Skip to content
@openkcm

Open Key Chain Manager

README.md

Welcome to the Open Key Chain Manager (OpenKCM)

👋 Welcome to the official OpenKCM. We are part of ApeiroRA which is an Important Project of Common European Interest.

🌐 ApeiroRA?

ApeiroRA is a reference blueprint for an open, flexible, secure, and compliant next-generation cloud-edge continuum and therefore a key contribution to IPCEI-CIS. At a high level, the projects of ApeiroRA allow users to provider-agnostically fetch, request and consume services, and for service providers to describe, offer and provision their services.

By being open source, ApeiroRA provides a cross-border spillover effect, solidifying the foundation and future of the project.

Learn more about ApeiroRA by checking out the official website at https://apeirora.eu/.

👥 Get Involved

We welcome contributions of all kinds, from code to documentation, testing, and design. If you're interested in getting involved, check out our open issues. You can have look at our current road map to have a better overview of our planned features: Road Map

🌈 Code of Conduct

To facilitate a nice environment for all, check out our Code of Conduct.

👩‍💻 Useful Resources

  • Documentation - Architecture Decision Records (ADRs), use cases, and developer guides.

Current Use Cases

OpenKCM provides cryptographic key management capabilities for cloud-native environments. Our current focus areas include:

  • L1 Key Operations - Customer Master Key (CMK) operations including key creation, rotation, and lifecycle management via OpenBao Transit Keys
  • Crypto Layer (Krypton) - Internal Versioned Key (IVK) management with algorithm-agnostic encryption and automatic key rotation
  • Tenant & System Management - Multi-tenant isolation with secure identity propagation
  • Plugin Architecture - Extensible keystore and identity management plugins for various backend integrations (AWS KMS, GCP KMS, Azure Key Vault, HSM/PKCS#11)
  • Platform Mesh Integration - Seamless integration with the Apeiro Platform Mesh for multi-tenant key management

Popular repositories Loading

  1. orbital orbital Public

    Orbital is an open-source framework crafted to synchronize resources seamlessly across system boundaries. Achieving eventual consistency, it offers real-time introspection to report resource states…

    Go 4 1

  2. registry registry Public

    Registry Service is a Go application that provides (g)RPCs for managing Tenants and Systems

    Go 2

  3. .github .github Public

    Default community health files for the SAP organization

  4. repository-template repository-template Public template

    Default templates of SAP's repositories. Provides template files including LICENSE, .reuse/dep5, Code of Conduct, etc...

    Makefile 1

  5. plugin-sdk plugin-sdk Public

    Defines different Plugin APIs used by different Key Chain Manager (KCM) services/components. Does define the API to manage plugins over the given configuration.

    Go 7

  6. cmk cmk Public

    KCM Customer Managed Key (CMK) allows customers to have control over the master key used to protect subordinate keys in the hierarchy. This empowers customers to revoke access to their encrypted da…

    Go 2

Repositories

Showing 10 of 27 repositories
  • orbital Public

    Orbital is an open-source framework crafted to synchronize resources seamlessly across system boundaries. Achieving eventual consistency, it offers real-time introspection to report resource states with ease. Simplifying resource management, it requires consumers to implement only a single functional operator, eliminating the need for on-site da...

    openkcm/orbital’s past year of commit activity
    Go 4 Apache-2.0 1 0 3 Updated Feb 13, 2026
  • cmk Public

    KCM Customer Managed Key (CMK) allows customers to have control over the master key used to protect subordinate keys in the hierarchy. This empowers customers to revoke access to their encrypted data, if necessary, enhancing data control and reducing the risk of unauthorized access. Key features include support for Bring Your Own Key (BYOK), whe...

    openkcm/cmk’s past year of commit activity
    Go 0 Apache-2.0 2 10 14 Updated Feb 13, 2026
  • plugin-sdk Public

    Defines different Plugin APIs used by different Key Chain Manager (KCM) services/components. Does define the API to manage plugins over the given configuration.

    openkcm/plugin-sdk’s past year of commit activity
    Go 0 Apache-2.0 7 0 3 Updated Feb 12, 2026
  • extauthz Public

    KCM External Authorization module, verifying if the requestor is allowed to make the call.

    openkcm/extauthz’s past year of commit activity
    Go 0 Apache-2.0 1 0 3 Updated Feb 12, 2026
  • blueprints Public
    openkcm/blueprints’s past year of commit activity
    Go 0 Apache-2.0 0 2 0 Updated Feb 12, 2026
  • identity-management-plugins Public

    Identity Management plugins

    openkcm/identity-management-plugins’s past year of commit activity
    Go 0 Apache-2.0 2 2 5 Updated Feb 12, 2026
  • cmk-ui Public

    CMK User Interface

    openkcm/cmk-ui’s past year of commit activity
    TypeScript 0 Apache-2.0 1 7 4 Updated Feb 12, 2026
  • registry Public

    Registry Service is a Go application that provides (g)RPCs for managing Tenants and Systems

    openkcm/registry’s past year of commit activity
    Go 2 Apache-2.0 0 0 2 Updated Feb 12, 2026
  • session-manager Public

    Session Manager

    openkcm/session-manager’s past year of commit activity
    Go 0 Apache-2.0 0 0 4 Updated Feb 12, 2026
  • container-images Public
    openkcm/container-images’s past year of commit activity
    0 0 5 2 Updated Feb 11, 2026
View all repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Most used topics

kcm kms cmk