A small CLI to generate / recover keys and tokens from the Key Management service
- Install dependencies
yarn install- Run the build command to transpile the Typescript to Javascript. This will output to the
./distfolder.
yarn build- To enable running CLI commands locally link the project to your global NPM folder. This must be done with
npm linksinceyarn linkdoes not linkbinfiles.
npm link --no-package-lockOnce the bin is linked you can learn more about its usage by running
keyman --helpThe CLI uses client side TLS for authentication (as well as JWT if the --token flag is specified). If you generated certificates on the server (using make certificates) then the certificates should match one to one as follows
| Server | CLI |
|---|---|
| ./ssl/ca-cert.pem | ./ssl/server-ca.pem |
| ./ssl/client-cert.pem | ./ssl/client-cert.pem |
| ./ssl/client-key.pem | ./ssl/client-key.pem |
Although of course, the server should be configurable against any client CA, and vice-versa
- Create client certificates
For self-signed certificates use the script provided in /utilities.
Send the file
client-ca-cert.pemto Riddle&Code. - Get CA certificate from Riddle&Code for the instance to be used, rename it to
rnc-ca-cert.pemand store it in the directoryssl. - Generate a new keypair and save the mnemonic phrase
keyman -u <server> -c ssl/client-cert.pem -k ssl/client-key.pem -a ssl/rnc-ca-cert.pem generate - Recover from the mnemonic phrase
keyman -u ckm-s1s-dev.r3c.network:8443 -c ssl/client-cert.pem -k ssl/client-key.pem -a ssl/rnc-ca-cert.pem recover - Generate a token for authentication
keyman -u <server> -c ssl/client-cert.pem -k ssl/client-key.pem -a ssl/rnc-ca-cert.pem token