Skip to content

Niraj-Fonseka/open-secret-share

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

56 Commits
docs
docs
 
 
key-server
key-server
 
 
oss
oss
 
 
protobuf
protobuf
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

Open Secret Share

  • Self hosted secret sharing with gpg

  • Two components

    • key-server : interfaces with the storage provider for fetching and storing public keys. And temporarily stores encrypted data.
    • oss client : binary that will live in the sender / reciever's machine that will be used for encrypting / decrypting messages as well as generating gpg key pairs.

  • TLDR

    • Self hostable
    • Private keys are always stored locally
    • Encryption always happens locally
    • Add your own storage provider

Demo

  • These two recordings were done in two different machines. One acting as a sender and the other as a reciever. I recommend watching them at the same time

  • sender

  • reciever

How it works

arch diagram

Self Hosting

key-server

  • This is a grpc server that will interface with the storage provider and the oss clients. This also will maintain the temporary in memory cache of encrypted messages.

  • Configurations

    • To use the existing Google Cloud Storage storage provider, create a service account in your google cloud account with proper permissions to view, create objects in a storage bucket
    • When the service account is generated, base64 encode it and set the GOOGLE_CREDENTIALS environment variable. ( Make sure to disable wrap when you encode to base64 ie: base64 -w 0 service_account.json > service_account_encoded.txt)
    • Create a GCS Bucket
    • Set the GOOGLE_STORAGE_BUCKET environment variable with the name of the bucket.
    • Generate / create a random string to be used as a api key to communicate between clients and key-server.
    • Set the AUTH_KEY environment variable with the random string that was generated
    • If no PORT variable was set the server will start on port 50051

  • Build and the server

    • with docker
      • make docker
    • without docker
      • make go

oss client

  • Configurations

    • Set the SERVER environment variable with the key-server url
    • Set the AUTH_KEY environment variable with the same string that was generated when setting up the api

  • Build and run the server

    • go build -o oss . or run make
    • to run the client ./oss

Adding a new storage provider

About

self hosted secret sharing

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases 1

v0.1 Latest
Sep 11, 2022

Packages

No packages published

Languages