{"id":19411523,"url":"https://github.com/volcengine/key-proxy","last_synced_at":"2025-02-25T02:29:18.597Z","repository":{"id":148924119,"uuid":"620110860","full_name":"volcengine/key-proxy","owner":"volcengine","description":null,"archived":false,"fork":false,"pushed_at":"2023-03-30T03:55:43.000Z","size":353,"stargazers_count":1,"open_issues_count":0,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-07T15:21:14.440Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/volcengine.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-03-28T03:36:55.000Z","updated_at":"2023-03-30T07:34:09.000Z","dependencies_parsed_at":"2023-09-02T06:16:43.964Z","dependency_job_id":null,"html_url":"https://github.com/volcengine/key-proxy","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/volcengine%2Fkey-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/volcengine%2Fkey-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/volcengine%2Fkey-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/volcengine%2Fkey-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/volcengine","download_url":"https://codeload.github.com/volcengine/key-proxy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240589029,"owners_count":19825285,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-10T12:21:50.977Z","updated_at":"2025-02-25T02:29:18.569Z","avatar_url":"https://github.com/volcengine.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"key-proxy\n=========\n\n## Overview\n\nA solution for users who are concerned about the security of storing their cloud vendor credentials in the platform.\nThis project allows users to deploy a server in their own environment and store their real cloud vendor credentials on\nit. Our platform will then send requests with proxy credentials (user-defined) to the user-deployed server, which will\nverify the proxy credentials and forward the requests to the cloud vendor with the real credentials.\n\nThis mechanism ensures that users can securely and conveniently use the capabilities provided by the platform even if\nthey do not store their sensitive credentials in the platform.\n\n![workflow](./images/workflow.png)\n\n## Working Principle\n\n1. Setup the config (real and proxy credentials) of key proxy and deploy it. Set proxy server endpoint and create cloud\n   accounts with proxy credentials in the platform.\n2. While using proxy server, platform will send requests to proxy server with proxy (user-defined) credentials rather\n   than real credentials.\n3. After receiving requests in the proxy server, it will verify the correctness of them.\n4. If requests are valid, proxy server will forward requests to cloud vendors with using real credentials that are only\n   stored in the user side.\n5. After obtaining responses from the cloud vendors, return them to the platform.\n\n![principle](./images/principle.jpg)\n\n## Get Started\n\n### Installation\n\n```go\ngo get github.com/volcengine/key-proxy\n```\n\n### Run the proxy server\n\nThe basic example to run the proxy server on port 3888, for more details\nvisit: https://www.volcengine.com/docs/6766/176748, https://www.volcengine.com/docs/6766/176749.\n\n```go\npackage main\n\nimport (\n\t\"github.com/volcengine/key-proxy/common\"\n\t\"github.com/volcengine/key-proxy/pkg/proxy\"\n)\n\nfunc main() {\n\tvar err error\n\tkeyProxy, err := proxy.New(\u0026common.Config{\n\t\tHttp: common.Http{\n\t\t\tAddress: \":3888\",\n\t\t\tTls: common.Tls{\n\t\t\t\tEnabled: false,\n\t\t\t},\n\t\t},\n\t\tEndpoints: []common.Endpoint{\n\t\t\t{\n\t\t\t\tCloudAccountName: \"volc_test\",\n\t\t\t\tVendor:           \"volcengine\",\n\t\t\t\tCredentials: common.Credentials{\n\t\t\t\t\tProxy: common.Credential{\n\t\t\t\t\t\tAccessKey: \"\u003cproxy access key\u003e\",\n\t\t\t\t\t\tSecretKey: \"\u003cproxy secret key\u003e\",\n\t\t\t\t\t},\n\t\t\t\t\tReal: common.Credential{\n\t\t\t\t\t\tAccessKey: \"\u003creal access key\u003e\",\n\t\t\t\t\t\tSecretKey: \"\u003creal secret key\u003e\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tLog: common.Log{\n\t\t\tOutput:  \"./output/log\",\n\t\t\tLevel:   \"debug\",\n\t\t\tMaxAge:  14,\n\t\t\tMaxSize: 100,\n\t\t},\n\t\tForbidden: common.Forbidden{\n\t\t\tForbiddenAccountNotFound:    false,\n\t\t\tForbiddenProxyCredentialErr: false,\n\t\t},\n\t})\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\terr = keyProxy.Run()\n\tif err != nil {\n\t\tpanic(err)\n\t}\n}\n\n```\n\n## Security Considerations\n\nSecurity is of utmost importance when deploying the Proxy Server. Here are some security considerations to keep in mind:\n\n- Make sure to secure your host environment and the server itself.\n- Keep the real cloud vendor credentials stored in the server secure.\n- Regularly monitor the server for any security breaches or vulnerabilities.\n\n## Code of Conduct\n\nPlease check [Code of Conduct](./CODE_OF_CONDUCT.md) for more details.\n\n## Security Issue\n\nIf you discover a potential security issue in this project, or think you may\nhave discovered a security issue, we ask that you notify Bytedance Security via\nour [security center](https://security.bytedance.com/src) or [vulnerability reporting email](sec@bytedance.com).\n\nPlease do **not** create a public GitHub issue.\n\n## License\n\nSee the LICENSE file for details. Note: the license for this project is not 'open source' as described in the Open\nSource Definition.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvolcengine%2Fkey-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvolcengine%2Fkey-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvolcengine%2Fkey-proxy/lists"}