darkceptor44/vault
Vault is a self-hosted project that allows you to store sensitive text in a secure way
Image
Databases & Storage
Security
0
42
Vault
Vault is a self-hosted project that allows you to store sensitive text in a secure way. It uses Argon2 for password hashing and key derivation and encrypts the data symmetrically with AES-256, the user's password is not saved at all, only the encrypted data with the generated salt. I wouldn't recommend using it in a real production environment but it's useful for keeping your secrets (or diary) safe from the general public.
Getting Started
Docker
docker run -d --name vault -p 8080:8080 -v ./data:/documents -v /etc/localtime:/etc/localtime:ro --restart unless-stopped darkceptor44/vault
Docker Compose
services:
vault:
image: darkceptor44/vault:latest
container_name: vault
ports:
- 8080:8080
environment:
- HOST=0.0.0.0 # optional
- PORT=8080 # optional unless using a different port
- DOCKER=yes # optional
- DEBUG=yes # if debug needed
volumes:
- ./data:/documents # where data will be stored
- /etc/localtime:/etc/localtime:ro # for correct timezone when logging
restart: unless-stopped
Environment Variables
| Variable | Description | Default |
|---|---|---|
HOST | Host the server binds to | 0.0.0.0 |
PORT | Port the server listens on | 8080 |
DOCKER | Tells the server it's running in a Docker container | yes if built the image with provided Dockerfile |
DEBUG | Tells the server to print debug messages, requests and to enable pprof | no |
Disclaimer
- This project was made for personal use and learning purposes, there could be vulnerabilities.
- Since the user's password is not saved it is up to the user to choose a secure password and if anything happens (say it refuses to decrypt) the data is lost.
- This project was made mostly in a private self-hosted Git instance and that's why there are only a few commits.
License
This project is licensed under the GNU General Public License v3.0 (GPLv3), you can check the license here.
Docker Pull Command
docker pull darkceptor44/vault