Encloud Encryption and Storage CLI provides an ability to configure the various aspects of the application to suit the clients needs.
The following can be configured:
- Filecoin on-boarding and deal making mechanism (Estuary support offered currently)
- Metadata Storage Mechanism (BadgerDB and Couchbase support offered)
- Email settings for sharing of DEKs for encrypted files on Filecoin
Encloud Encryption and Storage CLI uses Estuary as a means to onboard and retrieve data from the Filecoin network. Estuary requires the client to generate an API Key which can be requested here. While filling out the request form please mention "Encloud".
Note: Estuary is under active development and hence unstable. Please see the latest estuary documentation or the #ecosystem-dev channel on the Filecoin slack for relevant updates on API statuses.
The Estuary API key needs to be configured under config.yaml as follows under the estuary
section:
estuary:
base_api_url: https://api.estuary.tech
upload_api_url: https://edge.estuary.tech/api/v1
gateway_api_url: https://edge.estuary.tech
cdn_api_url: https://cdn.estuary.tech
token: "XXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
Encloud CLI Encryption and Storage CLI offers supports for both RSA and ECIES type asymmetric encryption schemes for the Key Encryption Key as part of the envelope encryption mechanism.
This can be easily configured in the config.yaml as follows under the estuary
section:
stat:
kekType: ecies
Use rsa
or ecies
. Even though Encloud utilizes RSA-2048-OAEP, which is also used by major Web2 CSPs, there are known
vulnerabilities in its security and longevity. The KEK being the key encrypting all metadata, it is important that the KEK
follows best practices regarding longevity and security. ECIES encryption is considered more secure and offer better longevity.
ECIES is additionally supported by decentralized key custody solutions and users can leverage decentralized custody if they choose ECIES scheme.
BadgerDB is lightweight key-value store that can be used without any additional configuration. However, there are scalability issues while using BadgerDB in production scenarios.
To use BadgerDb use the following configuration under config.yaml, under the stat
section:
stat:
storageType: badgerdb
badgerdb:
path: badger.db
Couchbase Server is an open source, distributed, NoSQL document-oriented engagement database. It exposes a fast key-value store with managed cache for sub-millisecond data operations, purpose-built indexers for fast queries and a powerful query engine for executing SQL-like queries.
Couchbase server can be utilized as a KV store for metadata. Please follow below instructions to install and setup couchbase server locally.
To install Couchbase Server please follow the instructions here.
Once Couchbase Server has been installed simply navigate to where it has been installed and start "Couchbase Server".
To start Couchbase Server using Docker please see the documentation here.
Couchbase Server can be accessed using
Couchbase requires setting up a bucket to hold scopes, scopes that contain collection and collections that contain documents. These need to be setup before using Couchbase as a store
To create a bucket on couchbase server please follow the instructions here
To manage scope and collection of bucket on couchbase server please follow the instructions here
To manage and create primary or secondary indexes on couchbase server to fetch data please follow the instructions here
Once Couchbase Server has been started and a bucket has been created then set the host, port, username, password and bucketName in config.yaml file. A scope and a collection needs to be created within the bucket to store documents. These params can also be set in the config.
stat:
storageType: couchbase
badgerdb:
path: badger.db
couchbase:
host: localhost
username: Administrator
password: Encloud@2022
bucket:
name: encloud
scope: file
collection: metadata
We utilize emails to share DEKs from the client directly to the email of an entity they want to share the data with. It is worth noting that once the DEK is shared with an entity they can download the data from Filecoin and decrypt it.
The following configs need to be made for emails under config.yaml, under the email
section:
emailType
can be either smtp
or mailerSend
. With smtp
the user can configure their own SMTP server to send sharing emails. With mailerSend
the user can use the MailerSend Email API which prevents needing an SMTP server of their own.
email:
emailType: mailerSend
from: contact@encloud.tech
smtp:
server: sandbox.smtp.mailtrap.io
port: 2525
username: ac984e52bfd35d
password: 861b495c076713
mailerSend:
apiKey: MAILSENDER_API_KEY