{"id":22440076,"url":"https://github.com/lfaoro/spark","last_synced_at":"2025-08-01T17:31:12.140Z","repository":{"id":82370714,"uuid":"221920912","full_name":"lfaoro/spark","owner":"lfaoro","description":"Fireblaze Vault is a tokenization service, useful for the secure storage of sensitive data like PII, Credit Cards, Passports/IDs.","archived":false,"fork":false,"pushed_at":"2020-01-23T09:02:26.000Z","size":743,"stargazers_count":4,"open_issues_count":1,"forks_count":4,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-12-05T06:31:34.016Z","etag":null,"topics":["encryption","payment","security","tokenization"],"latest_commit_sha":null,"homepage":"https://www.fireblaze.io","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lfaoro.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-11-15T12:35:41.000Z","updated_at":"2023-02-04T14:14:13.000Z","dependencies_parsed_at":"2023-05-26T21:15:39.173Z","dependency_job_id":null,"html_url":"https://github.com/lfaoro/spark","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lfaoro%2Fspark","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lfaoro%2Fspark/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lfaoro%2Fspark/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lfaoro%2Fspark/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lfaoro","download_url":"https://codeload.github.com/lfaoro/spark/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":228393468,"owners_count":17912865,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["encryption","payment","security","tokenization"],"created_at":"2024-12-06T01:16:54.932Z","updated_at":"2024-12-06T01:16:55.646Z","avatar_url":"https://github.com/lfaoro.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🔥 Fireblaze Vault\n\n\u003e Fireblaze Vault is a tokenization service, aims to be an open platform designed to protect your sensitive data and inherit best-in-class security posture in order to fast-track certifications like PCI DSS, SOC2, HIPAA and others.\n\u003e\n\u003eFireblaze Vault helps with tokenization and secure storage of sensitive data, and digital assets like [PII](https://en.wikipedia.org/wiki/Personal_data), [Credit Cards](https://en.wikipedia.org/wiki/Credit_card), Passports/IDs, Credentials, and more.\n\n[![BSD License](https://img.shields.io/badge/license-BSD-blue.svg?style=flat)](LICENSE)\n[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Flfaoro%2Fflares.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Flfaoro%2Fspark?ref=badge_shield)\n[![Go Report Card](https://goreportcard.com/badge/github.com/lfaoro/spark)](https://goreportcard.com/report/github.com/lfaoro/spark)\n[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-v1.4%20adopted-ff69b4.svg)](code-of-conduct.md)\n\n## Insights\n\n- vaulting of payment card data (avoid liability and being locked-in to a payment provider)\n- analytics on card scheme, brand, type, currency, banks\n- risk assessment based on geolocation, ip address, black lists\n- 1-click payment solution, driving impulsive sales up by 55%, removing the barrier of card details re-entry\n- automated AML checks on passports/IDs\n- GDPR compliant personal identifiable information (PII) storage\n\n### Store a payment card\n#### Request\n```shell script\ncurl -X POST \\\n  http://localhost:3000/v1/card \\\n  -H 'Content-Type: application/json' \\\n  -d '{\n    \"holder\": \"leonardo\", # Cardholder name\n    \"number\": \"4415281263901560\", # Payment card number\n    \"exp_month\": 1, # Expiry month\n    \"exp_year\": 2022, # Expiry year\n    \"cvc\": 123, # MC(Card Verification Code), VISA(Card Verification Value)\n    \"auto_delete\": \"THREE_MONTHS\" # Delete this data in 3 months\n}'\n```\n#### Response\n```json\n{\n  \"auto_delete_on\": \"2020-06-27T07:08:31.500606Z\",\n  \"expires_on\": \"2022-02-01T00:00:00.000000001Z\",\n  \"first_six\": 466945,\n  \"hash\": \"ZmJpZC0xNDQzNjM1MzE3MzMxNzc2MTQ4V06Nh[...]\",\n  \"last_four\": 8424,\n  \"metadata\": {\n    \"currency\": \"USD\",\n    \"issuer\": {\n      \"country\": \"United States of America\",\n      \"country_code\": \"US\",\n      \"latitude\": 38,\n      \"longitude\": -97,\n      \"map\": \"https://www.google.com/maps/search/?api=1\u0026query=38,-97\"\n    },\n    \"scheme\": \"visa\"\n  },\n  \"mpi\": {\n    \"acs\": \"https://secure5.arcot.com/acspage/cap?RID=35325\u0026VAA=B\",\n    \"eci\": 2,\n    \"enrolled\": true,\n    \"par\": \"eNpdU8tymzAU3ecrvMumYz1AgD2yZnDsTpMZ[...]\"\n  },\n  \"request_ip\": \"127.0.0.1\",\n  \"risk\": {\n    \"score\": 30\n  },\n  \"token\": \"tok_e4912b25-b8ef-4cf8-bb0d-449bcaf58e08\",\n  \"user_agent\": \"grpc-go/1.25.1\"\n}\n\n```\n\n## Tech stack\n\nWe use [protobuf]() to serialize the data and [gRPC](https://grpc.io) to transport it, for compatibility we also support JSON serilization over HTTP transport via reverse-proxy, auto-generated thanks to [grpc-gateway](), which also generates the [Swagger]() documentation, available at https://doc.fireblaze.io/card.\n\nSensitive data is encrypted at rest using [AES-GCM](https://eprint.iacr.org/2017/168.pdf) and an [HSM](https://en.wikipedia.org/wiki/Hardware_security_module) module to generate entropy for the encryption keys which must be [FIPS 140-2 Level 3](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf) certified to meet compliance. Check the [kms](pkg/kms) service for the [GCP CloudKMS](https://cloud.google.com/kms/) implementation. Feel free to extend the interface with other implementations e.g. [AWS CloudHSM](https://aws.amazon.com/cloudhsm)\n\nWe like to think of data in graphs, leveraging [ent](https://entgo.io/) as our entity framework, which supports PostgreSQL, MySQL, SQLite, Gremlin.\n\nThe infrastructure is designed around [Kubernetes](https://kubernetes.io/) with the goal of passing [PCI-DSS](https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf?agreement=true\u0026time=1573855946115) Level 1 compliance.\n\nThe pipelines run on our self-hosted [Gitlab](https://code.fireblaze.io/users/sign_in), feel free to request access, you can sign-in with your Github account.\n\nFireblaze Vault is currently in [MVP](https://en.wikipedia.org/wiki/Minimum_viable_product) status, we're proud to solve this challenge and excited to share it with the community.\n\n### Technical features\n\n- compliant tokenization of digital assets\n- payment card validation w/ regex \u0026 luhn check\n- payment card metadata retrieval\n- payment card risk probability\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flfaoro%2Fspark","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flfaoro%2Fspark","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flfaoro%2Fspark/lists"}