Skip to content

Keyfount Server v0.0.1

Latest
Latest

Choose a tag to compare

View all tags
@Loule95450 Loule95450 released this 28 May 17:29
· 2 commits to main since this release
v0.0.1
5656393
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

First versioned release of the Keyfount sync server — a self-hostable, zero-knowledge sync backend for the Keyfount deterministic password manager.

This release is distributed as a multi-arch container image:

docker pull ghcr.io/keyfount/server:0.0.1   # or :latest

Published for linux/amd64 + linux/arm64. The :beta tag tracks the develop branch.

Highlights since the start of the project

Sync protocol

  • Zero-knowledge sync: the server stores only encrypted blobs.
  • OPAQUE register / login / sessions.
  • Encrypted event log + snapshots with compaction.

Admin

  • Single-admin setup with approval-gated user registration.
  • List users (all / pending / approved / rejected), revoke and delete.
  • A Preact single-page admin UI with EN/FR i18n and an ambient DotGrid background, optionally bound on a separate port.

Operations & security

  • Multi-arch GHCR image, Portainer / Synology-ready compose.
  • Migrations shipped in the image; /data pre-created and owned by a non-root user.
  • CORS for configured origins.
  • Trivy scanning split into a blocking library scan and an informational OS scan; hardened Dockerfile.
  • Protocol, threat model (including the at-rest encryption boundary), and self-host runbook documentation.

CI / release

  • GitFlow container releases: a labelled develop → main PR publishes :<version> + :latest and tags vX.Y.Z; pushing to develop publishes :beta. The release is gated on typecheck/lint/test/build.
Assets 2
Loading