This web application is a simple KeePass database viewer
The KeePass database used is stored on OneDrive, and to simplify the process, it cannot be picked from the UI. It is a default value stored as a global parameter. This allows to ensure that it is always the same file used. It also allows to still use third party client from your desktop. Again, this app is readonly for a quick access from any machine / mobile.
You have several option as the application can be stored in a container. In the procedure below I am using Azure to secure & host Sauveyre.
In order to load the database from OneDrive, we need to authenticate to our Personal Microsoft Account, and this is achieved with the MSAL library
- Navigate to your Azure portal and log (or create a free access, all the Azure resources used are free ones)
- Go to Azure Directory
- On the left, click on App Registration
- Click on New Registration on the top
- Provide a name, and select the last option (for both Microsoft Personal accounts and organizational)
- As a redirect URI, input 'http://localhost:3000' to test Sauverye locally. Once the application will be deployed on a real environment, we will have to add the redirect URL generated by Azure (or the custom one if you decide to use a custom URL if you possess one)
- Click Register
- Once registered, navigate to Authentication on the left, and make sure you select both Access token and ID Token.
Once these steps are done, write done the client id generataed for this registration, that you can found on the front page (Overview link on the left)
- First, clone the repo on your machine
/> cd {wherever}
/> git clone https://github.com/jchomarat/sauveyre- copy the .env.sample for dev & prod
/> cd sauveyre
/> cp .env.sample .env
/> cp .env.sample .env-prod- Edit the .env file and add the value
# Client ID retrieved in previous steps
oauthClientId=
# Or any other port if you want another one
oauthRedirectUri=http://localhost:3000
# Your Outlook.com account username, this will act as a basic permissions handler. Only you will have access to this app
allowed=jucho@hotmail.fr,
# Relative path to your database file on OneDrive, starting with '/'
dbPath=/myDB.kdbxEnsure first that deno is installed. If you are on Windows, my recommandation is to use WSL to do so:
You can now run Sauveyre
/> deno run --allow-env --allow-net --allow-read app.tsIf everything went good, you just see a basic page. Log in using the link on the top right corner. Once logged in, you should be prompt with the database password
Please note that today this app only supports password, not security file. The underlying Kdbxweb library that I use for it does indeed support security file, I just need to implement it.
You can build and run locally this app in a docker container. To proceed, execute the following command
/> docker build . --build-arg ENV=dev -t sauveyre:devThis command will build an image named sauveyre with the dev tag. Injecting the argument ENV=dev ensure that the .env file will be used.
To run the container, execute
/> docker run -it --init --env PORT=80 -p 3000:80 sauveyre:devIf you want Sauveyre to be accessible from the web, you need to host it somewhere. In the following, we will publish our image to Azure and use it in an App Service (a web application that will serve this container)
We need first to create this app servie as we will need the URL generated for our .env file, as Redirect Uri
- Navigate to your Azure portal, log in
- Add a new resource called Web App for Container, give it a name (ex. mySauveyre)
- Leave all settings by default
- Once created, get from the Overview page its URL
While we are at it, we need to ensure that this Url is also in the App Registration that we did previously:
- Navigate to your Azure portal and log
- Go to Azure Directory
- On the left, click on App Registration
- Select the app you have created earlier
- Nnavigate to Authentication on the left, and add the Url of the App service as Redirect Uri
- Save!
The registry will be the resource to which we will publish our docker image. This image will then be hooked to the App Service previously created.
- Navigate to your Azure portal, log in
- Add a new resource called Azure Container Registry, give it a name (ex. myContainerReg)
- Ensure to activate Admin mode under Access Key. Write down the user name and one of the password.
Now, go back to your desktop, and open The New Window Terminal and run the following command (from your Sauveyre folder)
/> docker login {Your Registry name}.azurecr.io -u {Registry username} -p {Registry password}Before building the image, we need to adapt the .env-prod file with the Redirect Uri that we got previously.
# Client ID
oauthClientId=
# App Servie URL
oauthRedirectUri=https://{App Service URL}
# Your Outlook.com account username, this will act as a basic permissions handler. Only you will have access to this app
allowed=jucho@hotmail.fr,
# Relative path to your database file on OneDrive, starting with '/'
dbPath=/myDB.kdbxNow we build & publish the image for "prod"
/> docker build . --build-arg ENV=prod -t {Azure container Regisitry URI}/sauveyre:X
/> docker publish {Azure container Regisitry URI}/sauveyre:XAnd finally, we just need to tell our app service to load this image. At this stage, we have two options,
- We can directly specify at the App service level which image to use. This raise a small issue to me, we also need to update settings to have our app listening on port 80
- We use a docker-compose file, much more flexible for environement variables
version: '3.7'
services:
{NAME}:
image: {ACR}.azurecr.io/{IMAGE}:{TAG}
environment:
- PORT=80
ports:
- '80:80'This project is under the MIT licence.