Welcome to 🛡️ Vault Boy
Vault Boy is an open-source, web-based password manager that combines the robustness of Rust and the flexibility of React to deliver a secure, efficient, and user-friendly solution for password management.
This is the REST Service of Vault Boy. Check also the React application out.
Why Vault Boy?
In today’s digital world, managing a multitude of passwords for various online accounts can be a daunting task. Vault Boy aims to simplify this process by providing a platform where users can securely store and manage their passwords.
Built with bleeding edge Rust and React, Vault Boy offers the performance and safety of Rust, along with the simplicity and intuitiveness of React. This combination ensures a seamless user experience without compromising on security.
Join us in our mission to make password management secure and hassle-free! Contribute to Vault Boy and be a part of this open-source journey.
Getting started
Clone the repository.
git clone https://git.michm.de/open-secure-vault/backend
cd open-secure-vault
Setup the environment
Generating self-signed certificate.
mkdir .cert
openssl req -new \
--newkey rsa:2048 \
-nodes \
-keyout .cert/key.pem \
-out .cert/cert.csr \
-subj /C=DE/ST=Berlin/L=Berlin/O=michm/OU=IT/CN=localhost/
openssl x509 \
-in .cert/cert.csr \
-out .cert/cert.pem \
-req \
-signkey .cert/key.pem \
-days 1001
In case Node.js is not already installed, we got you covered.
make get-node -j
Clone the React application.
make get-app -j
And build it.
make build-app -j
Build the server.
make build -j
Run 🛡️ Vault Boy
bin/vault*
Configuration
Vault Boy trys by default the file config.yaml
to read and parse. This behaviour can be changed, when passing the argumant -c <path>
or --config <path>
at launch. A typical configuration should look like the following example.
use_embed_assets: true
server:
host: localhost
port: 4430
version: Http3
root: www-root
certificate:
key: .cert/key.pem
cert: .cert/cert.pem
Secret management
With the securestore
crate and ssclient
management of secrets and api keys are strait forward.
Right now only the pepper key for the in future salted and peppered password hashing mechanism are
provided by securestore
. Mainly it prevents private keys from leaking to e.g. open Git
repositories.
You have to install ssclient
.
cargo install ssclient
Create a new store.
ssclient --export-key secrets.key create secrets.json
Password: *************
Confirm password: *************
And generate a pepper secret.
ssclient set pepper:vault-boy xxxxxxxxxxxxxxxxxxxxxxx
Vault Boy retrieves from securestore
at runtime the key when required.