{"id":15066770,"url":"https://github.com/cyralinc/approzium","last_synced_at":"2025-10-05T03:31:35.768Z","repository":{"id":39583026,"uuid":"191710884","full_name":"cyralinc/approzium","owner":"cyralinc","description":"Approzium allows a cloud service to authenticate to a database without ever having access to its password","archived":true,"fork":false,"pushed_at":"2023-10-03T05:02:34.000Z","size":13718,"stargazers_count":56,"open_issues_count":36,"forks_count":7,"subscribers_count":8,"default_branch":"main","last_synced_at":"2025-01-15T14:45:05.202Z","etag":null,"topics":["authentication","databases","hacktoberfest","observability","security"],"latest_commit_sha":null,"homepage":"https://approzium.com","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cyralinc.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-06-13T07:13:52.000Z","updated_at":"2025-01-07T05:24:30.000Z","dependencies_parsed_at":"2024-06-18T23:01:08.064Z","dependency_job_id":"19701759-ceea-4eeb-baca-ae1c43fab493","html_url":"https://github.com/cyralinc/approzium","commit_stats":{"total_commits":304,"total_committers":13,"mean_commits":"23.384615384615383","dds":0.4638157894736842,"last_synced_commit":"e8fae44c518879dd36cf6a0d3b531d391ea443d9"},"previous_names":["approzium/approzium"],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyralinc%2Fapprozium","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyralinc%2Fapprozium/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyralinc%2Fapprozium/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyralinc%2Fapprozium/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cyralinc","download_url":"https://codeload.github.com/cyralinc/approzium/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":235360907,"owners_count":18977595,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","databases","hacktoberfest","observability","security"],"created_at":"2024-09-25T01:11:58.497Z","updated_at":"2025-10-05T03:31:30.336Z","avatar_url":"https://github.com/cyralinc.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Approzium\n\n![test](https://github.com/cyralinc/approzium/workflows/test/badge.svg)\n![lint](https://github.com/cyralinc/approzium/workflows/lint/badge.svg)\n[![Documentation Status](https://readthedocs.org/projects/approzium/badge/?version=latest)](http://approzium.readthedocs.io/?badge=latest)\n\nApprozium is a tool that provides:\n- Password-less database authentication\n- Authentication through your cloud-provider's built-in identity\n- Highly security-oriented logging and metrics\n\nIts aim is to prevent data breaches, and to help you detect them promptly if they do occur or are attempted.\n\n----\n\n**Please note**: We take Approzium's security and our user's trust very seriously. If you believe you have found a security issue in Approzium, _please responsibly disclose_ by contacting us at [security@cyral.com](mailto:security@cyral.com).\n\nSee the [SECURITY](.github/SECURITY.md) guide for more details.\n\n----\n\nWe currently support AWS for identity, and have a Python SDK for Postgres drivers. This project is under active development, please\ndo stay tuned for more identity platforms, databases, and SDK languages.\n\n## Docs\n\nSee https://approzium.com/ for a Quick Start, or elaboration on the architecture and API.\n\n## Support\n\nFor questions, please either open a Github issue, or visit us in our public Slack channel.\n\nTo visit us in Slack, use [this invite](https://join.slack.com/t/approzium/shared_invite/zt-fg9bdcfa-H9YFnlg3XeosKyMIYadmcg). \nThen venture to [# help-and-questions](https://app.slack.com/client/T013VTLTTJ5/C013FTJPAN9).\nOur developers frequent our Slack forum, but are not in it at all times. Please be patient, we will lend assistance as \nsoon as we can!\n\n## Developing\n\nWe welcome community contributions!\n\nWe use `docker-compose.yml` to quickly and easily provide you with a development environment that mimics real life.\nTo spin up an end-to-end development environment based in Docker:\n\n- Ensure you have [Docker](https://www.docker.com/) installed with Buildkit support (Docker 18.09 or higher)\n- In your local environment, run `$ aws configure` and add an access key and a secret. Also,\nmake sure that you have the `AWS_REGION` environment variable set, informing the AWS region that will be used. For instance:\n```\nexport AWS_REGION=us-east-1\n```\n- Then run `$ make dev-env`. This will build the authenticator and development Docker images. Also, it will run the authenticator with a Vault backend and the test database servers (Postgres and MySQL).\n- In another window, `$ make dev`. This will start a shell in the development environment.\n- You now have a full development and testing environment!\n- For example, to use our Python SDK to create an Approzium connection to a Postgres server:\n * Create an Approzium path in the test Vault backend: `$ make enable-vault-path`\n * Give your AWS-identity access to the test server: `$ make seed-vault-addr ADDR=dbmd5:5432`\n * Create a connection: `$ cd sdk/python/examples \u0026\u0026 poetry run python3 psycopg2_connect.py`.\n\n### Testing\n\nOur end-to-end tests take a few minutes to run. Please run them once locally before you submit a PR.\n\nTo run the tests, first you will need to:\n- Create an AWS `Role` (E.g. ApproziumTestAssumableRole) thats going to be used during the tests.\n- Ensure that you are using an AWS `User` with at least the following permissions:\n```\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"secretsmanager:CreateSecret\",\n \"secretsmanager:GetSecretValue\",\n \"secretsmanager:UpdateSecret\",\n \"secretsmanager:DeleteSecret\",\n \"secretsmanager:PutSecretValue\"\n ],\n \"Resource\": \"arn:aws:secretsmanager:us-east-2:\u003csome-account-id\u003e:secret:approzium/*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRole\",\n \"Resource\": \"arn:aws:iam::\u003csome-account-id\u003e:role/ApproziumTestAssumableRole\"\n }\n ]\n}\n```\n- Set the `AWS_REGION` and the `TEST_ASSUMABLE_ARN` environment variables, for instance:\n```\nexport AWS_REGION=us-east-1 \u0026\u0026 \\\nexport TEST_ASSUMABLE_ARN=arn:aws:iam::\u003csome-account-id\u003e:role/ApproziumTestAssumableRole\n```\nThen, to run the end-to-end tests, from our home directory:\n- Run `make test`. That's it!\n\n## Credits\n\nThis project is brought to you by [Cyral](https://www.cyral.com/), who wishes to give back to the Open Source community.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyralinc%2Fapprozium","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyralinc%2Fapprozium","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyralinc%2Fapprozium/lists"}