Coder Social home page Coder Social logo

datavaccinator / dv-vault Goto Github PK

View Code? Open in Web Editor NEW
3.0 1.0 0.0 11.27 MB

DataVaccinator Vault Server Platform

Home Page: https://www.datavaccinator.com/

License: GNU Affero General Public License v3.0

Go 78.39% Makefile 0.63% Shell 9.84% PHP 11.14%
pseudonymisation golang-application installer-script data-security secure-computation secure-databases content-security-policy data-protection data-privacy data-privacy-compliance

dv-vault's Introduction

DataVaccinator Vault

This is the DataVaccinator Vault platform. It has to be installed on some Linux environment in order to provide a REST API for pseudonymisation services.

The DataVaccinator Vault platform offers

  • Multi tenant use (multiple service providers served on the same platform).

  • Word based search using an encrypted index which ensures no readable information on server side.

  • Can use Let’s Encrypt certificates out of the box.

  • Supports both IPv4 and IPv6 and allows listening on multiple addresses (for the same domain).

  • Fully automatic IP whitelisting by only serving API requests from dedicated IP addresses.

  • DataVaccinator Vault supports working behind proxy servers and loadbalancers (like HAProxy).

  • It supports CORS to avoid issues with cross origin requests.

  • Installer-Script supports CentOS, Red Hat, Rocky Linux, Arch Linux, Suse Linux, Ubuntu and Debian systems (all x86_64).

  • Installer-Script automatically generates systemd daemon, system user and group, database user and database structure.

What is it good for?

The DataVaccinator Vault protects your sensitive data and information against abuse. At the very moment when data is being generated, the service splits that data and uses advanced pseudonymisation techniques to separate content from identity information. Thus, the DataVaccinator Vault reduces cyber security risks in the health, industry, finance and any other sector and helps service providers, device manufacturers, data generating and data handling parties to manage sensitive data in a secure and GDPR-compliant manner. In contrast to other offerings, DataVaccinator industrialises pseudonymisation, thereby making pseudonymisation replicable and affordable.

Get more information, support and contact at https://www.datavaccinator.com.

It requires (for execution):

  • Some Linux server (Intel/AMD, x86_64)

  • CockroachDB database and drivers

It requires (for development):

  • Some Linux server (Intel/AMD, x86_64)

    • min. 2 CPU cores (vCPU)

    • min. 2GB memory

    • min. 4GB disk

  • CockroachDB database and drivers

  • go compiler (1.16 or higher)

  • php 7 (for migration tool and test scripts)

  • Preferable some IDE (like VSCode, Atom, VIM-GO or LiteIDE)

What is missing:

  • Currently no support for ARM systems.

  • No support for Windows systems.

Get started

In order to run a DataVaccinator Vault, please follow this guide for installation on a dedicated Linux machine:

  1. Install CockroachDB on the machine see our hints.

  2. Download the latest DataVaccinator setup (…​setup.sh) from GitHub releases page to some temporary directory on your machine.

  3. Run it like this:
    sudo sh dv-vault-1.0.0_x86_64_setup.sh

  4. Follow the steps from the setup script.

  5. Edit the conf.json file to your needs.

    • By default it is located at /opt/vaccinator/config.json folder.

    • Check the docs/vaccinator-config.adoc for details about the configuration options.

    • Remember to use sudo to edit this file.

  6. Start the service using
    sudo systemctl start vaccinator

  7. Control service start using
    journalctl -et vaccinator

  8. Update the default entry with a password and allowed IPs like this (example):
    cd /opt/vaccinator/
    ./vaccinator -p -j='{"op": "update", "sid": 1, "name": "1st provider", "password": "<myPassword>", "ip": "127.0.0.1"}'

License information

DataVaccinator Vault is released as free software under the Affero GPL license (AGPL). You can redistribute it and/or modify it under the terms of this license which you can read by viewing the included LICENSE file or online at www.gnu.org/licenses/agpl.html

dv-vault's People

Contributors

deepsourcebot avatar kukulkano avatar

Stargazers

avatar avatar avatar

Watchers

avatar

dv-vault's Issues

Add limits to check result

The check protocol call should return the limits for max payload, max searchword length and max publish duration.

SearchHash enhancement

Currently, the search hash is built like this:

  • Hash the word character by character
  • Add random bytes to the generated hash

The drawbacks are:

  • False positive hits during search for words with the same beginning and random matches
  • The entropy for the word length is only added by max 3 characters

As a suggestion, we might build the hash like this:

  • Add a NULL byte to the word
  • Add random bytes to the word until it reaches the size of 16 characters. Use 32 if the word is longer than 16 characters.
  • Hash the word character by character

Benefits:

  • Enhanced entropy for the words
  • Impossible to predict anything by the length of the search hash (all 16 or 32 bytes)
  • Eliminate possible false positives during search

Allow submitting own VID

Allow submitting own VID in ADD function. In this case, we need to verify uniqenes and return error in case it is not unique.

Add oAuth 2.0 support

Instead of IP whitelisting with ID and password, we might also support oAuth 2.0 for client authentication.

Installer may get some update mode

If the target file and some config file is already found, we may ask for a simple executable update.

If user says YES, we only stop the service, update the executable, run some optional update script and restart the service.

Add command line options

The client executable may get command line options to add/update/delete providers.

By using the same executable, all database functionality is already available and does not need any duplication.

Allow additional authentication using sid and spwd form header values

Currently, authentication uses sid and spwd values from json form field. This generates overhead if a service provider has to supplement a call with those values (decode, add, encode).

Instead of this, we might accept sid and spwd as additional form key/value parameters. This will stop the service provider from having to decode and encode the json parameter.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.