vey-keyless Reference
vey-keyless is a server implementation of the Cloudflare Keyless SSL
protocol. It lets TLS termination infrastructure delegate private-key
operations to a separate service, which is useful when keys need to stay in a
controlled environment or behind hardware-backed crypto providers.
In a typical deployment, vey-keyless runs behind a TLS edge or gateway.
The edge service forwards keyless requests to this daemon, which loads the
requested private keys from configured stores and performs the cryptographic
operations on behalf of the edge.
The core configuration model is organized around a few main object types:
serveraccepts incoming keyless protocol requestsstoredefines where private keys are loaded frombackenddefines how signing or decryption work is executedlogandstatdefine operational visibility
This reference is organized into three sections:
Configuration documents all configuration objects and their relationships
Metrics documents the exported StatsD metrics
Log documents the structured log formats emitted by the daemon
If you are setting up vey-keyless for the first time, start with the
configuration reference, then review the metrics and log pages for operational
visibility.