Rename to citadel

README.md

@@ -1,21 +1,21 @@
-# Welcome to KMS!
+# Welcome to Citadel!
 
-KMS is a simple daemon that implements the Kubernetes Key Management Service
+Citadel (c5l) is a simple daemon that implements the Kubernetes Key Management Service (KMS)
 interface by acquiring a key encryption key (KEK) from an arbitrary command.
 This makes it easy to plug in your own key management solution as a simple unix
 command that returns the KEK.
 
 ## How does it work?
 
-When KMS starts, it runs the command you provide it. This command returns the
-KEK on standard output. If this command fails during startup, the KMS will exit.
+When c5l starts, it runs the command you provide it. This command returns the
+KEK on standard output. If this command fails during startup, c5l will exit.
 Otherwise, it will use the KEK from the command to encrypt and decrypt input
 from Kubernetes.
 
-KMS caches the KEK, and thus does not call the command on every incoming
+c5l caches the KEK, and thus does not call the command on every incoming
 request. The time limit of this cache is specified by the `timeout` argument.
-If the KMS is not able to refresh the cache after trying several times, it will
-purge the KEK and report errors to Kubernetes. If the KMS eventually succeeds
+If c5l is not able to refresh the cache after trying several times, it will
+purge the KEK and report errors to Kubernetes. If c5l eventually succeeds
 in acquiring the KEK, normal operation will resume.
 
 To specify the socket to create, use the `endpoint` argument. Otherwise,
@@ -29,7 +29,7 @@ socket activation is assumed.
 
 ### Optional
 
- * `--endpoint string`: the listen address (ex. `unix:///tmp/kms.sock`)
+ * `--endpoint string`: the listen address (ex. `unix:///tmp/socket`)
 
  * `--timeout duration`: maximum time to cache KEK locally (default 1h)
 

cmd/citadel/citadel.go

@@ -0,0 +1,13 @@
+package main
+
+import (
+	"log"
+
+	"github.com/enj/citadel/pkg/cmd/citadel"
+)
+
+func main() {
+	if err := citadel.Execute(); err != nil {
+		log.Fatal(err)
+	}
+}

pkg/api/constants.go

@@ -0,0 +1,7 @@
+package api
+
+const (
+	Name      = "citadel"
+	ShortName = "c5l"
+	Version   = "v0.0.2" // TODO embed git sha on build
+)

pkg/cmd/kms/execute.go → pkg/cmd/citadel/execute.go

@@ -1,10 +1,10 @@
-package kms
+package citadel
 
 import (
-	"github.com/enj/kms/api/v1beta1"
-	"github.com/enj/kms/pkg/encryption/prefix"
-	"github.com/enj/kms/pkg/kek"
-	"github.com/enj/kms/pkg/kms"
+	"github.com/enj/citadel/api/v1beta1"
+	"github.com/enj/citadel/pkg/encryption/prefix"
+	"github.com/enj/citadel/pkg/kek"
+	"github.com/enj/citadel/pkg/kms"
 
 	"google.golang.org/grpc"
 )

pkg/cmd/kms/options.go → pkg/cmd/citadel/options.go

@@ -1,4 +1,4 @@
-package kms
+package citadel
 
 import (
 	"flag"
@@ -8,8 +8,8 @@ import (
 	"os"
 	"time"
 
-	"github.com/enj/kms/pkg/encryption"
-	"github.com/enj/kms/pkg/encryption/aes"
+	"github.com/enj/citadel/pkg/encryption"
+	"github.com/enj/citadel/pkg/encryption/aes"
 )
 
 const (
@@ -48,7 +48,7 @@ var (
 )
 
 func init() {
-	flag.StringVar(&args.endpoint, "endpoint", "", `the listen address (ex. unix:///tmp/kms.sock)`)
+	flag.StringVar(&args.endpoint, "endpoint", "", `the listen address (ex. unix:///tmp/socket)`)
 	flag.StringVar(&args.command, "command", "", "the command to retrieve the key encryption key")
 	flag.StringVar(&args.mode, "mode", encryptionModes[0].Name, fmt.Sprintf("encryption mode to use, the options are %s", encryptionModes))
 	flag.DurationVar(&args.timeout, "timeout", time.Hour, "maximum time to cache KEK locally")

pkg/encryption/aes/cbc.go

@@ -8,8 +8,8 @@ import (
 	"errors"
 	"io"
 
-	"github.com/enj/kms/pkg/encryption"
-	"github.com/enj/kms/pkg/kek"
+	"github.com/enj/citadel/pkg/encryption"
+	"github.com/enj/citadel/pkg/kek"
 )
 
 func NewAESCBCService(kek kek.KeyEncryptionKeyService) (encryption.EncryptionService, error) {

pkg/encryption/encryption.go

@@ -3,7 +3,7 @@ package encryption
 import (
 	"fmt"
 
-	"github.com/enj/kms/pkg/kek"
+	"github.com/enj/citadel/pkg/kek"
 )
 
 type EncryptionService interface {

pkg/encryption/prefix/prefix.go

@@ -5,16 +5,14 @@ import (
 	"errors"
 	"strings"
 
-	"github.com/enj/kms/pkg/encryption"
+	"github.com/enj/citadel/pkg/api"
+	"github.com/enj/citadel/pkg/encryption"
 )
 
-const (
-	kmsName = "ck"
-	sep     = ":"
-)
+const sep = ":"
 
 func NewPrefixEncryption(mode encryption.EncryptionMode, delegate encryption.EncryptionService) encryption.EncryptionService {
-	modeStr := strings.Join([]string{kmsName, mode.Name, mode.Version}, sep)
+	modeStr := strings.Join([]string{api.ShortName, mode.Name, mode.Version}, sep)
 	return &prefixEncryption{
 		prefix:   []byte(sep + modeStr + sep),
 		delegate: delegate,

pkg/kms/kms.go

@@ -3,22 +3,19 @@ package kms
 import (
 	"fmt"
 
-	"github.com/enj/kms/api/v1beta1"
-	"github.com/enj/kms/pkg/encryption"
+	"github.com/enj/citadel/api/v1beta1"
+	"github.com/enj/citadel/pkg/api"
+	"github.com/enj/citadel/pkg/encryption"
 
 	"golang.org/x/net/context"
 )
 
-const (
-	version        = "v1beta1"
-	runtimeName    = "kms_cmd"
-	runtimeVersion = "0.0.1" // TODO embed git sha on build
-)
+const kmsAPIVersion = "v1beta1"
 
 var apiVersionResponse = &v1beta1.VersionResponse{
-	Version:        version,
-	RuntimeName:    runtimeName,
-	RuntimeVersion: runtimeVersion,
+	Version:        kmsAPIVersion,
+	RuntimeName:    api.Name,
+	RuntimeVersion: api.Version,
 }
 
 func NewKeyManagementService(service encryption.EncryptionService) v1beta1.KeyManagementServiceServer {
@@ -67,8 +64,8 @@ func (k *kms) Encrypt(ctx context.Context, req *v1beta1.EncryptRequest) (*v1beta
 }
 
 func checkVersion(v string) error {
-	if v != version {
-		return fmt.Errorf("unsupported version %q, use %q", v, version)
+	if v != kmsAPIVersion {
+		return fmt.Errorf("unsupported version %q, use %q", v, kmsAPIVersion)
 	}
 	return nil
 }