN_MANAGER
=> If a TokenManager using RethinkDB Should be used (defaults tofalse
, uses MemoryTokenManager) [Requires ENABLE_RETHINK_SKS]RETHINK_AUTH_MANAGER
=> If a AuthManager using RethinkDB Should be used (defaults tofalse
, uses JSONAuthManager) [Requires ENABLE_RETHINK_SKS]RETHINKDB_PORT
=> Port of RethinkDB Server (default 28015)AGENT_TARGET_URL
=> Target URL for Quanto Agent (defaults tohttps://quanto-api.com.br/all
)AGENT_KEY_FINGERPRINT
=> Default Key FingerPrint for AgentAGENT_BYPASS_LOGIN
=> If the Login for using Quanto Agent should be bypassed. DO NOT USE THIS IN EXPOSED REMOTESIGNERAGENT_EXTERNAL_URL
=> External URL used by GraphiQL to access agent. Defaults to/agent
AGENTADMIN_EXTERNAL_URL
=> External URL used by GraphiQL to access agent admin. Defaults to/agentAdmin
DATABASE_NAME
=> RethinkDB Database Name (default "remote_signer")MASTER_GPG_KEY_PATH
=> Master GPG Key PathMASTER_GPG_KEY_PASSWORD_PATH
=> Master GPG Key Password PathMASTER_GPG_KEY_BASE64_ENCODED
=> If the Master GPG Key is base64 encoded (default: true)VAULT_ADDRESS
=> Hashicorp Vault URLVAULT_SKIP_VERIFY
=> Hashicorp Vault Skip Verify SSL Certs on ConnectionVAULT_ROOT_TOKEN
=> Hashicorp Vault Root TokenVAULT_BACKEND
=> Hashicorp Vault Backend (for examplesecret
)VAULT_STORAGE
=> If a Hashicorp Vault should be used to store private keys instead of the diskVAULT_NAMESPACE
=> if a Hashicorp Vault Namespace to use (appended to backend, for example if namespace isremote-signer
the keys are stored undersecret/remote-signer
)HTTP_PORT
=> HTTP Port that Remote Signer will runREADONLY_KEYPATH
=> If the keypath is readonly. Iftrue
then it will create a temporary folder in/tmp
and copy all keys to there so it can work over it.SHOW_LINES
=> Show filename and lines in logsRequestIDHeader
=> Header field to get request ID