Crates.io | chamber-core |
lib.rs | chamber-core |
version | 0.2.0 |
source | src |
created_at | 2023-12-25 15:00:20.732516 |
updated_at | 2023-12-30 19:12:03.331617 |
description | The core for Chamber, the self-hostable SecretOps service. |
homepage | https://www.github.com/joshua-mo-143/chamber |
repository | https://www.github.com/joshua-mo-143/chamber |
max_upload_size | |
id | 1080282 |
size | 37,360 |
Do you have NIH syndrome? Me too, which is why I made this web service so I can avoid the complexity of having to use Hashicorp Vault.
The easiest way to start using Chamber is via the CLI. You will need to install it using the following:
cargo install chamber-cli
You'll want to then set the URL of your Chamber instance using chamber website set [VALUE]
.
Initially when you load up the web service, a root key will be auto generated for you that you can find in the logs. You will need to use this key to unseal the web service using chamber unseal [VALUE]
.
Once this is done, you can then generate a chamber.bin
file using chamber keygen
and use chamber upload
to upload the new keyfile to the web service to reset your seal key (and cryptographic key)!
To deploy this as a Shuttle service, run the following:
cargo shuttle init --from joshua-mo-143/chamber --subfolder chamber-server
You will probably want to use chamber keygen
to generate a new keyfile and include it in your project root. This will allow you to keep your keyfile persistent across deployments. shuttle-persist
support is planned to make it easier to persist your keyfiles.
A dockerfile has been added for your convenience.
The dockerfile takes the DATABASE_URL
and PORT
environment variables.
There are several moving parts to Chamber:
Please refer to the SECURITY.md file for a full explanation.
For the TL;DR: This service is reasonably secure if you are using it for small scale projects. Work is being done to enhance the security as outlined in the aforementioned file. Expect the API to be unstable.