Skip to content
A Django webapp to escrow filevault keys sent by the Crypt client app.
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.circleci
docker Updated crypt.conf to set X-Frame-Options Feb 28, 2019
docs Updated docker.md to include comment on X-Frame-Options Feb 28, 2019
functional_tests Black Dec 17, 2018
fvserver Fix broken build number Mar 6, 2019
server Cleanup Jan 14, 2019
setup
site_static
static
templates
.dockerignore
.flake8
.gitignore
Dockerfile
LICENSE Splitting the web app off into it's own repo to make it all a bit eas… Dec 14, 2012
NOTICE
README.md
crypt.wsgi
docker-compose.yml revert docker-compose Jan 14, 2019
generate_keyczart.py
manage.py Splitting the web app off into it's own repo to make it all a bit eas… Dec 14, 2012
remote_build.py
set_build_no.py
smtp.sh

README.md

Crypt-Server

Crypt is a tool for securely storing secrets such as FileVault 2 recovery keys. It is made up of a client app, and a Django web app for storing the keys.

This Docker image contains the fully configured Crypt Django web app. A default admin user has been preconfigured, use admin/password to login. If you intend on using the server for anything semi-serious it is a good idea to change the password or add a new admin user and delete the default one.

Features

  • Secrets are encrypted in the database
  • All access is audited - all reasons for retrieval and approval are logged along side the users performing the actions
  • Two step approval for retrieval of secrets is enabled by default
  • Approval permission can be given to all users (so just any two users need to approve the retrieval) or a specific group of users

Installation instructions

It is recommended that you use Docker to run this, but if you wish to run directly on a host, installation instructions are over on the in the docs directory

Settings

These settings are for the upcoming Crypt Server 3 release. Please refer to these settings for the present 2.x releases

All settings that would be entered into settings.py can also be passed into the Docker container as environment variables.

  • FIELD_ENCRYPTION_KEY - The key to use when encrypting the secrets. This is required.

  • SEND_EMAIL - Crypt Server can send email notifcations when secrets are requested and approved. Set SEND_EMAIL to True, and set HOST_NAME to your server's host and URL scheme (e.g. https://crypt.example.com). For configuring your email settings, see the Django documentation.

  • APPROVE_OWN - By default, users with approval permissons can approve their own key requests. By setting this to False in settings.py (or by using the APPROVE_OWN environment variable with Docker), users cannot approve their own requests.

  • ALL_APPROVE - By default, users need to be explicitly given approval permissions to approve key retrieval requests. By setting this to True in settings.py, all users are given this permission when they log in.

  • ROTATE_VIEWED_SECRETS - With a compatible client (such as Crypt 3.2.0 and greater), Crypt Server can instruct the client to rotate the secret and re-escrow it when the secret has been viewed. Enable by setting this to True or by using ROTATE_VIEWED_SECRETS and setting to true.

Screenshots

Main Page: Crypt Main Page

Computer Info: Computer info

User Key Request: Userkey request

Manage Requests: Manage Requests

Approve Request: Approve Request

Key Retrieval: Key Retrieval

You can’t perform that action at this time.