Keyper is an SSH Key/Certificate Authentication Manager. It standardizes and centralizes the storage of SSH public keys and SSH Public Certificates for all Linux users within your organization saving significant time and effort it takes to manage SSH public keys and certificates. Keyper is a lightweight container taking less than 100MB. It is launched either using Docker or Podman. You can be up and running within minutes instead of days.
Features include:
- Public key storage
- SSH CA
- Certificate signing and storage
- Public Key/Certificate Expiration
- Forced Key rotation
- Key Revocation List (KRL)
- Streamlined provision or de-provisioning of users
- Segmentation of Servers using groups
- Policy definition to restrict user's access to server(s)
- Centralized user account lockout
- Docker container
Keyper hasn't been updated in over 2 years and the docker build from the original repo no longer works.
Follow the steps to build docker image using source code:
- Clone this git repository
$ git clone https://github.com/dbsentry/keyper-docker.git
- Download keyper REST API submodule
$ cd keyper-docker
$ git submodule init
$ git submodule update modules/keyper
$ git submodule update modules/keyper-fe
- By default Makefile creates image as dbsentry/keyper. To change, modify Makefile
- Change .release to reflect correct tag on docker image
- Run build
$ make build
The generated image when run would start a docker container with openldap and Keyper REST-API service.
Refer to the administration guide for further information.
All assets and code are under the GNU GPL LICENSE and in the public domain unless specified otherwise.
Some files were sourced from other open source projects and are under their terms and license.