<a class="reference external image-reference" href="http://www.gnu.org/licenses/lgpl-3.0-standalone.html"><img alt="License: LGPL-3" src="https://img.shields.io/badge/licence-LGPL--3-blue.svg"> </a> <a name="clouder-template-red-october"></a> <h2>Clouder Template - Red October</h2> <p>This module provides a Clouder Template for Red October.</p> <p>Red October is a cryptographically-secure implementation of the two-person rule to protect sensitive data. From a technical perspective, Red October is a software-based encryption and decryption server. The server can be used to encrypt a payload in such a way that no one individual can decrypt it. The encryption of the payload is cryptographically tied to the credentials of the authorized users.</p> <p>Authorized persons can delegate their credentials to the server for a period of time. The server can decrypt any previously-encrypted payloads as long as the appropriate number of people have delegated their credentials to the server.</p> <p>This architecture allows Red October to act as a convenient decryption service. Other systems, including CloudFlare’s build system, can use it for decryption and users can delegate their credentials to the server via a simple web interface. All communication with Red October is encrypted with TLS, ensuring that passwords are not sent in the clear.</p> <p><a class="reference external" href="https://blog.cloudflare.com/red-october-cloudflares-open-source-implementation-of-the-two-man-rule/">Read More on CloudFlare's Blog</a>.</p> <p><a class="reference external" href="https://github.com/cloudflare/redoctober">Browse Red October on Github</a>.</p> <a name="configuration"></a> <h3>Configuration</h3> <p>Clouder configuration instructions are available at <a class="reference external" href="https://clouder.readthedocs.io/">https://clouder.readthedocs.io/</a></p> <a name="usage"></a> <h3>Usage</h3> <p>To use this module, you need to:</p> <ol class="arabic simple"> <li>Create a new service in the Clouder Control Panel</li> <li>Select <code>Red October</code> as the application &amp; configure everything else to preference</li> </ol> <a name="known-issues-roadmap"></a> <h3>Known issues / Roadmap</h3> <ul class="simple"> <li>The service is currently using a self-signed certificate. This should be changed once a CA exists.</li> <li>Runit is being installed via community repos, which are HTTP only. This is insecure.</li> <li>Path isn't persisting so there is a symlink to redoctober being created. This should be fixed at some point, likely in a base Go container instead of here.</li> <li>Image volume is being mounted as root, then chown is happening in the docker entrypoint. This sseems weird, so should investigate further, but is how the CloudFlare people rigged it up so it's possible they're simply smarter than me.</li> <li>Add dependency cleanup to Dockerfile.</li> </ul> <a name="bug-tracker"></a> <h3>Bug Tracker</h3> <p>Bugs are tracked on <a class="reference external" href="https://github.com/clouder-community/clouder/issues">GitHub Issues</a>. In case of trouble, please check there if your issue has already been reported. If you spotted it first, help us smashing it by providing a detailed and welcomed feedback.</p> <a name="credits"></a> <h3>Credits</h3> <a name="contributors"></a> <h4>Contributors</h4> <ul class="simple"> <li>Dave Lasley &lt;<a class="reference external" href="mailto:dave&#64;laslabs.com">dave&#64;laslabs.com</a>&gt;</li> </ul> <a name="maintainer"></a> <h4>Maintainer</h4> <p>This module is maintained by Clouder Community.</p> <p>To contribute to this module, please visit <a class="reference external" href="https://github.com/clouder-community/clouder">https://github.com/clouder-community/clouder</a></p>