keystore: Managing stores of secret things

This is a package candidate release! Here you can preview how this package release will appear once published to the main package index (which can be accomplished via the 'maintain' link below). Please note that once a package has been published to the main package index it cannot be undone! Please consult the package uploading documentation for more information.


Writing deployment scripts is a critical yet error-prone activity which we would rather do in Haskell. One of the most difficult aspect of deployment scripts is the management of credentials: they cannot be stored in the VCS like almost everything else, but need to be organised and accessed while under lock and key. This is the problem that keystore is trying to solve: flexible, secure and well-typed deployment scripts.

All Haskell

This package is written purely in Hakell and all of the cryptographic packages it relies upon are written in Haskell.

JSON Format

It stores everything in a JSON format that has proven to be stable. We can can use migrations in future should the store need to be reorganized.

Simple and Flexible Underlying Model

The Onion

Perhaps apropriately, the keystore package has several layers. Most users will probably need only the top "batteries-included" layer:

Launch Instructions

See the bottom README on GitHub home page for launch instructions for the deploy example.

0.5 Migration instructions

The formation of the names used in Data.Keystore.Sections derived keystores has changed to fix an issue (#3) that barred hosts, sections and key identifiers from being prefixes of each other. See the changelog for details, especially on how to ensure that an existing Sections-based keystore gets migrated properly.


Change logchangelog
Dependenciesaeson (>=0.6.2), aeson-pretty (>=0.7), api-tools (>=0.4), asn1-encoding (>=0.8.0), asn1-types (>=0.2.0), base (>4 && <5), base64-bytestring (>=1.0), byteable (>=0.1), bytestring (>=0.9), cipher-aes (>=0.2.6), containers (>=0.4), crypto-pubkey (>=0.2.1), crypto-random (>=0.0.7), directory (>=1.2), filepath (>=1.3), keystore, lens (>=3.9.2), mtl (>=2), old-locale (>=, optparse-applicative (>=0.9.0), pbkdf (>=, raw-strings-qq (>=1.0.2), regex-compat-tdfa (>=0.95.1), safe (>=0.3.3), text (>=0.11.3), time (>=1.4), unordered-containers (>=, vector (>= [details]
CopyrightChris Dornan
AuthorChris Dornan
Home page
Source repositoryhead: git clone
Executablesdeploy, ks
UploadedWed Jul 30 16:14:54 UTC 2014 by ChrisDornan




Use -f <flag> to enable a flag, or -f -<flag> to disable that flag. More info


Maintainers' corner

For package maintainers and hackage trustees