Skip to content
KeyRack

Benchmarks

Performance numbers for KeyRack will be published from a pinned reference platform with reproducible methodology. No fabricated numbers appear on this page.

Status

Section titled “Status”

Results pending. The NFR benchmark harness is planned for Phase 1.5. When complete, this page will publish throughput (ops/sec) and latency (p50/p95/p99) for hot paths on the reference platform.

What will be measured

Section titled “What will be measured”
  • Hot paths: Encrypt, Decrypt, GenerateDataKey, CreateKey, Sign/Verify
  • By provider profile:
    • Software (RustCrypto) — upper bound, no HSM
    • SoftHSM (PKCS#11) — HSM code path without hardware cost
    • Network HSM / KMIP / Vault — realistic production ceiling (backend is the bottleneck)
  • Storage: PostgreSQL (production default)
  • Variables: PDP on/off, cache hit vs miss

Reference platform (to be confirmed)

Section titled “Reference platform (to be confirmed)”

One platform will be pinned for comparable numbers across releases:

  • Cloud: c7i.2xlarge (8 vCPU — reproducible, widely accessible)
  • Optional: bare-metal column as on-prem upper bound

Methodology (to be published)

Section titled “Methodology (to be published)”
  • Exact instance type, kernel, Postgres version/config, provider versions
  • Workload mix and payload sizes
  • Warm-up and measurement durations, concurrency levels
  • How the backend’s own ceiling was measured (honest HSM-bound numbers)

Harness tools

Section titled “Harness tools”
  • gRPC load via ghz
  • REST/HTTP via k6
  • Machine-readable JSON results for regression tracking

Benchmarks run in gated CI alongside conformance tests — not on every PR.

See also: Operator guide · Demos