CONFIG.md

Configuration

Encloud Encryption and Storage CLI provides an ability to configure the various aspects of the application to suit the clients needs.

The following can be configured:

• Filecoin on-boarding and deal making mechanism (Estuary support offered currently)
• Metadata Storage Mechanism (BadgerDB and Couchbase support offered)
• Email settings for sharing of DEKs for encrypted files on Filecoin

Estuary

Encloud Encryption and Storage CLI uses Estuary as a means to onboard and retrieve data from the Filecoin network. Estuary requires the client to generate an API Key which can be requested here. While filling out the request form please mention "Encloud".

Note: Estuary is under active development and hence unstable. Please see the latest estuary documentation or the #ecosystem-dev channel on the Filecoin slack for relevant updates on API statuses.

The Estuary API key needs to be configured under config.yaml as follows under the estuary section:

estuary:
  base_api_url: https://api.estuary.tech
  upload_api_url: https://edge.estuary.tech/api/v1
  gateway_api_url: https://edge.estuary.tech
  cdn_api_url: https://cdn.estuary.tech
  token: "XXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"

Key Encryption Key

Encloud CLI Encryption and Storage CLI offers supports for both RSA and ECIES type asymmetric encryption schemes for the Key Encryption Key as part of the envelope encryption mechanism.

This can be easily configured in the config.yaml as follows under the estuary section:

stat:
  kekType: ecies

Use rsa or ecies. Even though Encloud utilizes RSA-2048-OAEP, which is also used by major Web2 CSPs, there are known vulnerabilities in its security and longevity. The KEK being the key encrypting all metadata, it is important that the KEK follows best practices regarding longevity and security. ECIES encryption is considered more secure and offer better longevity.

ECIES is additionally supported by decentralized key custody solutions and users can leverage decentralized custody if they choose ECIES scheme.

Storage

BadgerDB

BadgerDB is lightweight key-value store that can be used without any additional configuration. However, there are scalability issues while using BadgerDB in production scenarios.

To use BadgerDb use the following configuration under config.yaml, under the stat section:

stat:
  storageType: badgerdb
  badgerdb:
    path: badger.db

Couchbase

Couchbase Server is an open source, distributed, NoSQL document-oriented engagement database. It exposes a fast key-value store with managed cache for sub-millisecond data operations, purpose-built indexers for fast queries and a powerful query engine for executing SQL-like queries.

Couchbase server can be utilized as a KV store for metadata. Please follow below instructions to install and setup couchbase server locally.

Installation

To install Couchbase Server please follow the instructions here.

Starting Couchbase Server

Once Couchbase Server has been installed simply navigate to where it has been installed and start "Couchbase Server".

To start Couchbase Server using Docker please see the documentation here.

Accessing Couchbase Server

Couchbase Server can be accessed using

• CLI
• API
• An administration (web) portal

Setup

Couchbase requires setting up a bucket to hold scopes, scopes that contain collection and collections that contain documents. These need to be setup before using Couchbase as a store

Creating Bucket on Couchbase Server

To create a bucket on couchbase server please follow the instructions here

Manage scope and collection on Couchbase Server

To manage scope and collection of bucket on couchbase server please follow the instructions here

Managing indexes on Couchbase Server

To manage and create primary or secondary indexes on couchbase server to fetch data please follow the instructions here

Set credentials

Once Couchbase Server has been started and a bucket has been created then set the host, port, username, password and bucketName in config.yaml file. A scope and a collection needs to be created within the bucket to store documents. These params can also be set in the config.

stat:
  storageType: couchbase
  badgerdb:
    path: badger.db
  couchbase:
    host: localhost
    username: Administrator
    password: Encloud@2022
    bucket:
      name: encloud
      scope: file
      collection: metadata

Email and sharing

We utilize emails to share DEKs from the client directly to the email of an entity they want to share the data with. It is worth noting that once the DEK is shared with an entity they can download the data from Filecoin and decrypt it.

The following configs need to be made for emails under config.yaml, under the email section:

emailType can be either smtp or mailerSend. With smtp the user can configure their own SMTP server to send sharing emails. With mailerSend the user can use the MailerSend Email API which prevents needing an SMTP server of their own.

email:
  emailType: mailerSend
  from: contact@encloud.tech
  smtp:
    server: sandbox.smtp.mailtrap.io
    port: 2525
    username: ac984e52bfd35d
    password: 861b495c076713
  mailerSend:
    apiKey: MAILSENDER_API_KEY