Skip to content

xleonardov/cloud-secure-keeper

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

480 Commits
app
app
 
 
cmd/gatekeeper
cmd/gatekeeper
 
 
domain
domain
 
 
.cirrus.yml
.cirrus.yml
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

Cloud Keeper by LeonV

Temporary allow access to your cloud infrastructure by signaling the cloud-keeper. Allowing your build pipeline to deploy behind a firewall.

Supported environments

Provider Product Name Required Environment Variables
Vultr Firewall VULTR_PERSONAL_ACCESS_TOKEN, VULTR_FIREWALL_ID
Digitalocean Cloud Firewalls DIGITALOCEAN_PERSONAL_ACCESS_TOKEN, DIGITALOCEAN_FIREWALL_ID
AWS EC2 Security Groups AWS_ACCESS_KEY, AWS_SECRET_KEY, AWS_REGION, AWS_SECURITY_GROUP_ID
AWS VPC Network ACLs AWS_ACCESS_KEY, AWS_SECRET_KEY, AWS_REGION, AWS_NETWORK_ACL_ID

Getting Started

Installation

  1. Download a release binary or use a Docker image
  2. Retrieve your cloud provider API keys. DigitalOcean even has docs for this.
  3. Configure your application by passing environment variables. See these examples below:

Docker:

docker run -p 8080:8080 -e DIGITALOCEAN_PERSONAL_ACCESS_TOKEN=REPLACE_ME -e DIGITALOCEAN_FIREWALL_ID=REPLACE_ME xleonardov/cloud-secure-keeper:latest

Standalone binary:

DIGITALOCEAN_PERSONAL_ACCESS_TOKEN=REPLACE_ME DIGITALOCEAN_FIREWALL_ID=REPLACE_ME ./cloud-keeper

Usage

After installing and running the application you can fire an HTTP POST towards it to temporary whitelist your given IP at the cloud provider. By default the cloud-keeper will open TCP port 22 (for SSH). You can change the port of protocol in the configuration.

A simple example:

curl -X POST http://localhost:8080

You can configure the timeout or ip address per request basis by sending it as a form-encoded or json payload. The example below will use your public IP:

curl -X POST -s -d 'ip='$(curl -s https://ifconfig.co/ip)'&timeout=60' http://localhost:8080

Configuration

Although this tool is meant to be very simple, you can configure it to your needs by changing some variables.

Variable Name Default value Notes
APP_ENV release Used to control the verbosity of log lines. Only release and debug are used.
HTTP_AUTH_USERNAME Used with to HTTP_AUTH_PASSWORD to shield the application with http basic auth.
HTTP_AUTH_PASSWORD See HTTP_AUTH_USENAME. Both values have to be provided.
HTTP_PORT 8080 Controls on which port the HTTP server will start.
RULE_CLOSE_TIMEOUT 120 When no timeout value is given on a request, this value in seconds will be used. Use 0 to permanently allow the IP address.
RULE_PORTS TCP:22 A comma separated list of ports to unblock on a request. Use a - to indicate a range. For example: TCP:20-22,UDP:20-22.

Development

If you wish to help building cloud-keeper you can start with:

  1. Fork and clone the repository
  2. Install dependencies with go mod tidy
  3. Optionally you can install additional tooling like golangci-lint
  4. Start building! You can find some inspiration for changes in the issues or project board

About

Secure Guard for Personal Cloud Information

Topics

security cloud gatekeeper cloud-security cloudguard

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages