README
¶
Unkey
Open Source API authentication and authorization
Contributing
We welcome contributions! To ensure your work doesn't conflict with ongoing work, please:
- Read our contributing guide
- Discuss your ideas with us in public channels (GitHub/Discord) BEFORE starting development (No private DMs)
- Get approval from a core team member
This helps us align efforts and prevents duplicated or conflicting work.
Let's talk
Authors
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
apps
|
|
|
agent
module
|
|
|
api
module
|
|
|
chproxy
module
|
|
|
event-router
module
|
|
|
tinybird-proxy
module
|
|
|
vault
module
|
|
|
cmd
|
|
|
ctrl
Package ctrl provides CLI commands for running the Unkey control plane.
|
Package ctrl provides CLI commands for running the Unkey control plane. |
|
demo_api
module
|
|
|
dev
|
|
|
linters
Package linters provides custom linter wrappers for use with Bazel's nogo framework.
|
Package linters provides custom linter wrappers for use with Bazel's nogo framework. |
|
linters/errcheck
Package errcheck provides an errcheck analyzer for use with nogo.
|
Package errcheck provides an errcheck analyzer for use with nogo. |
|
linters/exhaustive
Package exhaustive provides an exhaustive analyzer for use with nogo.
|
Package exhaustive provides an exhaustive analyzer for use with nogo. |
|
linters/exhaustruct
Package exhaustruct provides an exhaustruct analyzer for use with nogo.
|
Package exhaustruct provides an exhaustruct analyzer for use with nogo. |
|
linters/govet
Package govet provides a composite go vet analyzer for use with nogo.
|
Package govet provides a composite go vet analyzer for use with nogo. |
|
linters/ineffassign
Package ineffassign provides an ineffassign analyzer for use with nogo.
|
Package ineffassign provides an ineffassign analyzer for use with nogo. |
|
linters/nolint
Package nolint provides utilities to wrap go/analysis analyzers with support for //nolint directives, which nogo does not handle by default.
|
Package nolint provides utilities to wrap go/analysis analyzers with support for //nolint directives, which nogo does not handle by default. |
|
linters/reassign
Package reassign provides a reassign analyzer for use with nogo.
|
Package reassign provides a reassign analyzer for use with nogo. |
|
linters/unused
Package unused provides an unused analyzer for use with nogo.
|
Package unused provides an unused analyzer for use with nogo. |
|
gen
|
|
|
proto/ctrl/v1/ctrlv1connect
Package ctrl.v1 provides the Cluster service for multi-cluster deployment orchestration.
|
Package ctrl.v1 provides the Cluster service for multi-cluster deployment orchestration. |
|
go
module
|
|
|
deploy/assetmanagerd
module
|
|
|
deploy/billaged
module
|
|
|
deploy/builderd
module
|
|
|
deploy/metald
module
|
|
|
deploy/metald/client
module
|
|
|
deploy/pkg/health
module
|
|
|
deploy/pkg/spiffe
module
|
|
|
deploy/pkg/tls
module
|
|
|
deploy/pkg/tracing
module
|
|
|
internal
|
|
|
services/auditlogs
Package auditlogs provides audit logging services for tracking user actions and system events across the Unkey platform.
|
Package auditlogs provides audit logging services for tracking user actions and system events across the Unkey platform. |
|
services/caches
Package caches provides a centralized caching service for commonly accessed database entities.
|
Package caches provides a centralized caching service for commonly accessed database entities. |
|
services/keys
Package keys implements a comprehensive key management and verification system for API keys with support for rate limiting, usage tracking, permissions, and workspace isolation.
|
Package keys implements a comprehensive key management and verification system for API keys with support for rate limiting, usage tracking, permissions, and workspace isolation. |
|
services/keys/metrics
Package metrics provides Prometheus metric collectors for monitoring application performance.
|
Package metrics provides Prometheus metric collectors for monitoring application performance. |
|
services/ratelimit
Package ratelimit implements a distributed rate limiting system using a sliding window algorithm with cluster-wide state synchronization.
|
Package ratelimit implements a distributed rate limiting system using a sliding window algorithm with cluster-wide state synchronization. |
|
services/ratelimit/metrics
Package metrics provides Prometheus metric collectors for monitoring application performance.
|
Package metrics provides Prometheus metric collectors for monitoring application performance. |
|
services/usagelimiter/metrics
Package metrics provides Prometheus metric collectors for monitoring application performance.
|
Package metrics provides Prometheus metric collectors for monitoring application performance. |
|
pkg
|
|
|
array
Package array provides generic utility functions for slice generation and manipulation.
|
Package array provides generic utility functions for slice generation and manipulation. |
|
assert
Package assert provides simple assertion utilities for validating conditions and inputs throughout the application.
|
Package assert provides simple assertion utilities for validating conditions and inputs throughout the application. |
|
auditlog
Package auditlog defines types and constants for the audit logging system.
|
Package auditlog defines types and constants for the audit logging system. |
|
base58
Package base58 implements Base58 encoding for binary data.
|
Package base58 implements Base58 encoding for binary data. |
|
batch
Package batch provides utilities for efficiently processing items in batches.
|
Package batch provides utilities for efficiently processing items in batches. |
|
batch/metrics
Package metrics provides Prometheus metric collectors for monitoring application performance.
|
Package metrics provides Prometheus metric collectors for monitoring application performance. |
|
buffer
Package buffer provides a generic buffered channel implementation with configurable capacity and drop behavior.
|
Package buffer provides a generic buffered channel implementation with configurable capacity and drop behavior. |
|
buffer/metrics
Package metrics provides Prometheus metric collectors for monitoring application performance.
|
Package metrics provides Prometheus metric collectors for monitoring application performance. |
|
cache
Package cache provides a generic, thread-safe caching system with support for time-based expiration, custom eviction policies, and observability.
|
Package cache provides a generic, thread-safe caching system with support for time-based expiration, custom eviction policies, and observability. |
|
cache/clustering
nolint: all
|
nolint: all |
|
circuitbreaker
Package circuitbreaker implements the Circuit Breaker pattern to prevent cascading failures when dependent services are unavailable or experiencing high latency.
|
Package circuitbreaker implements the Circuit Breaker pattern to prevent cascading failures when dependent services are unavailable or experiencing high latency. |
|
cli
Package cli provides a command-line interface framework for building CLI applications.
|
Package cli provides a command-line interface framework for building CLI applications. |
|
clickhouse
Package clickhouse provides a client for interacting with ClickHouse databases, optimized for high-volume event data storage and analytics.
|
Package clickhouse provides a client for interacting with ClickHouse databases, optimized for high-volume event data storage and analytics. |
|
clock
Package clock provides a flexible interface for time-related operations, allowing for consistent time handling in both production and test environments.
|
Package clock provides a flexible interface for time-related operations, allowing for consistent time handling in both production and test environments. |
|
cluster
Package cluster provides a two-tier gossip-based cluster membership using hashicorp/memberlist (SWIM protocol).
|
Package cluster provides a two-tier gossip-based cluster membership using hashicorp/memberlist (SWIM protocol). |
|
codes
Code generated by generate.go; DO NOT EDIT.
|
Code generated by generate.go; DO NOT EDIT. |
|
config
Package config loads and validates TOML configuration into Go structs using struct tags for defaults and constraints.
|
Package config loads and validates TOML configuration into Go structs using struct tags for defaults and constraints. |
|
counter
Package counter provides abstractions and implementations for distributed counters.
|
Package counter provides abstractions and implementations for distributed counters. |
|
ctxutil
Package ctxutil provides utilities for working with context.Context, specifically focused on storing and retrieving request-scoped values.
|
Package ctxutil provides utilities for working with context.Context, specifically focused on storing and retrieving request-scoped values. |
|
db
Package db provides a database access layer for MySQL with support for read/write splitting, connection management, and type-safe SQL operations.
|
Package db provides a database access layer for MySQL with support for read/write splitting, connection management, and type-safe SQL operations. |
|
db/plugins/bulk-insert
command
Package main provides a sqlc plugin that generates bulk insert functions.
|
Package main provides a sqlc plugin that generates bulk insert functions. |
|
dns
Package dns provides DNS lookup utilities using Cloudflare's 1.1.1.1 resolver.
|
Package dns provides DNS lookup utilities using Cloudflare's 1.1.1.1 resolver. |
|
dockertest
Package dockertest provides lightweight Docker container management for integration tests.
|
Package dockertest provides lightweight Docker container management for integration tests. |
|
fault
Package fault provides a clean, concise error handling system designed for building robust applications with rich error context and secure user messaging.
|
Package fault provides a clean, concise error handling system designed for building robust applications with rich error context and secure user messaging. |
|
fuzz
Package fuzz provides utilities for consuming fuzzer-generated byte slices and converting them into typed Go values.
|
Package fuzz provides utilities for consuming fuzzer-generated byte slices and converting them into typed Go values. |
|
hash
Package hash provides cryptographic hashing utilities for various security-related operations such as API key validation, data integrity checks, and signatures.
|
Package hash provides cryptographic hashing utilities for various security-related operations such as API key validation, data integrity checks, and signatures. |
|
healthcheck
Package healthcheck provides push-based health monitoring for scheduled tasks.
|
Package healthcheck provides push-based health monitoring for scheduled tasks. |
|
jwt
Package jwt provides JSON Web Token signing and verification with algorithm-pinned security to prevent algorithm confusion attacks.
|
Package jwt provides JSON Web Token signing and verification with algorithm-pinned security to prevent algorithm confusion attacks. |
|
logger
Package logger provides wide-event logging with tail sampling support.
|
Package logger provides wide-event logging with tail sampling support. |
|
match
Package match provides pattern matching utilities.
|
Package match provides pattern matching utilities. |
|
mysql
Package mysql provides a minimal shared MySQL abstraction for backend services.
|
Package mysql provides a minimal shared MySQL abstraction for backend services. |
|
mysql/metrics
Package metrics defines Prometheus metrics used by pkg/mysql wrappers.
|
Package metrics defines Prometheus metrics used by pkg/mysql wrappers. |
|
prefixedapikey/cmd
command
|
|
|
prometheus
Package prometheus provides HTTP server infrastructure for exposing Prometheus metrics.
|
Package prometheus provides HTTP server infrastructure for exposing Prometheus metrics. |
|
prometheus/metrics
Package metrics provides Prometheus metric collectors for monitoring Unkey services.
|
Package metrics provides Prometheus metric collectors for monitoring Unkey services. |
|
prompt
Package prompt provides interactive terminal prompts for CLI applications.
|
Package prompt provides interactive terminal prompts for CLI applications. |
|
prompt/example
command
|
|
|
prompt/example/date
command
|
|
|
prompt/example/datetime
command
|
|
|
prompt/example/multiselect
command
|
|
|
prompt/example/select
command
|
|
|
prompt/example/time
command
|
|
|
prompt/example/wizard
command
|
|
|
rbac
Package rbac implements a flexible Role-Based Access Control system for managing permissions and authorization checks.
|
Package rbac implements a flexible Role-Based Access Control system for managing permissions and authorization checks. |
|
restate/admin
Package admin provides a client for the Restate admin API.
|
Package admin provides a client for the Restate admin API. |
|
retry
Package retry provides functionality to retry operations with configurable attempts and backoff.
|
Package retry provides functionality to retry operations with configurable attempts and backoff. |
|
spiffe
Package spiffe provides SPIFFE-based mTLS configuration for HTTP clients.
|
Package spiffe provides SPIFFE-based mTLS configuration for HTTP clients. |
|
testutil/containers
Package containers provides testing utilities for integration tests with docker-compose services.
|
Package containers provides testing utilities for integration tests with docker-compose services. |
|
timing
Package timing defines a small, strict header format for server-side timing data and provides helpers to record it through zen sessions.
|
Package timing defines a small, strict header format for server-side timing data and provides helpers to record it through zen sessions. |
|
tls
Package tls provides utilities for configuring TLS (Transport Layer Security) in HTTP servers.
|
Package tls provides utilities for configuring TLS (Transport Layer Security) in HTTP servers. |
|
uid
Package uid generates prefixed random identifiers for Unkey resources.
|
Package uid generates prefixed random identifiers for Unkey resources. |
|
urn
pkg/urn/urn.go
|
pkg/urn/urn.go |
|
zen
Package zen provides a lightweight HTTP framework built on top of the standard library.
|
Package zen provides a lightweight HTTP framework built on top of the standard library. |
|
zen/metrics
Package metrics provides Prometheus metric collectors for monitoring application performance.
|
Package metrics provides Prometheus metric collectors for monitoring application performance. |
|
sdks
|
|
|
golang
module
|
|
|
svc
|
|
|
api/internal/testutil
Package testutil provides integration test infrastructure for the API service.
|
Package testutil provides integration test infrastructure for the API service. |
|
api/internal/testutil/seed
Package seed provides database seeding utilities for integration tests.
|
Package seed provides database seeding utilities for integration tests. |
|
api/openapi
Package openapi provides primitives to interact with the openapi HTTP API.
|
Package openapi provides primitives to interact with the openapi HTTP API. |
|
ctrl
Package ctrl is the root package for the Unkey control plane service.
|
Package ctrl is the root package for the Unkey control plane service. |
|
ctrl/api
Package api provides the control plane HTTP/2 server for Unkey's distributed infrastructure.
|
Package api provides the control plane HTTP/2 server for Unkey's distributed infrastructure. |
|
ctrl/integration/harness
Package harness provides a unified test harness for ctrl worker integration tests.
|
Package harness provides a unified test harness for ctrl worker integration tests. |
|
ctrl/internal/auth
Package auth provides shared bearer token authentication for ctrl ConnectRPC services.
|
Package auth provides shared bearer token authentication for ctrl ConnectRPC services. |
|
ctrl/middleware
Package middleware provides authentication and authorization for control plane APIs.
|
Package middleware provides authentication and authorization for control plane APIs. |
|
ctrl/services
Package services provides Connect service implementations for the control plane.
|
Package services provides Connect service implementations for the control plane. |
|
ctrl/services/acme
Package acme provides ACME certificate challenge management.
|
Package acme provides ACME certificate challenge management. |
|
ctrl/services/cluster
Package cluster implements the Connect ClusterService for synchronizing desired state between the control plane and krane agents running in regional Kubernetes clusters.
|
Package cluster implements the Connect ClusterService for synchronizing desired state between the control plane and krane agents running in regional Kubernetes clusters. |
|
ctrl/services/ctrl
Package ctrl provides administrative and health check services.
|
Package ctrl provides administrative and health check services. |
|
ctrl/services/openapi
Package openapi provides OpenAPI specification and schema documentation.
|
Package openapi provides OpenAPI specification and schema documentation. |
|
ctrl/worker
Package worker implements the Restate workflow worker for Unkey's control plane.
|
Package worker implements the Restate workflow worker for Unkey's control plane. |
|
ctrl/worker/certificate
Package certificate implements ACME certificate workflows for SSL/TLS provisioning.
|
Package certificate implements ACME certificate workflows for SSL/TLS provisioning. |
|
ctrl/worker/clickhouseuser
Package clickhouseuser implements ClickHouse user provisioning workflows.
|
Package clickhouseuser implements ClickHouse user provisioning workflows. |
|
ctrl/worker/customdomain
Package customdomain implements domain ownership verification workflows.
|
Package customdomain implements domain ownership verification workflows. |
|
ctrl/worker/deploy
Package deploy orchestrates the deployment lifecycle for user applications.
|
Package deploy orchestrates the deployment lifecycle for user applications. |
|
ctrl/worker/deployment
Package deployment provides a Restate virtual object that serialises all mutations targeting a single deployment.
|
Package deployment provides a Restate virtual object that serialises all mutations targeting a single deployment. |
|
ctrl/worker/github
Package github provides a GitHub App client for repository access.
|
Package github provides a GitHub App client for repository access. |
|
ctrl/worker/keyrefill
Package keyrefill implements a Restate workflow for refilling API key usage limits.
|
Package keyrefill implements a Restate workflow for refilling API key usage limits. |
|
ctrl/worker/openapi
Package openapi provides a Restate virtual object that scrapes OpenAPI specifications from running user deployments.
|
Package openapi provides a Restate virtual object that scrapes OpenAPI specifications from running user deployments. |
|
ctrl/worker/quotacheck
Package quotacheck implements a Restate workflow for monitoring workspace quota usage.
|
Package quotacheck implements a Restate workflow for monitoring workspace quota usage. |
|
ctrl/worker/routing
Package routing manages frontline route assignment for deployments.
|
Package routing manages frontline route assignment for deployments. |
|
ctrl/worker/versioning
Package versioning provides per-region version counters for state synchronization.
|
Package versioning provides per-region version counters for state synchronization. |
|
demo
command
|
|
|
frontline/internal/db
Package db provides read-only database access for the frontline reverse proxy.
|
Package db provides read-only database access for the frontline reverse proxy. |
|
frontline/internal/errorpage
Package errorpage renders HTML error pages for frontline.
|
Package errorpage renders HTML error pages for frontline. |
|
frontline/services/certmanager
Package certmanager provides dynamic TLS certificate management for the frontline.
|
Package certmanager provides dynamic TLS certificate management for the frontline. |
|
frontline/services/proxy
Package proxy provides HTTP/HTTPS proxying services for the frontline.
|
Package proxy provides HTTP/HTTPS proxying services for the frontline. |
|
frontline/services/router
Package router handles routing lookups and sentinel selection for the frontline.
|
Package router handles routing lookups and sentinel selection for the frontline. |
|
krane
Package krane provides a distributed container orchestration agent for managing deployments and sentinels across Kubernetes clusters via gRPC APIs.
|
Package krane provides a distributed container orchestration agent for managing deployments and sentinels across Kubernetes clusters via gRPC APIs. |
|
krane/internal/cilium
Package cilium manages CiliumNetworkPolicy resources in Kubernetes clusters.
|
Package cilium manages CiliumNetworkPolicy resources in Kubernetes clusters. |
|
krane/internal/deployment
Package deployment manages user workload ReplicaSets in Kubernetes as part of krane's split control loop architecture.
|
Package deployment manages user workload ReplicaSets in Kubernetes as part of krane's split control loop architecture. |
|
krane/internal/sentinel
Package sentinel provides the SentinelController for managing sentinel Deployments and Services in Kubernetes.
|
Package sentinel provides the SentinelController for managing sentinel Deployments and Services in Kubernetes. |
|
krane/internal/testutil
Package testutil provides test utilities shared across krane controller tests.
|
Package testutil provides test utilities shared across krane controller tests. |
|
krane/pkg/labels
Package labels provides standardized label management for krane Kubernetes resources.
|
Package labels provides standardized label management for krane Kubernetes resources. |
|
krane/pkg/metrics
Package metrics provides Prometheus metric collectors for monitoring application performance.
|
Package metrics provides Prometheus metric collectors for monitoring application performance. |
|
vault/testutil
Package testutil provides test utilities for creating a real vault service.
|
Package testutil provides test utilities for creating a real vault service. |
|
tools
|
|
|
exportoneof
command
Command exportoneof scans protobuf-generated Go files for unexported oneof interfaces (e.g.
|
Command exportoneof scans protobuf-generated Go files for unexported oneof interfaces (e.g. |
|
generate-rpc-clients
command
generate-rpc-clients generates simplified client wrappers for Connect RPC service interfaces.
|
generate-rpc-clients generates simplified client wrappers for Connect RPC service interfaces. |
|
gha-fetch-digest
module
|
Click to show internal directories.
Click to hide internal directories.