Author: |
LasLabs Inc. |
License: |
LGPL-3 |
Branch: |
feature/master/clouder_crypto |
Repository: |
LasLabs/clouder |
Dependencies: |
clouder,
and
clouder_template_proxy |
Languages: |
Python (35, 17.0%),
XML (116, 56.3%),
and
reStructuredText (55, 26.7%) |
<a class="reference external image-reference" href="http://www.gnu.org/licenses/lgpl-3.0-standalone.html"><img alt="License: LGPL-3" src="https://img.shields.io/badge/licence-LGPL--3-blue.svg">
</a>
<a name="clouder-template-red-october"></a>
<h2>Clouder Template - Red October</h2>
<p>This module provides a Clouder Template for Red October.</p>
<p>Red October is a cryptographically-secure implementation of the two-person rule
to protect sensitive data. From a technical perspective, Red October is a
software-based encryption and decryption server. The server can be used to
encrypt a payload in such a way that no one individual can decrypt it. The
encryption of the payload is cryptographically tied to the credentials of the
authorized users.</p>
<p>Authorized persons can delegate their credentials to the server for a period of
time. The server can decrypt any previously-encrypted payloads as long as the
appropriate number of people have delegated their credentials to the server.</p>
<p>This architecture allows Red October to act as a convenient decryption service.
Other systems, including CloudFlare’s build system, can use it for decryption
and users can delegate their credentials to the server via a simple web interface.
All communication with Red October is encrypted with TLS,
ensuring that passwords are not sent in the clear.</p>
<p><a class="reference external" href="https://blog.cloudflare.com/red-october-cloudflares-open-source-implementation-of-the-two-man-rule/">Read More on CloudFlare's Blog</a>.</p>
<p><a class="reference external" href="https://github.com/cloudflare/redoctober">Browse Red October on Github</a>.</p>
<a name="configuration"></a>
<h3>Configuration</h3>
<p>Clouder configuration instructions are available at <a class="reference external" href="https://clouder.readthedocs.io/">https://clouder.readthedocs.io/</a></p>
<a name="usage"></a>
<h3>Usage</h3>
<p>To use this module, you need to:</p>
<ol class="arabic simple">
<li>Create a new service in the Clouder Control Panel</li>
<li>Select <code>Red October</code> as the application & configure everything else to preference</li>
</ol>
<a name="known-issues-roadmap"></a>
<h3>Known issues / Roadmap</h3>
<ul class="simple">
<li>The service is currently using a self-signed certificate. This should be changed once a CA exists.</li>
<li>Runit is being installed via community repos, which are HTTP only. This is insecure.</li>
<li>Path isn't persisting so there is a symlink to redoctober being created. This should be fixed at some point,
likely in a base Go container instead of here.</li>
<li>Image volume is being mounted as root, then chown is happening in the docker entrypoint. This sseems weird,
so should investigate further, but is how the CloudFlare people rigged it up so it's possible they're simply
smarter than me.</li>
<li>Add dependency cleanup to Dockerfile.</li>
</ul>
<a name="bug-tracker"></a>
<h3>Bug Tracker</h3>
<p>Bugs are tracked on <a class="reference external" href="https://github.com/clouder-community/clouder/issues">GitHub Issues</a>. In case of trouble, please
check there if your issue has already been reported. If you spotted it first,
help us smashing it by providing a detailed and welcomed feedback.</p>
<a name="credits"></a>
<h3>Credits</h3>
<a name="contributors"></a>
<h4>Contributors</h4>
<ul class="simple">
<li>Dave Lasley <<a class="reference external" href="mailto:dave@laslabs.com">dave@laslabs.com</a>></li>
</ul>
<a name="maintainer"></a>
<h4>Maintainer</h4>
<p>This module is maintained by Clouder Community.</p>
<p>To contribute to this module, please visit <a class="reference external" href="https://github.com/clouder-community/clouder">https://github.com/clouder-community/clouder</a></p>