Ocean Yet Storms

Open-Source Secrets as a Service Platform.

Join The Live Alpha

Ships with

• Secrets HTTP API Server
• Secrets Client SDK
• Secrets Web Admin Interface
• Vagrantfile or DockerFile for easy installation

Warning

The security of Secrets is not something to be taken lightly.

Currently, I must advise you to NOT run Ocean Yet Storms in production.

I am using this library in production, so I do have a vested interest in making oys as secure as possible. Once this project has met your ( the communities' ) defined security requirements, I will be glad to brand and label oys as "Production Ready".

Until then please feel free to open a Github Issue with any security issues or questions or send an email to support@marak.com

Features

• Protects your configurations and secrets by removing them your servers
• Removes all your secrets from ENV, CLI, and local config variables
• Secrets Server + Secrets Agent
• Secrets Web Administration Interface
• Optional HTTP push configurations to Server environments
• Optional Express based Middleware for recieving remote configuration push

Installation

Three Installation Options

1. Build from Source
2. Use Vagrantfile
3. Use Dockerfile

From Source

  git clone https://github.com/marak/oys
  cd oys
  npm install
  npm start

Note: You'll also need a CouchDB and Redis running on standard ports!

Using Vagrant

TODO

git clone https://github.com/marak/oys
cd oys
vagrant up
vagrant ssh
cd oys
npm start

Using Docker

TODO

Server Usage

Express.js based server. See: https://github.com/bigcompany/http for additional HTTP configuration API

var oys = require('oys');
oys.server.listen({ port: 4000 }, function (err, app) {
  if (err) {
    throw err;
  }
  console.log('listening on port ', app.server.address())
});

SDK Usage

  var oys = require('oys');
 
  var client = oys.createClient({
    apiKey: '1234-5678'
  });
 
  // gets a specific secret value by key
  oys.get('password', function (err, secret) {
    console.log(err, secret);
  });
 
  // get multiple keys at once
  oys.get(['password', 'another-password'], function (err, secrets) {
    console.log(err, secrets);
  });
 
 
  oys.set('password', 'value', function (err, secret) {
    console.log(err, secret);
  });
 
  // sets a specific secret value by key
  // Note: not available for read-only roles ( no writing secret values from server )
 

Middleware Usage

var oys =  require('oys');
var oysMiddle = oys.middle({});
app.use('/_oys', oysMiddle);

This will expose the following routes:

GET /_oys
POST /_oys

These routes are capable of receiving push updates from an oys server or client.

Roadmap

see: RoadMap.md file

What's the deal with the project name?

If you actually look at the name Ocean Yet Storms long enough, you might figure it out. If that doesn't work, try brushing up on your Robert Redford movies.

Contributors

• Marak Squires
• Armen Vartan