Harpocrates was the god of silence, secrets and confidentiality
A secure key/value vault (localstorage) that makes use of distributed secrets to secure data in the vault. Harpocrates gives you a more secure way of saving your data in a manner where access to the data is only possible via distributed shared secrets. It is based off Shamir Secrets Sharing cryptography algorithm and Scdb for localStorage. Inspired by Hashicorp Vault, Harpocrates provides easy and faster implementation, accessibilty and flexibity of usage.
Harpocrates may not be production-ready yet. It works, quite well but it requires more rigorous testing.
To ensure data storage have multiple, yet related secrets for authentication, limit risks resulting from a compromised secret. Think of it like a Bank Account with multiple signatories, every participant has to sign before money can be taken out.
Readmore about Distributed Secrets (Shamir Secrets Sharing)
Harpocrates is ready for use as both a Library and a Command Line Tool
- golang +v1.19
- go-scdb
- hashicorp shamir
- Mount(parts)
- Unseal(secrets)
- Seal(secrets)
- Set(key, value)
- Get(key)
- Ensure you have golang +v1.19 installed. You can check the official instructions for how to do that.
go get github.com/khelechy/harpocratesimport (
...
"github.com/khelechy/harpocrates"
...
)harpocrates.Mount(5)Mount(parts) function takes an integer "parts" as a parameter, which indicates how many parts you want the generated secrets to be broken into, "parts" should not be less than 5 and not greater than 12.
The localStorage harpocrates_db folder and a keys.json file is generated in the root directory, which contains all the broken down secrets (distributed secrets), which would be used to Unseal and Seal the vault.
{
"keys": [
"5105c79604545210e5fd30c1269ac1189e748aea93bae50db2d36bde8886adc143",
"db206494f721b82e307417f54d18fc9396f12c067fd9d117a1f2e30fc5fb99f429",
"94c7bcdf37cd0c2d48b19bf334b6e4c352a2729c55721fc9ef18aebfd94efe3ff8",
"f7df31e448edb6613fd27528820845522120def4021ea4c13e5d906e8f74765bde",
"25c662dc69637703eb04151fea9aa9c7f822c9444192d56414151bae2192ba6baa"
]
}Unsealing the vault makes it possible to now store and retrieve data securely, unlocks Get and Set operations.
var secrets = []string{"f7df31e448edb6613fd27528820845522120def4021ea4c13e5d906e8f74765bde", "db206494f721b82e307417f54d18fc9396f12c067fd9d117a1f2e30fc5fb99f429", "25c662dc69637703eb04151fea9aa9c7f822c9444192d56414151bae2192ba6baa"}
harpocrates.Unseal(secrets)Unseal(secrets) function takes an array of
any three secrets, combines and validates their authenticity, goes ahead to unseal the vault.
Sealing the vault makes it impossible to store and retrieve data securely, locks Get and Set operations.
var secrets = []string{"f7df31e448edb6613fd27528820845522120def4021ea4c13e5d906e8f74765bde", "db206494f721b82e307417f54d18fc9396f12c067fd9d117a1f2e30fc5fb99f429", "25c662dc69637703eb04151fea9aa9c7f822c9444192d56414151bae2192ba6baa"}
harpocrates.Seal(secrets)Seal(secrets) function takes an array of
any three secrets, combines and validates their authenticity, goes ahead to seal the vault.
Important
Unsealmust be called afterMount, so that the vault would available forSetandGetoperations.
harpocrates.Set("name", "kelechi")Get(key, value) function takes two string input indicating the key and value(data)
harpocrates.Get("name")Get(key) function takes a string input indicating the key and returns the corresponding value if found.
Once you have Go installed, you can install harpocrates using the following command:
go install github.com/khelechy/harpocrates/cmd/harpocrates@latestGo pkg:
go get -u github.com/khelechy/harpocrates/cmd/harpocrates@latestAfter succesfully installing, you can access
harpocratestool in the CLI together with the available commands
Clone repo to your local directory with the command
git clone https://github.com/khelechy/harpocrates.gitBrowse into the harpocrates git project folder
cd harpocratesGet the executable harpocrates file by running the command
go build ./cmd/harpocratesA harpocrates executable file should be generated for you, and run all the available but this time prepend it with
./.
./harpocrates mount --parts 5mount --parts 5 command takes an integer "--parts" as an argument, which indicates how many parts you want the generated secrets to be broken into, "--parts" should not be less than 5 and not greater than 12.
The localStorage harpocrates_db folder and a keys.json file is generated in the root directory, which contains all the broken down secrets (distributed secrets), which would be used to Unseal and Seal the vault.
Unsealing the vault makes it possible to now store and retrieve data securely, unlocks Get and Set operations.
./harpocrates unseal --path ./keys.jsonunseal --path /path/to/keys.json command takes a string input into "--path" as an argument, which indicates the path to the keys.json file, harpocrates automatically selects 3 keys at random, combines and validates their authenticity, goes ahead to unseal the vault.
Sealing the vault makes it impossible to store and retrieve data securely, locks Get and Set operations.
./harpocrates seal --path ./keys.jsonseal --path /path/to/keys.json command takes a string input into "--path" as an argument, which indicates the path to the keys.json file, harpocrates automatically selects 3 keys at random, combines and validates their authenticity, goes ahead to seal the vault.
./harpocrates set --key name --value kelechiset --key name --value kelechi command takes two string input into "--key" and "--value" as arguments, indicating the key and value(data) to be stored
./harpocrates get --key nameget --key name comand takes a string input into the "--key" as an argument, indicating the key and returns the corresponding value if found.
Feel like something is missing? Fork the repo and send a PR.
Encountered a bug? Fork the repo and send a PR.
Alternatively, open an issue and we'll get to it as soon as we can.
Eugene Ebere - Twitter