Demos
Runnable reference deployments for KeyRack.
FOSS demos (open source)
Section titled “FOSS demos (open source)”Each demo is a docker compose up away in the keyrack-oss repository:
| Demo | What it shows | Provider |
|---|---|---|
| 01-foss-vault | Key lifecycle with Vault Transit | Vault |
| 02-foss-softhsm | HSM-backed crypto via PKCS#11 | SoftHSM |
| 04-hyok-full-stack | AuthN + AuthZ + Audit + HYOK disconnect | SoftHSM + NATS + Cedar |
| 06-provider-routing | Tag-driven routing across HSM partitions | 2× SoftHSM tokens |
Run all FOSS demos with pass/fail summary:
git clone https://github.com/KeyRack-io/keyrack.gitcd keyrack./run-foss-demos.shKubernetes demo (FOSS)
Section titled “Kubernetes demo (FOSS)”Requires kind + kubectl (not Docker Compose):
| Demo | What it shows | Platform |
|---|---|---|
| 07-k8s-sidecar | App + KeyRack sidecar in one pod, Postgres + Cedar | kind |
Commercial demos (proprietary)
Section titled “Commercial demos (proprietary)”AWS KMS shim demos ship with commercial extensions:
| Demo | What it shows | License |
|---|---|---|
| 03-aws-kms-shim | AWS SDK → KeyRack shim | Commercial |
| 05-hyok-aws-shim | HYOK with AWS SDK compatibility | Commercial |
These live in keyrack-commercial/demos/ — contact commercial licensing for access.
Recommended starting points
Section titled “Recommended starting points”- New to KeyRack? Start with 01-foss-vault or the README quickstart.
- Brownfield AWS migration? Commercial demo 03 (AWS KMS shim).
- HYOK and audit? 04-hyok-full-stack.
- Multi-provider routing? 06-provider-routing.