securestore-rs
etsd
| securestore-rs | etsd | |
|---|---|---|
| 3 | 4 | |
| 116 | 48 | |
| 4.3% | - | |
| 5.1 | 3.6 | |
| 2 months ago | 9 months ago | |
| Rust | JavaScript | |
| MIT License | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
securestore-rs
-
Ask HN: Are there any open source forks of nomad smd consul?
We use and maintain this cross-platform/cross-lang secrets management option: https://github.com/neosmart/securestore-rs
It keeps secrets out of your environment variables and lets you manage secrets the same way you do code (in lock-step with the code that uses it and as easy to update a secret just by pushing to git), but it's definitely for smaller teams or projects.
-
How I run my servers
You can include encrypted secrets and deploy the key out of band. Our open source solution for this (cross-platform, cross-language): https://neosmart.net/blog/securestore-open-secrets-format/
Eg this is the rust version on GitHub: https://github.com/neosmart/securestore-rs/tree/master
- Secure Store
etsd
-
How I run my servers
A pretty same setup with a bunch of differences:
1. I'm using a single postgresql database for all apps (each with a different user) on a different server; each app has a different db user
2. I use a minio instance for file/media uploads/serving
3. I mostly use nginx but i'm transitioning new apps to caddy because of automatic integration with let's encrypt and much smaller config for common purposes
4. I use a fab-classic (fabric 1x) script to deploy new versions: https://github.com/spapas/etsd/blob/master/fabfile.py
5. For backup I do a logical db backup once per day via cron (using a script similar to this https://spapas.github.io/2016/11/02/postgresql-backup/)
6. One memcache instance of all apps
7. Each app gets a redis instance (if redis is needed): https://gist.github.com/akhdaniel/04e4bb2df76ef534b0cb982c1d...
8. Use systemd for app control
-
Show HN: Enc – A modern and friendly CLI alternative to GnuPG
Yes, you are right on that. If the server is compromised a malicious user may change the client-side code to add a backdoor and steal your private key when you unlock it. He'll be able to steal only the keys that are unlocked while the backdoor stays undetected (not all the data).
The ideal way to resolve that would be to change the service to an API and offer binaries with a correct signature so the user can check and make sure that they get the correct thing. Actually I tried writing the client binaries using electron (https://github.com/spapas/etsd/tree/master/client) but didn't have the time for that :(
You are rigth though, I've added a Risks section to warn for that thingie https://github.com/spapas/etsd/blob/master/README.md#risks
- Show HN: ETSD – Transmit sensitive data encrypted across your organization
What are some alternatives?
docker-rollout - 🚀 Zero Downtime Deployment for Docker Compose
enc - 🔑🔒 A modern and friendly CLI alternative to GnuPG: generate and download keys, encrypt, decrypt, and sign text and files, and more.
ts-neural-network - A neural network to play with
Exocryption - A simple file encryption program written in Rust using the Rust Crypto set of crates.
PythonEncryptionAlgorithm - An encryption algorithm in python
susam.net - Source code of https://susam.net/
flyctl - Command line tools for fly.io services
gpg-ed25519-to-cv25519 - Convert GPG ed25519 to cv25519 encryption key
caddy-docker-proxy - Caddy as a reverse proxy for Docker
dotfiles - Mostly ~/.* files to configure vim, sh, tmux, etc. on Debian, Mac, and Windows