scriptos/keywarden
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity
Files
master
keywarden/docs
History
Patrick Asmus (scriptos) c2b96563cb remove: login card style dropdown and subtitle setting, glass effect now always active
2026-04-09 22:20:36 +02:00
..
admin-guide.md
remove: login card style dropdown and subtitle setting, glass effect now always active
2026-04-09 22:20:36 +02:00
api-reference.md
Release: v0.1.0-alpha
2026-04-05 16:56:16 +02:00
architecture.md
docs: update architecture, security and contributing docs for gzip and font subsetting
2026-04-08 22:32:51 +02:00
backup-restore.md
feat: add login page customization (background image, glass card style, subtitle)
2026-04-08 23:12:30 +02:00
contributing.md
docs: update architecture, security and contributing docs for gzip and font subsetting
2026-04-08 22:32:51 +02:00
deployment.md
feat: add TZ timezone support for all displayed timestamps
2026-04-09 13:37:51 +02:00
email.md
Release: v0.1.0-alpha
2026-04-05 16:56:16 +02:00
environment-variables.md
remove: login card style dropdown and subtitle setting, glass effect now always active
2026-04-09 22:20:36 +02:00
quickstart.md
docs: add secure key generation guide for session and encryption keys
2026-04-05 17:58:02 +02:00
README.md
feat: add Bastillion-style SSH key enforcement worker
2026-04-06 00:17:03 +02:00
roles.md
feat: allow owner to deploy system master key from deploy page
2026-04-08 21:37:27 +02:00
security.md
docs: update architecture, security and contributing docs for gzip and font subsetting
2026-04-08 22:32:51 +02:00
troubleshooting.md
feat: add CLI password reset command (docker exec reset-password)
2026-04-05 22:17:46 +02:00
user-guide.md
feat: add login page customization (background image, glass card style, subtitle)
2026-04-08 23:12:30 +02:00

README.md

Keywarden Documentation

Welcome to the official documentation for Keywarden — a self-hosted, centralized SSH key management and deployment platform.

Table of Contents

  1. Quick Start Guide — Get Keywarden running in minutes
  2. Installation & Deployment — Docker setup, reverse proxy, production deployment
  3. Architecture Overview — System design, components, technology stack
  4. User Guide — Day-to-day usage for all users
  5. Administration Guide — Server management, deployments, access assignments, cron jobs
  6. Roles & Permissions — Owner, Admin, and User role details
  7. Security — Authentication, MFA, encryption, CSRF, hardening
  8. Environment Variables — Complete configuration reference
  9. Email Configuration — SMTP setup, login notifications, invitations
  10. API Reference — Health check endpoint and internal APIs
  11. Backup & Restore — Encrypted database backup and restore
  12. Troubleshooting — Common issues and solutions
  13. Contributing — Development setup, project structure, guidelines

What is Keywarden?

Keywarden provides a clean web UI to generate, import, and securely store SSH keys (RSA, Ed25519, and Ed448) in one central place. Managed keys can then be deployed to registered Linux servers — individually or via server groups — with a single click. A complete audit log tracks every action in the system.

Key Features

  • SSH Key Management — Generate (RSA 2048/4096, Ed25519, Ed448) or import existing key pairs
  • Encrypted Storage — All private keys stored with AES-256-GCM encryption at rest
  • System Master Key — Auto-generated Ed25519 key used for all server authentication
  • Host & Group Management — Register servers, organize them into groups, deploy keys to one or many
  • Access Assignments — Map users + keys to target hosts/groups with specific system users, sudo rights, and user creation
  • Temporary Access (Cron Jobs) — Schedule time-limited access with automatic key removal, user disabling, or user deletion on expiry
  • Three-Tier Role System — Owner, Admin, and User roles with clear permission boundaries
  • User Invitations — Invite new users via secure email links with self-service password setup
  • Key Enforcement — Bastillion-style enforced key management: detect and remove unauthorized SSH keys automatically
  • TOTP Two-Factor Authentication — Optional or enforced MFA for all users
  • Password Policies — Configurable complexity requirements with account lockout
  • Email Notifications — Login alerts and invitation emails via SMTP
  • Comprehensive Audit Log — Every action logged with user, timestamp, IP address, and details
  • Encrypted Backup/Restore — Full database export with AES-256 password encryption
  • Docker-Native — Single-container deployment with SQLite, no external database needed
  • Security Hardened — CSRF protection, CSP headers, rate limiting, request size limits

Community

Have questions, ideas, or feedback? Join the Keywarden Matrix chat room:

➡️ #keywarden:techniverse.net

License

Keywarden is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0-or-later).

© 2026 Patrick Asmus (scriptos)

Reference in New Issue View Git Blame Copy Permalink