Skip to content

vaccovecrana/pallid-mask

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits

.vscode

.vscode

 
 

pm-api

pm-api

 
 

pm-schema

pm-schema

 
 

pm-ui

pm-ui

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

tsconfig.json

tsconfig.json

 
 

tslint.json

tslint.json

 
 

webpack.config.js

webpack.config.js

 
 

Repository files navigation

Overview

pallid-mask is a minimal front-end web ui that provides certificate management via cfssl.

In its current implementation, it only invokes cfssl as a spawning process, rather than using cfssl's REST server (but this might change in the future). For now, all it offers is a quick and convenient way to maintain a self managed public key infrastructure.

All certificate data is maintained inside a single JSON database file, which is portable across instances of the application.

Usage

To start, make sure that the cfssl executable is available in the host where pallid-mask will run in.

After installing the project's dependencies via npm install, run a production bundle as follows:

npm run build
cd build
node api.js

This will start expressjs and serve the ui at port 3000 by default.

You may also specify the following environment variables to specify alternative settings for the application:

  • PM_DB_FILE - Path to the JSON key-store database file.
  • PM_HTTP_PORT - HTTP service port

To run this code in development mode:

  • npm run dev: runs the api and ui for development on port 3000.
  • npm run debug: waits for a debugger to attach on port 9229, and then starts the api and ui on port 3000.

Security considerations

Since pallid-mask is essentially just a front end for cfssl:

  • DO NOT expose the running process to external network interfaces. It its current version, pallid-mask has no authentication mechanisms. Though this may change in the future, make sure that only the local computer running the application has access to it in order to prevent others from gaining access to the JSON database file.
  • Keep your database.json file in a secure location since all keys and certificate data is stored in this file.

Ideally, run pallid-mask in an air-gapped computer, and export the generated certificate bundles only for leaf nodes of the trust chain (i.e. keep your root CA and intermediate CA keys safe inside the json database file).

Disclaimer

This project is not production ready, and still requires security and code correctness audits. You use this software at your own risk. Vaccove Crana, LLC., its affiliates and subsidiaries waive any and all liability for any damages caused to you by your usage of this software.

About

A minimal web frontend for cfssl

Topics

typescript frontend openssl web-ui cfssl

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages