logo
  • What is Basil?
  • How it works
  • Backends & custody
  • Threat model
  • How it compares
  • Quickstart
  • Installation
  • First run: basil config init
  • Make it your own
  • Migrating from sops-nix to Basil
  • Configuration overview
  • The catalog (keys)
  • The policy (authorization)
  • Backends & capabilities
  • OpenBao & Vault
  • AWS KMS
  • Google Cloud KMS
  • 1Password
  • Capability policy & reconcile
  • Unlock & the sealed bundle
  • Approvals & change control
  • Limits & resource controls
  • JWKS HTTP surface
  • CLI overview
  • Command reference
  • Client libraries overview
  • Rust client
  • Streaming encryption
  • Go client
  • Other languages
  • NATS integration
  • Integration patterns
  • Sealed invocations
  • NATS bridge
  • Crypto: keys & algorithms
  • Rotating keys
  • Importing (BYOK) keys & sets
  • Revocation
  • Audit logs
  • Hot reload & admin reload
  • Health & readiness probes
  • Policy explain / dry-run
  • Doctor (preflight checks)
  • Automated boot unlock
  • Examples overview
  • db-keystore backend
  • Error & status code reference
  • Incident runbook
  • Feature matrix
  • Glossary
  • RFC compatibility
  • NATS JWT reference

    Client Libraries

    Pages:

    • Client libraries overview
    • Rust client
    • Streaming encryption
    • Go client
    • Other languages
    • NATS integration
    • Integration patterns
    • Sealed invocations
    • NATS bridge