flaskExample
authelia
flaskExample | authelia | |
---|---|---|
1 | 174 | |
3 | 19,654 | |
- | 2.1% | |
3.0 | 9.9 | |
9 months ago | 5 days ago | |
HTML | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
flaskExample
-
Krptn: User Auth and Encryption of data at rest, derived from users’ credentials
Hello, all!
Encryption and user authentication are crucial to cybersecurity.
Encryption can be implemented at various levels. I believe that handling encryption at the application level is the most secure since it decreases the attack surface. For example, the SQL server doesn’t get to see the plaintext.
Krptn is a piece of software I’m currently building which could be used as a user authentication service, which also handles encryption (at the application level) of the user’s associated data (e.g.: the users’ phone number).
(Krptn only has a Python API right now.)
It would run in the same server instance as your Python code, so no need to host anything new (decreased complexity) - just install the Python module and call the APIs.
For additional security, I designed the system to derive the encryption keys from the users’ credentials. This prevents an attacker who gains access to the database from being able to decrypt all the data since the encryption keys aren’t stored anywhere. Additionally, each user gets an asymmetric keypair. This enables users to share specific pieces of information with each other.
I know that, for many projects, this level of encryption is not required to secure their system and hence not everyone would benefit from using this. But I hope that for the people who do wish to have such security, this project will help.
It would be much appreciated if you would try this out. Please let me know what you think of this! Also please provide some feedback if you have any!
Here is an example Django integration: https://github.com/krptn/djangoExample
Here is an example Flask integration: https://github.com/krptn/flaskExample
GitHub repo: https://github.com/krptn/krypton
authelia
-
Keycloak SSO with Docker Compose and Nginx
It's me and two others though I'm definitely the most active. We put a lot of effort into security best practices and one of my co-developers is currently reviewing the 4.38.0 release. It's a fairly major release with a lot of important code paths that have been improved for the future.
Our official docs can be found at https://www.authelia.com and you can find docs for a particular PR in the relevant PR. We've also linked the pre-release docs in the pre-release discussions which can be found here: https://github.com/authelia/authelia/discussions/categories/...
-
Protecting WebUI on public IP?
I use NGINX proxy with Authelia in between. Authelia blocks and blacklists faulty logins.
-
Why would anyone need AD/AAD when you can manage devices through Saltstack?
https://github.com/saltstack/salt https://github.com/chocolatey/choco https://github.com/nextcloud https://github.com/authelia/authelia https://github.com/grafana/grafana
- Give this project some luv: Single Sign-On Multi-Factor portal for web apps
-
HAProxy with Forward Auth to Authentik
If you are using HAProxy on PfSense/OPNSense, see my issue https://github.com/authelia/authelia/issues/2696
- Keycloak – Open-Source Identity and Access Management Interview
-
LDAP or AD for selfhosted
https://github.com/lldap/lldap is a very simple and lightweight LDAP solution. Works flawless with https://www.authelia.com/
-
Authelia/SSO With Caddy In Docker Compose?
Ah yeah, so I guess it's been a while since I tried and I forgot where I got stuck last time. Authelia's config.yml is absolutely massive and I'm not sure which section of their guide I should be following. In The Docker Compose section, there's "Unbundled", "Lite", and "Local". I think I want to be running the "lite" bundle, but their example compose file has a ton of Traefik stuff in it. I know I wouldn't keep the Traefik services, but do I need either secure or public?
-
How do you secure your webpages that have no protection?
Authelia supports SSO. If you are behind a reverse proxy it’s quite straightforward to integrate.
-
GitLab behind Authelia
This should probably also be mentioned in the documentation so maybe consider mentioning this on their discussion page.
What are some alternatives?
krypton - Data encryption at rest and IAM for Python
authentik - The authentication glue you need.
djangoExample - Example Krptn Integration with Django
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
oauth2 - Go OAuth2
oauth2-proxy - A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
Nginx Proxy Manager - Docker container for managing Nginx proxy hosts with a simple, powerful interface
dex - OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors
Portainer - Making Docker and Kubernetes management easy.
traefik-forward-auth - Minimal forward authentication service that provides Google/OpenID oauth based login and authentication for the traefik reverse proxy
uptime-kuma - A fancy self-hosted monitoring tool
vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs