Skip to content
This repository was archived by the owner on Jan 24, 2018. It is now read-only.

[ADD] clouder_template_red_october: File encyption/decryption #187

Open
lasley wants to merge 9 commits into
base: master
Choose a base branch
from
Open

[ADD] clouder_template_red_october: File encyption/decryption #187

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
2455516
[ADD] clouder_template_red_october: File encyption/decryption
lasley Dec 15, 2016
be1aaaa
[FIX] clouder_template_red_october: Review fixes
lasley Dec 28, 2016
7bca20b
Few fixes
lasley Dec 30, 2016
d14d4cd
Fix Dockerfile and add note about non-persisting gopath
lasley Jan 2, 2017
bced5ad
Fix metrics interface binding
lasley Jan 2, 2017
77754a4
Allow bases and link www to application
lasley Jan 2, 2017
f5125b9
Move dockerfile to repo
lasley Jan 3, 2017
73b3fa9
Expose ports
lasley Jan 17, 2017
d07eabd
Switch expose to internet
lasley Jan 18, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
72 changes: 72 additions & 0 deletions clouder_template_red_october/README.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
.. image:: https://img.shields.io/badge/licence-LGPL--3-blue.svg
:target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
:alt: License: LGPL-3

==============================
Clouder Template - Red October
==============================

This module provides a Clouder Template for Red Octover.

Red October is a cryptographically-secure implementation of the two-person rule
to protect sensitive data. From a technical perspective, Red October is a
software-based encryption and decryption server. The server can be used to
encrypt a payload in such a way that no one individual can decrypt it. The
encryption of the payload is cryptographically tied to the credentials of the
authorized users.

Authorized persons can delegate their credentials to the server for a period of
time. The server can decrypt any previously-encrypted payloads as long as the
appropriate number of people have delegated their credentials to the server.

This architecture allows Red October to act as a convenient decryption service.
Other systems, including CloudFlare’s build system, can use it for decryption
and users can delegate their credentials to the server via a simple web interface.
All communication with Red October is encrypted with TLS,
ensuring that passwords are not sent in the clear.

`Read More on CloudFlare's Blog
<https://blog.cloudflare.com/red-october-cloudflares-open-source-implementation-of-the-two-man-rule/>`_.

`Browse Red October on Github
<https://github.com/cloudflare/redoctober>`_.

Configuration
=============

Clouder configuration instructions are available at https://clouder.readthedocs.io/

Usage
=====

To use this module, you need to:

#. Create a CFSSL Service in the Clouder Control Panel

Known issues / Roadmap
======================

* Add more Signature Profile options - https://github.com/cloudflare/redoctober/blob/86ecfbe5750ebf05565e4c80104d0a7919792fee/doc/cmd/redoctober.txt#L113

Bug Tracker
===========

Bugs are tracked on `GitHub Issues
<https://github.com/clouder-community/clouder/issues>`_. In case of trouble, please
check there if your issue has already been reported. If you spotted it first,
help us smashing it by providing a detailed and welcomed feedback.

Credits
=======

Contributors
------------

* Dave Lasley <dave@laslabs.com>

Maintainer
----------

This module is maintained by Clouder Community.

To contribute to this module, please visit https://github.com/clouder-community/clouder
3 changes: 3 additions & 0 deletions clouder_template_red_october/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# -*- coding: utf-8 -*-
# Copyright 2016 LasLabs Inc.
# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
28 changes: 28 additions & 0 deletions clouder_template_red_october/__manifest__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# -*- coding: utf-8 -*-
# Copyright 2016 LasLabs Inc.
# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).

{
'name': 'Clouder Template - Red October',
'version': '10.0.10.0.0',
'category': 'Clouder',
'depends': [
'clouder',
'clouder_template_proxy',
],
'author': 'LasLabs Inc.',
'license': 'LGPL-3',
'website': 'https://github.com/clouder-community/clouder',
'data': [
'data/image_template.xml',
'data/image.xml',
'data/image_port.xml',
'data/image_volume.xml',
'data/application_tag.xml',
'data/application_type.xml',
'data/application_template.xml',
'data/application.xml',
],
'installable': True,
'application': False,
}
42 changes: 42 additions & 0 deletions clouder_template_red_october/data/application.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright 2016 LasLabs Inc.
License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). -->

<odoo>

<record id="application_redoctober_data" model="clouder.application">
<field name="name">CFSSL Data</field>
<field name="code">data</field>
<field name="type_id" ref="application_type_redoctober" />
<field name="tag_ids" eval="[(4, ref('clouder.tag_data'))]" />
<field name="default_image_id" ref="image_redoctober_data" />
<field name="sequence">1</field>
<field name="required" eval="True"/>
</record>

<record id="application_redoctober_exec" model="clouder.application">
<field name="name">CFSSL Exec</field>
<field name="code">exec</field>
<field name="type_id" ref="application_type_redoctober" />
<field name="tag_ids" eval="[(4, ref('clouder.tag_exec'))]" />
<field name="default_image_id" ref="image_redoctober_exec" />
<field name="sequence">2</field>
<field name="required" eval="True"/>
<field name="update_strategy">auto</field>
</record>

<record id="application_redoctober" model="clouder.application">
<field name="name">CFSSL</field>
<field name="code">redoctober</field>
<field name="type_id" ref="application_type_redoctober" />
<field name="tag_ids" eval="[(4, ref('tag_cert_authority'))]" />
<field name="child_ids"
eval="[(4, ref('application_redoctober_data')),
(4, ref('application_redoctober_exec')),
]"
/>
<field name="sequence">1</field>
<field name="required" eval="True"/>
</record>

</odoo>
11 changes: 11 additions & 0 deletions clouder_template_red_october/data/application_tag.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright 2016 LasLabs Inc.
License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). -->

<odoo>

<record id="tag_cert_authority" model="clouder.application.tag">
<field name="name">cert_authority</field>
</record>

</odoo>
13 changes: 13 additions & 0 deletions clouder_template_red_october/data/application_template.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright 2016 LasLabs Inc.
License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). -->

<odoo>

<record id="application_template_redoctober"
model="clouder.application.template"
>
<field name="name">CFSSL</field>
</record>

</odoo>
17 changes: 17 additions & 0 deletions clouder_template_red_october/data/application_type.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright 2016 LasLabs Inc.
License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). -->

<odoo>

<record id="application_type_redoctober"
model="clouder.application.type"
>
<field name="name">redoctober</field>
<field name="system_user">root</field>
<field name="tag_ids"
eval="[(6, 0, [ref('tag_cert_authority')])]"
/>
</record>

</odoo>
162 changes: 162 additions & 0 deletions clouder_template_red_october/data/certificate_policy_use.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,162 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright 2016 LasLabs Inc.
Created from options listed at https://github.com/cloudflare/redoctober/blob/86ecfbe5750ebf05565e4c80104d0a7919792fee/doc/cmd/redoctober.txt#L89
License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). -->

<odoo>

<record id="certificate_policy_use_cert_sign"
model="clouder.certificate.policy.use"
>
<field name="name">Certificate Signing</field>
<field name="code">cert sign</field>
</record>

<record id="certificate_policy_use_signing"
model="clouder.certificate.policy.use"
>
<field name="name">Signing</field>
<field name="code">signing</field>
</record>

<record id="certificate_policy_use_smime"
model="clouder.certificate.policy.use"
>
<field name="name">S/MIME</field>
<field name="code">s/mime</field>
</record>

<record id="certificate_policy_use_server_auth"
model="clouder.certificate.policy.use"
>
<field name="name">Server Authentication</field>
<field name="code">server auth</field>
</record>

<record id="certificate_policy_use_client_auth"
model="clouder.certificate.policy.use"
>
<field name="name">Client Authentication</field>
<field name="code">client auth</field>
</record>

<record id="certificate_policy_use_digital_signature"
model="clouder.certificate.policy.use"
>
<field name="name">Digital Signatures</field>
<field name="code">digital signature</field>
</record>

<record id="certificate_policy_use_email_protection"
model="clouder.certificate.policy.use"
>
<field name="name">Email Protection</field>
<field name="code">email protection</field>
</record>

<record id="certificate_policy_use_key_encipherment"
model="clouder.certificate.policy.use"
>
<field name="name">Key Encipherment</field>
<field name="code">key encipherment</field>
</record>

<record id="certificate_policy_use_content_commitment"
model="clouder.certificate.policy.use"
>
<field name="name">Content Commitment</field>
<field name="code">content commitment</field>
</record>

<record id="certificate_policy_use_key_agreement"
model="clouder.certificate.policy.use"
>
<field name="name">Key Agreement</field>
<field name="code">key agreement</field>
</record>

<record id="certificate_policy_use_crl_sign"
model="clouder.certificate.policy.use"
>
<field name="name">CRL Signing</field>
<field name="code">crl sign</field>
</record>

<record id="certificate_policy_use_encipher_only"
model="clouder.certificate.policy.use"
>
<field name="name">Encipher Only</field>
<field name="code">encipher only</field>
</record>

<record id="certificate_policy_use_decipher_only"
model="clouder.certificate.policy.use"
>
<field name="name">Decipher Only</field>
<field name="code">decipher only</field>
</record>

<record id="certificate_policy_use_any"
model="clouder.certificate.policy.use"
>
<field name="name">Any</field>
<field name="code">any</field>
</record>

<record id="certificate_policy_use_code_signing"
model="clouder.certificate.policy.use"
>
<field name="name">Code Signing</field>
<field name="code">code signing</field>
</record>

<record id="certificate_policy_use_ipsec_end_system"
model="clouder.certificate.policy.use"
>
<field name="name">IPSEC End System</field>
<field name="code">ipsec end system</field>
</record>

<record id="certificate_policy_use_ipsec_tunnel"
model="clouder.certificate.policy.use"
>
<field name="name">IPSEC Tunnel</field>
<field name="code">ipsec tunnel</field>
</record>

<record id="certificate_policy_use_ipsec_user"
model="clouder.certificate.policy.use"
>
<field name="name">IPSEC User</field>
<field name="code">ipsec user</field>
</record>

<record id="certificate_policy_use_timestamping"
model="clouder.certificate.policy.use"
>
<field name="name">Timestamping</field>
<field name="code">timestamping</field>
</record>

<record id="certificate_policy_use_ocscp_signing"
model="clouder.certificate.policy.use"
>
<field name="name">OCSP Signing</field>
<field name="code">ocsp signing</field>
</record>

<record id="certificate_policy_use_microsoft_sgc"
model="clouder.certificate.policy.use"
>
<field name="name">Microsoft SGC</field>
<field name="code">microsoft sgc</field>
</record>

<record id="certificate_policy_use_netscape_sgc"
model="clouder.certificate.policy.use"
>
<field name="name">Netscape SGC</field>
<field name="code">netscape sgc</field>
</record>

</odoo>
24 changes: 24 additions & 0 deletions clouder_template_red_october/data/image.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright 2016 LasLabs Inc.
License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). -->

<odoo>

<record id="image_redoctober_data" model="clouder.image">
<field name="name">image_redoctober_data</field>
<field name="template_ids"
eval="[(4, [ref('image_template_redoctober_data')])]"
/>
<field name="parent_from">lasley/redoctober-data</field>
</record>

<record id="image_redoctober_exec" model="clouder.image">
<field name="name">image_redoctober_exec</field>
<field name="template_ids"
eval="[(4, [ref('image_template_redoctober_exec')])]"
/>
<field name="parent_from">lasley/redoctober-exec</field>
<field name="volumes_from">data</field>
</record>

</odoo>
15 changes: 15 additions & 0 deletions clouder_template_red_october/data/image_port.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright 2016 LasLabs Inc.
License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). -->

<odoo>

<record id="image_port_redoctober_http"
model="clouder.image.port"
>
<field name="template_id" ref="image_template_redoctober_exec" />
<field name="name">redoctober-http</field>
Copy link
Owner

@YannickB YannickB Dec 26, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you need proxy, you shall use http tag

<field name="local_port">8888</field>
</record>

</odoo>
Loading