A Tigrbl key management service for Swarmauri.
Project description
Tigrbl KMS
Tigrbl KMS provides a lightweight key management service built on FastAPI.
Deploy
Run the service with the provided CLI:
uv run --package tigrbl_kms --directory pkgs/standards/tigrbl_kms tigrbl-kms --host 127.0.0.1 --port 8000 --no-reload
Verify
Once the service starts, you can verify it is running:
curl http://127.0.0.1:8000/system/healthz
The endpoint returns {"ok": true} when deployment succeeds.
Create a key and encrypt data
Initialize the SQLite database:
uv run --package tigrbl_kms --directory pkgs/standards/tigrbl_kms -- python - <<'PY'
from tigrbl_kms.app import engine
from tigrbl.orm.tables import Base
import asyncio
async def init():
async with engine.begin() as conn:
await conn.run_sync(Base.metadata.create_all)
asyncio.run(init())
PY
Start a demo server that injects a simple crypto provider:
uv run --package tigrbl_kms --directory pkgs/standards/tigrbl_kms -- python - <<'PY'
import uvicorn
from tigrbl_kms.app import app
from types import SimpleNamespace
class DummyCrypto:
async def encrypt(self, *, kid, plaintext, alg, aad=None, nonce=None):
return SimpleNamespace(nonce=b'n', ct=plaintext[::-1], tag=b't', version=1, alg=alg)
async def decrypt(self, *, kid, ciphertext, nonce, tag=None, aad=None, alg=None):
return ciphertext[::-1]
@app.middleware("http")
async def add_crypto(request, call_next):
request.state.crypto = DummyCrypto()
return await call_next(request)
uvicorn.run(app, host="127.0.0.1", port=8000, reload=False)
PY
In another terminal, create a key:
curl -s -X POST http://127.0.0.1:8000/kms/Key \
-H "Content-Type: application/json" \
-d '{"name":"demo","algorithm":"AES256_GCM"}'
Example response:
{"id":"5e454eb6-7739-453b-9aee-21d60032a773","name":"demo","algorithm":"AES256_GCM","status":"enabled","primary_version":1}
Encrypt some data with the key (the plaintext must be base64-encoded):
PLAINTEXT=$(echo -n 'hello world' | base64)
curl -s -X POST http://127.0.0.1:8000/kms/Key/5e454eb6-7739-453b-9aee-21d60032a773/encrypt \
-H "Content-Type: application/json" \
-d "{\"plaintext_b64\":\"$PLAINTEXT\"}"
Sample output:
{"kid":"5e454eb6-7739-453b-9aee-21d60032a773","version":1,"alg":"AES256_GCM","nonce_b64":"bg==","ciphertext_b64":"ZGxyb3cgb2xsZWg=","tag_b64":"dA=="}
The ciphertext is base64 encoded and can be decrypted with the corresponding decrypt endpoint.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file tigrbl_kms-0.3.0.dev2.tar.gz.
File metadata
- Download URL: tigrbl_kms-0.3.0.dev2.tar.gz
- Upload date:
- Size: 15.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.8.16
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b2e0f949e6c62feab8e3d9a6c984b175bdfbea68b7f844044789d9bc62ee591a
|
|
| MD5 |
48c511122c5b7fe5c5adf1eef1d05ac1
|
|
| BLAKE2b-256 |
c5c8db0a6774e3114d56275456e2dfc2730cb1e974015f19dfe7b7c24a0afebd
|
File details
Details for the file tigrbl_kms-0.3.0.dev2-py3-none-any.whl.
File metadata
- Download URL: tigrbl_kms-0.3.0.dev2-py3-none-any.whl
- Upload date:
- Size: 16.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.8.16
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
543b5b481b0857f8b03566fc923d17bfe674ecd572c92837f384a7545e520d7a
|
|
| MD5 |
bc8d8914f7084f3d10372d0077d81518
|
|
| BLAKE2b-256 |
37ce54dda552e5b4aeb7b149e4cf763cb8d1267c949b107d0d3861671d09ca37
|
