keyden
| Crates.io | keyden |
| lib.rs | keyden |
| version | 0.1.7 |
| created_at | 2025-05-14 02:31:40.179889+00 |
| updated_at | 2025-05-14 02:44:41.646525+00 |
| description | Keyden: a simple CLI and library for managing, rotating, and generating secret keys safely. |
| homepage | |
| repository | https://github.com/vivsh/keyden |
| max_upload_size | |
| id | 1672784 |
| size | 35,984 |
vivek (vivsh)
documentation
README
Keyden
Keyden is a lightweight tool for managing, rotating, and retrieving secret keys.
It is designed to be both a fast command-line utility and a pure Rust library โ making secure key management simple for applications and developers.
โจ Features
- ๐ Secure Secret Management: Manage printable secret keys for sessions, tokens, password resets.
- ๐ Key Rotation: Rotate keys based on age or minimum key count.
- โก Blazing Fast: Pure
std, no async runtime needed. - ๐งน Minimalistic CLI: Clean commands for scripting and automation.
- ๐ Library First: Fully embeddable inside any Rust server, CLI or worker.
- ๐ ๏ธ Transparent Format: Human-readable key files, simple for backups.
๐ญน Design Philosophy
Keyden is built to be:
- Sync-first: No async or futures overhead unless necessary.
- Memory efficient: Minimal allocations, small footprint.
- Concurrency safe: Internal fast
RwLockwithparking_lot. - Extensible: Plug different backends easily (e.g., database, encrypted stores).
- Transparent and Simple: Files are plain, portable, and auditable.
๐ฆ Installation
Install Keyden CLI:
cargo install keyden
Or include it in your project:
[dependencies]
keyden = "0.1"
๐ ๏ธ CLI Usage
Keyden CLI manages secret keys through four subcommands:
| Subcommand | Description |
|---|---|
rotate [file] |
Rotate keys. Generates new ones if count is insufficient. |
current [file] |
Print the latest active secret key. |
list [file] |
List all keys and their creation timestamps. |
generate |
Generate a one-time temporary secret key (not stored). |
๐น Examples
Rotate keys in a file:
keyden rotate ./keys.txt
Rotate with custom key size:
keyden rotate ./keys.txt --size 256
Retrieve the current active key:
keyden current ./keys.txt
List all keys:
keyden list ./keys.txt
Generate a temporary secret key without storing:
keyden generate --size 512
๐น Environment variable: KEYDEN_FILE
Instead of providing [file] every time, you can set a default file path:
export KEYDEN_FILE=./keys.txt
keyden rotate
keyden list
keyden current
If the positional file argument is missing, Keyden automatically tries $KEYDEN_FILE.
๐ Using Keyden as a Library
Add to your Cargo.toml:
[dependencies]
keyden = "0.1"
Example Rust usage
use keyden::file_store::FileKeyStore;
use keyden::key_manager::KeyManager;
fn main() -> Result<(), Box<dyn std::error::Error>> {
// Load a file-backed key store
let store = FileKeyStore::new("./keys.txt")?;
// Build the manager
let manager = KeyManager::builder(store)
.size(128)
.count(2)
.ttl_secs(86400) // 1 day
.build()?;
// Rotate if needed
manager.rotate_keys()?;
// Get current key
if let Some(current) = manager.current_key() {
println!("Current key: {}", current.secret);
}
// Generate a temporary one-time key
let temp = KeyManager::generate_temp_key(256);
println!("Temporary key: {}", temp.secret);
Ok(())
}
๐ Important Security Notes
- Keyden does not encrypt key files. Set correct permissions (
chmod 600 keys.txt). - The file format is portable and easy to parse in any environment.
- Rotate keys regularly for high-security environments.
๐ ๏ธ Project Structure
keyden/
โโโ src/
โ โโโ main.rs # CLI entry point
โ โโโ lib.rs # Library exports
โ โโโ commons.rs # Common types: KeyStore, KeyMaterial
โ โโโ file_store.rs # File-based KeyStore backend
โ โโโ key_manager.rs # KeyManager: rotation, reload, listing
โ โโโ utils.rs # Helpers (e.g., generate_secret)
โโโ Cargo.toml
โโโ README.md
โโโ .gitignore
โโโ LICENSE
๐ License
Licensed under either of:
- MIT License
- Apache 2.0 License
at your option.