Update README.md

Signed-off-by: Andreas Auernhammer <[email protected]>
minio · Oct 28, 2023 · 310cf33 · 310cf33
1 parent bc66190
commit 310cf33
Showing 1 changed file with 39 additions and 73 deletions.
diff --git a/README.md b/README.md
@@ -14,9 +14,12 @@
 ## What is KES?
 
 KES is a distributed key management server that scales horizontally. It can either be run as edge server close to the applications
-reducing latency to and load on a central key management system (KMS) or as central key management server. Edge servers are
-self-contained stateless nodes close to the application that can be scaled up/down automatically. Central KES servers or clusters
-are stateful systems that store and manage cryptographic keys and secrets securely.
+reducing latency to and load on a central key management system (KMS) or as central key management service. KES nodes are self-contained
+stateless instances that can be scaled up and down automatically.
+
+<p align="center">
+  <img src='.github/arch.png?sanitize=true' width='70%'>
+</p>
 
 ## Install
 
@@ -39,19 +42,28 @@ docker pull minio/kes
 
 <details><summary><b><a name="binary-releases">Binary Releases</a></b></summary>
 
-| OS       | ARCH    | Binary                                                                                       |
-|:--------:|:-------:|:--------------------------------------------------------------------------------------------:|
-| Linux    | amd64   | [linux-amd64](https://github.com/minio/kes/releases/latest/download/kes-linux-amd64)         |
-| Linux    | arm64   | [linux-arm64](https://github.com/minio/kes/releases/latest/download/kes-linux-arm64)         |
-| Linux    | ppc64le | [linux-ppc64le](https://github.com/minio/kes/releases/latest/download/kes-linux-ppc64le)     |
-| Linux    | s390x   | [linux-s390x](https://github.com/minio/kes/releases/latest/download/kes-linux-s390x)         |
-| Apple M1 | arm64   | [darwin-arm64](https://github.com/minio/kes/releases/latest/download/kes-darwin-arm64)       |
-| Apple    | amd64   | [darwin-amd64](https://github.com/minio/kes/releases/latest/download/kes-darwin-amd64)       |
-| Windows  | amd64   | [windows-amd64](https://github.com/minio/kes/releases/latest/download/kes-windows-amd64.exe) |
+| OS      | ARCH    | Binary                                                                                       |
+|:-------:|:-------:|:--------------------------------------------------------------------------------------------:|
+| linux   | amd64   | [linux-amd64](https://github.com/minio/kes/releases/latest/download/kes-linux-amd64)         |
+| linux   | arm64   | [linux-arm64](https://github.com/minio/kes/releases/latest/download/kes-linux-arm64)         |
+| darwin  | arm64   | [darwin-arm64](https://github.com/minio/kes/releases/latest/download/kes-darwin-arm64)       |
+| windows | amd64   | [windows-amd64](https://github.com/minio/kes/releases/latest/download/kes-windows-amd64.exe) |
 
-You can also verify the binary with [minisign](https://jedisct1.github.io/minisign/) by downloading the corresponding [`.minisig`](https://github.com/minio/kes/releases/latest) signature file. Then run:
+Download the binary via `curl` but replace `<OS>` and `<ARCH>` with your operating system and CPU architecture.
+```
+curl -sSL --tlsv1.2 'https://github.com/minio/kes/releases/latest/download/kes-<OS>-<ARCH>' -o ./kes
+```
+```
+chmod +x ./kes
+```
+
+You can also verify the binary with [minisign](https://jedisct1.github.io/minisign/) by downloading the corresponding [`.minisig`](https://github.com/minio/kes/releases/latest) signature file. 
+Run:
+```
+curl -sSL --tlsv1.2 'https://github.com/minio/kes/releases/latest/download/kes-<OS>-<ARCH>.minisig' -o ./kes.minisig
 ```
-minisign -Vm kes-<OS>-<ARCH> -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav
+```
+minisign -Vm ./kes -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav
 ```
 </details>   
 
@@ -67,90 +79,44 @@ go install github.com/minio/kes/cmd/kes@latest
 
 ## Quick Start
 
-We run a public KES instance at `https://play.min.io:7373` for you to experiment with.
-You can interact with our play instance either via the KES CLI or cURL. Alternatively, you can
-get started by setting up your own KES server in less than five minutes.
+We run a public KES instance at `https://play.min.io:7373` as playground.
+You can interact with our play instance either via the KES CLI or cURL.
+Alternatively, you can get started by setting up your own KES server in
+less than five minutes.
 
-<details><summary><b>CLI</b></summary>
+<details><summary><b>First steps</b></summary>
 
 #### 1. Configure CLI
-We point the KES CLI to the KES server at `https://play.min.io:7373` and use the following API key:
+Point the KES CLI to the KES server at `https://play.min.io:7373` and use the following API key:
 ```sh
 export KES_SERVER=https://play.min.io:7373
 export KES_API_KEY=kes:v1:AD9E7FSYWrMD+VjhI6q545cYT9YOyFxZb7UnjEepYDRc
 ```
 
 #### 3. Create a Key
-Next, we can create a new root encryption key - e.g. `my-key`.
+Create a new root encryption key - e.g. `my-key`.
 ```
 kes key create my-key
 ```
 > Note that creating a new key will fail with `key already exist` if it already exist.
 
 #### 4. Generate a DEK
-Now, you can use that key to derive a new data encryption keys (DEK).
+Derive a new data encryption keys (DEK).
 ```sh
 kes key dek my-key
 ```
 The plaintext part of the DEK would be used by an application to encrypt some data.
 The ciphertext part of the DEK would be stored alongside the encrypted data for future
 decryption.
-
-</details>   
-
-<details><summary><b>Server</b></summary>
-
-For a quickstart setup take a look at our [FS guide](https://github.com/minio/kes/wiki/Filesystem-Keystore).
-For further references checkout our list of key store [guides](https://github.com/minio/kes/wiki#guides).
-
-</details>
-
-<details><summary><b>cURL</b></summary>
-
-#### 1. Fetch Admin Credentials
-
-As an initial step, you will need to download the private key and certificate
-to authenticate to the KES server as the admin.
-```sh
-curl -sSL --tlsv1.2 \
-   -O 'https://raw.githubusercontent.com/minio/kes/master/root.key' \
-   -O 'https://raw.githubusercontent.com/minio/kes/master/root.cert'
-```
-
-#### 2. Create a Key   
-Next, we can create a new root encryption key - e.g. `my-key`.
-```sh
-curl -sSL --tlsv1.3 \
-    --key root.key \
-    --cert root.cert \
-    -X POST 'https://play.min.io:7373/v1/key/create/my-key'
-```
-> Note that creating a new key will fail with `key already exist` if it already exist.
-
-#### 3. Generate a DEK
-Now, you can use that key to derive a new data encryption keys (DEK).
-```sh
-curl -sSL --tlsv1.3 \
-    --key root.key \
-    --cert root.cert \
-    --data '{}' \
-    -X POST 'https://play.min.io:7373/v1/key/generate/my-key'
-```
-The plaintext part of the DEK would be used by an application to encrypt some data.
-The ciphertext part of the DEK would be stored alongside the encrypted data for future
-decryption.
-
-#### 4. Further References
-
-For a comprehensive list of REST API endpoints refer to the KES [API overview](https://github.com/minio/kes/wiki/Server-API).
-
-</details>
 
+</details>   
+
 ## Docs
 
-If you want to learn more about KES checkout our [documentation](https://github.com/minio/kes/wiki).
+If you want to learn more about KES checkout our [documentation](https://min.io/docs/kes/).
  - [Integration Guides](https://github.com/minio/kes/wiki#supported-kms-targets)
- - [Server API](https://github.com/minio/kes/wiki/Server-API)
+ - [Command Line](https://min.io/docs/kes/cli/#available-commands)
+ - [Server API](https://min.io/docs/kes/concepts/server-api/)
  - [Go SDK](https://pkg.go.dev/github.com/minio/kes-go)
 
 ## FAQs