A Redis-backed key-value store for the reckless and the careful alike.
SLKVS stores values under compound keys of the form kvs_{realm}__{key}. Every operation requires a realm and a key. Optional secure marking protects keys from unauthorised writes.
Retrieves the value for a given realm and key. Returns the raw value on success, or a 404 JSON error if the key does not exist.
curl https://host/api?method=get&realm=production&key=db_url
postgres://user:pass@primary:5432/slkvs
{ "error": "Key not found" }
Stores a value. If the key has been marked secure, a matching secret must be provided; otherwise the request is rejected with 403.
curl https://host/api \
-X POST \
-H "Content-Type: application/json" \
-d '{ "method": "set", "realm": "staging", "key": "api_key", "value": "sk-abc123" }'
{ "success": true }
Deletes a key and its associated security metadata. Like set, this requires the secret if the key is marked secure.
curl https://host/api \
-X POST \
-H "Content-Type: application/json" \
-d '{ "method": "remove", "realm": "staging", "key": "api_key" }'
{ "success": true }
Marks a key as secure. Once marked, every set or remove call must include the correct secret. The secret is hashed with bcrypt before storage — SLKVS never stores plaintext secrets. Getting a value never requires a secret.
curl https://host/api \
-X POST \
-H "Content-Type: application/json" \
-d '{ "method": "setsecure", "realm": "production", "key": "db_url", "secret": "hunter2" }'
{ "success": true }
| Name | Required | Description |
|---|---|---|
method | always | One of get, set, remove, setsecure |
realm | always | Namespace / partition for keys |
key | always | The key name within the realm |
value | set | Value to store (string) |
secret | setsecure / secure ops | Secret for marking or accessing a secure key |
setsecure with a new secret rotates the secret.kvs_{realm}__{key}.