Trust No One
TNO which stands for Trust No One is a project which implements
a set of web tools all following TNO cryptography principle.
TNO principle is an application approach where no sensitive
user information is stored on the server. Instead all information
is encrypted in the "client" (e.g. web browser) and only the
ciphertext is sent to the server for storage. As a result,
since the server does not store the decryption key or any
information to derive the decryption key, it is unable to
read the stored data.
This repository contains source code for the https://tno.io site.
Currently TNO.io provides the following services:
- One Time Secrets - A way to share secrets which
self-destruct after they are viewed. This is perfect
for sending passwords in emails instead of sending
actual passwords via inherently insecure medium.
APIs are awesome and should be public! TNO.io provides an
open API which anybody can use to interact with various
services we provide. In fact, we eat our own dog food and
use the same APIs to power our site.
Currently the following endpoints are available.
For each information about each endpoint, you can make
OPTIONS request to get tons more information.
You can also query https://tno.io/api/v1/ to get all endpoints
For the ease of deployment, TNO is packaged as a Docker container.
Docker allows to easily deploy the application with minimal setup.
Dockerfile only runs the Django webapp by using
gunicorn web server and requires access
to a PostgreSQL database. Therefore it is recommended to run
TNO as part of a docker-compose
application. Example docker-compose application:
data: image: busybox volumes: - /data pgdata: image: miki725/pgdata postgres: image: miki725/postgres expose: - 5432 volumes_from: - pgdata web: image: miki725/tno env_file: ./my.env expose: - 8888 ports: - 8888:8888 links: - postgres volumes_from: - data
Blank environment file will have a structure something like:
DJANGO_SETTINGS_MODULE=tno.settings.prod ALLOWED_HOSTS= SECRET_KEY= DATABASE_HOST=postgres DATABASE_PORT=5432 DATABASE_NAME= DATABASE_USER= DATABASE_PASSWORD= EMAIL_HOST= EMAIL_HOST_USER= EMAIL_HOST_PASSWORD= NEW_RELIC_ENABLED=true NEW_RELIC_LICENSE_KEY= NEW_RELIC_APP_NAME=TNO OPBEAT_ENABLED=true OPBEAT_ORGANIZATION_ID= OPBEAT_APP_ID= OPBEAT_SECRET_TOKEN=
To run the application,
docker-compose can be used:
$ docker-compose up -d
That however will simply run the application.
When starting the application for the first time, some setup will be required.
- Create database for TNO::
$ docker run -it --rm --link=tno_postgres_1:postgres miki725/postgres psql --host=postgres sql> CREATE ROLE tno WITH NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT LOGIN ENCRYPTED PASSWORD ''; sql> CREATE DATABASE tno WITH OWNER="tnouser" ENCODING='UTF8';
- Migrate Django application database to bring the schema up to date with the code:
$ docker run -it --rm \ --env-file=my.env \ --link=tno_postgres_1:postgres \ tno_web ./manage.py migrate
- Collect all the static files:
$ docker run -it --rm \ --env-file=my.env \ --link=tno_postgres_1:postgres \ --volumes-from=tno_data_1 \ tnobuild_web ./manage.py collectstatic --noinput
- Miroslav Shubernetskiy - https://github.com/miki725