Skip to content
This repository has been archived by the owner on Jan 24, 2018. It is now read-only.

Commit

Permalink
[ADD] clouder_template_red_october: File encyption/decryption
Browse files Browse the repository at this point in the history
  • Loading branch information
@lasley
lasley committed Dec 15, 2016
1 parent 5b44438 commit 2455516
Show file tree
Hide file tree
Showing 15 changed files with 467 additions and 0 deletions.
72 changes: 72 additions & 0 deletions clouder_template_red_october/README.rst
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
.. image:: https://img.shields.io/badge/licence-LGPL--3-blue.svg
:target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
:alt: License: LGPL-3

==============================
Clouder Template - Red October
==============================

This module provides a Clouder Template for Red Octover.

Red October is a cryptographically-secure implementation of the two-person rule
to protect sensitive data. From a technical perspective, Red October is a
software-based encryption and decryption server. The server can be used to
encrypt a payload in such a way that no one individual can decrypt it. The
encryption of the payload is cryptographically tied to the credentials of the
authorized users.

Authorized persons can delegate their credentials to the server for a period of
time. The server can decrypt any previously-encrypted payloads as long as the
appropriate number of people have delegated their credentials to the server.

This architecture allows Red October to act as a convenient decryption service.
Other systems, including CloudFlare’s build system, can use it for decryption
and users can delegate their credentials to the server via a simple web interface.
All communication with Red October is encrypted with TLS,
ensuring that passwords are not sent in the clear.

`Read More on CloudFlare's Blog
<https://blog.cloudflare.com/red-october-cloudflares-open-source-implementation-of-the-two-man-rule/>`_.

`Browse Red October on Github
<https://github.com/cloudflare/redoctober>`_.

Configuration
=============

Clouder configuration instructions are available at https://clouder.readthedocs.io/

Usage
=====

To use this module, you need to:

#. Create a CFSSL Service in the Clouder Control Panel

Known issues / Roadmap
======================

* Add more Signature Profile options - https://github.com/cloudflare/redoctober/blob/86ecfbe5750ebf05565e4c80104d0a7919792fee/doc/cmd/redoctober.txt#L113

Bug Tracker
===========

Bugs are tracked on `GitHub Issues
<https://github.com/clouder-community/clouder/issues>`_. In case of trouble, please
check there if your issue has already been reported. If you spotted it first,
help us smashing it by providing a detailed and welcomed feedback.

Credits
=======

Contributors
------------

* Dave Lasley <[email protected]>

Maintainer
----------

This module is maintained by Clouder Community.

To contribute to this module, please visit https://github.com/clouder-community/clouder
3 changes: 3 additions & 0 deletions clouder_template_red_october/__init__.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# -*- coding: utf-8 -*-
# Copyright 2016 LasLabs Inc.
# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
28 changes: 28 additions & 0 deletions clouder_template_red_october/__manifest__.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# -*- coding: utf-8 -*-
# Copyright 2016 LasLabs Inc.
# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).

{
'name': 'Clouder Template - Red October',
'version': '10.0.10.0.0',
'category': 'Clouder',
'depends': [
'clouder',
'clouder_template_proxy',
],
'author': 'LasLabs Inc.',
'license': 'LGPL-3',
'website': 'https://github.com/clouder-community/clouder',
'data': [
'data/image_template.xml',
'data/image.xml',
'data/image_port.xml',
'data/image_volume.xml',
'data/application_tag.xml',
'data/application_type.xml',
'data/application_template.xml',
'data/application.xml',
],
'installable': True,
'application': False,
}
42 changes: 42 additions & 0 deletions clouder_template_red_october/data/application.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright 2016 LasLabs Inc.
License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). -->

<odoo>

<record id="application_redoctober_data" model="clouder.application">
<field name="name">CFSSL Data</field>
<field name="code">data</field>
<field name="type_id" ref="application_type_redoctober" />
<field name="tag_ids" eval="[(4, ref('clouder.tag_data'))]" />
<field name="default_image_id" ref="image_redoctober_data" />
<field name="sequence">1</field>
<field name="required" eval="True"/>
</record>

<record id="application_redoctober_exec" model="clouder.application">
<field name="name">CFSSL Exec</field>
<field name="code">exec</field>
<field name="type_id" ref="application_type_redoctober" />
<field name="tag_ids" eval="[(4, ref('clouder.tag_exec'))]" />
<field name="default_image_id" ref="image_redoctober_exec" />
<field name="sequence">2</field>
<field name="required" eval="True"/>
<field name="update_strategy">auto</field>
</record>

<record id="application_redoctober" model="clouder.application">
<field name="name">CFSSL</field>
<field name="code">redoctober</field>
<field name="type_id" ref="application_type_redoctober" />
<field name="tag_ids" eval="[(4, ref('tag_cert_authority'))]" />
<field name="child_ids"
eval="[(4, ref('application_redoctober_data')),
(4, ref('application_redoctober_exec')),
]"
/>
<field name="sequence">1</field>
<field name="required" eval="True"/>
</record>

</odoo>
11 changes: 11 additions & 0 deletions clouder_template_red_october/data/application_tag.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright 2016 LasLabs Inc.
License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). -->

<odoo>

<record id="tag_cert_authority" model="clouder.application.tag">
<field name="name">cert_authority</field>
</record>

</odoo>
13 changes: 13 additions & 0 deletions clouder_template_red_october/data/application_template.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright 2016 LasLabs Inc.
License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). -->

<odoo>

<record id="application_template_redoctober"
model="clouder.application.template"
>
<field name="name">CFSSL</field>
</record>

</odoo>
17 changes: 17 additions & 0 deletions clouder_template_red_october/data/application_type.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright 2016 LasLabs Inc.
License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). -->

<odoo>

<record id="application_type_redoctober"
model="clouder.application.type"
>
<field name="name">redoctober</field>
<field name="system_user">root</field>
<field name="tag_ids"
eval="[(6, 0, [ref('tag_cert_authority')])]"
/>
</record>

</odoo>
162 changes: 162 additions & 0 deletions clouder_template_red_october/data/certificate_policy_use.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,162 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright 2016 LasLabs Inc.
Created from options listed at https://github.com/cloudflare/redoctober/blob/86ecfbe5750ebf05565e4c80104d0a7919792fee/doc/cmd/redoctober.txt#L89
License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). -->

<odoo>

<record id="certificate_policy_use_cert_sign"
model="clouder.certificate.policy.use"
>
<field name="name">Certificate Signing</field>
<field name="code">cert sign</field>
</record>

<record id="certificate_policy_use_signing"
model="clouder.certificate.policy.use"
>
<field name="name">Signing</field>
<field name="code">signing</field>
</record>

<record id="certificate_policy_use_smime"
model="clouder.certificate.policy.use"
>
<field name="name">S/MIME</field>
<field name="code">s/mime</field>
</record>

<record id="certificate_policy_use_server_auth"
model="clouder.certificate.policy.use"
>
<field name="name">Server Authentication</field>
<field name="code">server auth</field>
</record>

<record id="certificate_policy_use_client_auth"
model="clouder.certificate.policy.use"
>
<field name="name">Client Authentication</field>
<field name="code">client auth</field>
</record>

<record id="certificate_policy_use_digital_signature"
model="clouder.certificate.policy.use"
>
<field name="name">Digital Signatures</field>
<field name="code">digital signature</field>
</record>

<record id="certificate_policy_use_email_protection"
model="clouder.certificate.policy.use"
>
<field name="name">Email Protection</field>
<field name="code">email protection</field>
</record>

<record id="certificate_policy_use_key_encipherment"
model="clouder.certificate.policy.use"
>
<field name="name">Key Encipherment</field>
<field name="code">key encipherment</field>
</record>

<record id="certificate_policy_use_content_commitment"
model="clouder.certificate.policy.use"
>
<field name="name">Content Commitment</field>
<field name="code">content commitment</field>
</record>

<record id="certificate_policy_use_key_agreement"
model="clouder.certificate.policy.use"
>
<field name="name">Key Agreement</field>
<field name="code">key agreement</field>
</record>

<record id="certificate_policy_use_crl_sign"
model="clouder.certificate.policy.use"
>
<field name="name">CRL Signing</field>
<field name="code">crl sign</field>
</record>

<record id="certificate_policy_use_encipher_only"
model="clouder.certificate.policy.use"
>
<field name="name">Encipher Only</field>
<field name="code">encipher only</field>
</record>

<record id="certificate_policy_use_decipher_only"
model="clouder.certificate.policy.use"
>
<field name="name">Decipher Only</field>
<field name="code">decipher only</field>
</record>

<record id="certificate_policy_use_any"
model="clouder.certificate.policy.use"
>
<field name="name">Any</field>
<field name="code">any</field>
</record>

<record id="certificate_policy_use_code_signing"
model="clouder.certificate.policy.use"
>
<field name="name">Code Signing</field>
<field name="code">code signing</field>
</record>

<record id="certificate_policy_use_ipsec_end_system"
model="clouder.certificate.policy.use"
>
<field name="name">IPSEC End System</field>
<field name="code">ipsec end system</field>
</record>

<record id="certificate_policy_use_ipsec_tunnel"
model="clouder.certificate.policy.use"
>
<field name="name">IPSEC Tunnel</field>
<field name="code">ipsec tunnel</field>
</record>

<record id="certificate_policy_use_ipsec_user"
model="clouder.certificate.policy.use"
>
<field name="name">IPSEC User</field>
<field name="code">ipsec user</field>
</record>

<record id="certificate_policy_use_timestamping"
model="clouder.certificate.policy.use"
>
<field name="name">Timestamping</field>
<field name="code">timestamping</field>
</record>

<record id="certificate_policy_use_ocscp_signing"
model="clouder.certificate.policy.use"
>
<field name="name">OCSP Signing</field>
<field name="code">ocsp signing</field>
</record>

<record id="certificate_policy_use_microsoft_sgc"
model="clouder.certificate.policy.use"
>
<field name="name">Microsoft SGC</field>
<field name="code">microsoft sgc</field>
</record>

<record id="certificate_policy_use_netscape_sgc"
model="clouder.certificate.policy.use"
>
<field name="name">Netscape SGC</field>
<field name="code">netscape sgc</field>
</record>

</odoo>
24 changes: 24 additions & 0 deletions clouder_template_red_october/data/image.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright 2016 LasLabs Inc.
License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). -->

<odoo>

<record id="image_redoctober_data" model="clouder.image">
<field name="name">image_redoctober_data</field>
<field name="template_ids"
eval="[(4, [ref('image_template_redoctober_data')])]"
/>
<field name="parent_from">lasley/redoctober-data</field>
</record>

<record id="image_redoctober_exec" model="clouder.image">
<field name="name">image_redoctober_exec</field>
<field name="template_ids"
eval="[(4, [ref('image_template_redoctober_exec')])]"
/>
<field name="parent_from">lasley/redoctober-exec</field>
<field name="volumes_from">data</field>
</record>

</odoo>
15 changes: 15 additions & 0 deletions clouder_template_red_october/data/image_port.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright 2016 LasLabs Inc.
License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). -->

<odoo>

<record id="image_port_redoctober_http"
model="clouder.image.port"
>
<field name="template_id" ref="image_template_redoctober_exec" />
<field name="name">redoctober-http</field>
<field name="local_port">8888</field>
</record>

</odoo>
Loading

0 comments on commit 2455516

Please sign in to comment.