Hello Hacker News,<p>I built a cryptographic network service (CNS) to serve as a key vault. The idea is to deploy this on a dedicated host to effectively create a hardware security module (HSM) but one that communicates through an HTTPS REST API and can be extended to execute any cryptographic operation.<p>Features:<p>- Password hashing using Argon2id and signing JWTs with HS256. More cryptographic operations can be easily added as needed.<p>- Password hashing and JWT signing over HTTPS. Keys never leave the vault.
- Multiple clients (i.e. users of the keys in the key vault) with one or more keys.<p>- An admin CLI for key management tasks.<p>CNS is the first step in a larger project of mine to run my own "data center" from home and to self-host as much of my own software as possible.