Skip to content
Snippets Groups Projects
Manfred Michaelis's avatar
Manfred Michaelis authored
1e0449b8
History

Welcome to 🛡️ Vault Boy

Vault Boy is an open-source, web-based password manager that combines the robustness of Rust and the flexibility of React to deliver a secure, efficient, and user-friendly solution for password management.

This is the REST Service of Vault Boy. Check also the React application out.

Why Vault Boy?

In today’s digital world, managing a multitude of passwords for various online accounts can be a daunting task. Vault Boy aims to simplify this process by providing a platform where users can securely store and manage their passwords.

Built with bleeding edge Rust and React, Vault Boy offers the performance and safety of Rust, along with the simplicity and intuitiveness of React. This combination ensures a seamless user experience without compromising on security.

Join us in our mission to make password management secure and hassle-free! Contribute to Vault Boy and be a part of this open-source journey.

Getting started

Clone the repository.

git clone https://git.michm.de/open-secure-vault/backend
cd open-secure-vault

Setup the environment

Generating self-signed certificate.

mkdir .cert
openssl req -new \
  --newkey rsa:2048 \
  -nodes \
  -keyout .cert/key.pem \
  -out .cert/cert.csr \
  -subj /C=DE/ST=Berlin/L=Berlin/O=michm/OU=IT/CN=localhost/
openssl x509 \
  -in .cert/cert.csr \
  -out .cert/cert.pem \
  -req \
  -signkey .cert/key.pem \
  -days 1001

In case Node.js is not already installed, we got you covered.

make get-node -j

Clone the React application.

make get-app -j

And build it.

make build-app -j

Build the server.

make build -j

Run 🛡️ Vault Boy

bin/vault*

Configuration

Vault Boy trys by default the file config.yaml to read and parse. This behaviour can be changed, when passing the argumant -c <path> or --config <path> at launch. A typical configuration should look like the following example.

use_embed_assets: true

server:
  host: localhost
  port: 4430
  version: Http3
  root: www-root
  certificate:
    key: .cert/key.pem
    cert: .cert/cert.pem

Secret management

With the securestore crate and ssclient management of secrets and api keys are strait forward. Right now only the pepper key for the in future salted and peppered password hashing mechanism are provided by securestore. Mainly it prevents private keys from leaking to e.g. open Git repositories.

You have to install ssclient.

cargo install ssclient

Create a new store.

ssclient --export-key secrets.key create secrets.json

Password: *************
Confirm password: *************

And generate a pepper secret.

ssclient set pepper:vault-boy xxxxxxxxxxxxxxxxxxxxxxx

Vault Boy retrieves from securestore at runtime the key when required.