A HashiCorp Vault UI written with VueJS and Vault native Go API

Overview

Goldfish Vault UI - Live Demo

Donation
Share this repo with your colleagues!

What is this?

Goldfish - A HashiCorp Vault UI and workflow tool. pic.twitter.com/uVWLuQEBMi

— Kelsey Hightower (@kelseyhightower) August 21, 2017

Goldfish answers many auditing and administration questions that Vault API can't:

  • Right now, are there any root tokens in Vault?
  • Which policies, users, and tokens can access this particular secret path?
  • The unseal admins are working from home, but we need a policy changed.
    • How do we generate a root token only for this change, and make sure it's revoked after?
  • I store my policies on a Github repo. Can I deploy all my policies in one go? See more
  • If I remove this secret/policy, will anybody's workflow break?

Deploy goldfish in production in minutes!

Seriously, the instructions fit on one screen!

Features

  • Hot-loadable server settings from a provided vault endpoint
  • Displaying a vault endpoint as a 'bulletin board' in homepage
  • Logging in with token, userpass, github, or LDAP
  • Secret Reading/editing/creating/listing
  • Auth Searching/creating/listing/deleting
  • Mounts Listing
  • Policies Searching/Listing
  • Encrypting and decrypting arbitrary strings using transit backend

Major features: See wiki for more

  • DONE! Searching tokens by policy walkthrough
    • E.g. Display all tokens that have the policy 'admins'
  • DONE! Searching policy by rule walkthrough
    • E.g. Display all policies that can access 'secret/data*'
  • DONE! Request & approval based policy changes walkthrough
    • Users can place a policy change request in vault
    • Admins must then provide unseal tokens for that specific request
    • Upon reaching a set number, goldfish generates a root token, performs edit, and revokes the root token
  • DONE! Terraform your vault walkthrough
    • Fetch a folder of policies from a commit in github
    • Admins can enter their unseal tokens for approval to set vault policies according to policies found
    • Change dozens of policies in one go!
  • DONE! Resource dependency chain
    • E.g. Will removing a particular policy affect current users?
    • Will removing a mount or secret path affect current users?

Screenshots

Developing Goldfish

Running locally

You'll need go (v1.9), nodejs (v8.2), and npm (v5)

# hashicorp vault ui

# clone goldfish
go get github.com/caiyeon/goldfish
cd $GOPATH/src/github.com/caiyeon/goldfish

# running goldfish server in -dev will spin up a local vault instance for you
go run server.go -dev

# running goldfish frontend in dev mode will allow for hot-reload of frontend files
cd frontend
sudo npm install -g cross-env
npm install
npm run dev

# a browser window/tab should open, pointing directly to goldfish

Using a VM

A vagrantfile is available as well

You'll need Vagrant and VirtualBox. On Windows, a restart after installation is needed.

# if you wish to launch goldfish in a VM:
git clone https://github.com/Caiyeon/goldfish.git
cd goldfish/vagrant

# this will take awhile
vagrant up --provision

# go to localhost:8080 on your local machine and login with token 'goldfish'

# changes to frontend .vue files will be hot-reloaded
# to force a full reload for the frontend, ssh into the machine and run
#     `sudo systemctl restart goldfish_frontend.service`
# to recompile and re-run the backend, ssh into the machine and run
#     `sudo systemctl restart goldfish.service`

Compiling

You'll need Go(v1.9), Nodejs (v8.2.0), Npm (v5)

Note that using different versions (of nodeJS, especially) will cause differences in the final binary.

# download the source code
go get -d github.com/caiyeon/goldfish
cd $GOPATH/src/github.com/caiyeon/goldfish

# resetting to a tagged version is recommended
# no support will be given to arbitrary commits on the master branch
git fetch --all --tags --prune
git checkout tags/<version> # version could be, for example, v0.8.0

# compile the binary
sh build.sh

Development

Goldfish is in very active development.

Pull requests and feature requests are welcome. Feel free to suggest new workflows by opening issues.

Components

Frontend:

  • VueJS
  • Bulma CSS
  • Vue Admin

Backend:

Design

See: Architecture

Sponsored by

Why 'Goldfish'?

This server should behave as a goldfish, forgetting everything immediately after a request is completed. That, and other inside-joke reasons.

Credits for the goldfish icon goes to Laurel Chan

Issues
  • Official Docker Image

    Official Docker Image

    Currently there is a Dockerfile in the repository but there is no official distribution of this image on Docker Hub.

    We are also maintaining one under themobilelife/goldfish but I think it would be better if there was an official one maintained on Docker Hub.

    help wanted 
    opened by Gabology 27
  • "Error: Goldfish could not use transit key"

    Hi, Tony. I upgraded from Goldfish 0.4.1 to 0.5.0 last week, and everything was working fine. This morning when I go to login, I'm getting this:

    Error: 500 Goldfish could not use transit key

    Is there an expiration problem or key-refresh issue that's not happening?

    Thanks for all your work.

    opened by dswhite42 18
  • Failed to unwrap provided token

    Failed to unwrap provided token

    Moved up to 0.4.0 and I'm now getting this everytime I launch goldfish be it via systemd or straight command line.

    panic: Failed to unwrap provided token, revoke it if possible
    
    goroutine 1 [running]:
    main.main()
    	/Users/tony/work/src/github.com/caiyeon/goldfish/server.go:77 +0x1dd
    

    config.hcl contents:

    listener "tcp" {
      address       = "url"
      tls_cert_file = "/etc/letsencrypt/live/cert_path/cert.pem"
      tls_key_file  = "/etc/letsencrypt/live/key_path/privkey.pem"
    }
    vault {
      address       = "vault_url:8200"
    }
    
    opened by klevermonicker 18
  • Bug: 500 invalid character '<' looking for beginning of value when accepting github policy change

    Bug: 500 invalid character '<' looking for beginning of value when accepting github policy change

    Bug report:

    Vault version: 0.9.4

    Goldfish version: 0.9.0

    Operating system: osx

    Steps to reproduce:

    1. Change a loaded policy in github
    2. go to requests
    3. enter commit sha
    4. accept change
    5. navigate to secrets

    Expected behaviour: secrets page loaded without error

    Actual behaviour: error is observed

    opened by dylanfoster 15
  • Feature: Add option to get unwrapped token from environment or file

    Feature: Add option to get unwrapped token from environment or file

    It would be great if Goldfish were able to get it's vault token from either a file or environment variable; in addition to the current way of retrieving it via a wrapped token or AppRole. This would enable the project to be hosted on Nomad using the built-in vault integration, which automatically generates a vault token and passes it to the container through the VAULT_TOKEN environment variable or a secret file containing the token.

    opened by justenwalker 14
  • error on login if it reaches a standby node

    error on login if it reaches a standby node

    I have a vault configuration that does not use a LB in front, rather a simple rrdns to all available nodes. Using the vault_api_addr each node will also report it's real address, and I believe allow them to redirect to the appropriate active node in the event ca client resolves a standby.

    On the vault client this functions perfectly: I can "vault auth" and always get an appropriate response.

    On goldsifh, however, selecting the "login" link I will randomly get the following warning:

    Error making API request. URL: GET https://<generic.url>:8200/v1/sys/health Code: 429. Errors:
    

    This implies I have to point at the active vault, which doesn't seem proper? Or is some way to tell goldfish it needs to be ha aware?

    opened by Justin-DynamicD 12
  • Add additional Dockerfiles and configs to use with docker-compose

    Add additional Dockerfiles and configs to use with docker-compose

    Verified and tested locally when using docker-compose up and Goldfish UI was accessible at http://localhost:8080.

    example output of docker-compose up when running the stack and accessing it via a browser.

    docker-compose up                                                                                                                                [69/1915]
    Creating docker_vault_1
    Creating docker_goldfish_1
    Creating docker_goldfish-frontend_1
    Attaching to docker_vault_1, docker_goldfish_1, docker_goldfish-frontend_1
    vault_1              | ==> Vault server configuration:
    vault_1              |
    vault_1              |                      Cgo: disabled
    vault_1              |          Cluster Address: https://0.0.0.0:8201
    vault_1              |               Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", tls: "disabled")
    vault_1              |                Log Level: info
    vault_1              |                    Mlock: supported: true, enabled: false
    vault_1              |         Redirect Address: http://0.0.0.0:8200
    vault_1              |                  Storage: inmem
    vault_1              |                  Version: Vault v0.7.3
    vault_1              |              Version Sha: 0b20ae0b9b7a748d607082b1add3663a28e31b68
    vault_1              |
    goldfish_1           |   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
    goldfish_1           |                                  Dload  Upload   Total   Spent    Left  Speed
    vault_1              | 2017/06/23 05:58:21.553980 [INFO ] core: security barrier not initialized
    100    18    0     0  100    18      0   3735 --:--:-- --:--:-- --:--:--  4500
    vault_1              | 2017/06/23 05:58:21.554365 [INFO ] core: security barrier initialized: shares=1 threshold=1
    goldfish_1           |   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
    goldfish_1           |                                  Dload  Upload   Total   Spent    Left  Speed
    vault_1              | 2017/06/23 05:58:21.554507 [INFO ] core: post-unseal setup starting
    vault_1              | 2017/06/23 05:58:21.565039 [INFO ] core: loaded wrapping token key
    vault_1              | 2017/06/23 05:58:21.568078 [INFO ] core: successfully mounted backend: type=generic path=secret/
    vault_1              | 2017/06/23 05:58:21.568096 [INFO ] core: successfully mounted backend: type=cubbyhole path=cubbyhole/
    vault_1              | 2017/06/23 05:58:21.568180 [INFO ] core: successfully mounted backend: type=system path=sys/
    vault_1              | 2017/06/23 05:58:21.568359 [INFO ] rollback: starting rollback manager
    vault_1              | 2017/06/23 05:58:21.569132 [INFO ] expiration: restoring leases
    vault_1              | 2017/06/23 05:58:21.571304 [INFO ] core: post-unseal setup complete
    vault_1              | 2017/06/23 05:58:21.571476 [INFO ] core: root token generated
    vault_1              | 2017/06/23 05:58:21.571483 [INFO ] core: pre-seal teardown starting
    vault_1              | 2017/06/23 05:58:21.571499 [INFO ] core: cluster listeners not running
    100    18    0     0  100    18      0   6893 --:--:-- --:--:-- --:--:-- 18000
    vault_1              | 2017/06/23 05:58:21.571517 [INFO ] rollback: stopping rollback manager
    vault_1              | 2017/06/23 05:58:21.571561 [INFO ] core: pre-seal teardown complete
    vault_1              | 2017/06/23 05:58:21.571637 [INFO ] core: vault is unsealed
    vault_1              | 2017/06/23 05:58:21.571666 [INFO ] core: post-unseal setup starting
    goldfish_1           |   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
    goldfish_1           |                                  Dload  Upload   Total   Spent    Left  Speed
    vault_1              | 2017/06/23 05:58:21.571720 [INFO ] core: loaded wrapping token key
    vault_1              | 2017/06/23 05:58:21.571853 [INFO ] core: successfully mounted backend: type=generic path=secret/
    100   225    0     0  100   225      0   152k --:--:-- --:--:-- --:--:--  219k
    vault_1              | ==> WARNING: Dev mode is enabled!
    vault_1              |
    vault_1              | In this mode, Vault is completely in-memory and unsealed.
    vault_1              | Vault is configured to only have a single unseal key. The root
    vault_1              | token has already been authenticated with the CLI, so you can
    vault_1              | immediately begin using the Vault CLI.
    vault_1              |
    vault_1              | The only step you need to take is to set the following
    vault_1              | environment variables:
    vault_1              |
    vault_1              |     export VAULT_ADDR='http://0.0.0.0:8200'
    vault_1              |
    vault_1              | The unseal key and root token are reproduced below in case you
    vault_1              | want to seal/unseal the Vault or play with authentication.
    vault_1              |
    vault_1              | Unseal Key: LSSPrCHY/ixySakn7Kp5SbAt0c3g+4PCzTE7AWK+0kM=
    vault_1              | Root Token: goldfish
    vault_1              |
    vault_1              | ==> Vault server started! Log data will stream in below:
    vault_1              |
    vault_1              | 2017/06/23 05:58:21.571928 [INFO ] core: successfully mounted backend: type=system path=sys/
    vault_1              | 2017/06/23 05:58:21.571945 [INFO ] core: successfully mounted backend: type=cubbyhole path=cubbyhole/
    vault_1              | 2017/06/23 05:58:21.572092 [INFO ] rollback: starting rollback manager
    vault_1              | 2017/06/23 05:58:21.572412 [INFO ] expiration: restoring leases
    vault_1              | 2017/06/23 05:58:21.572769 [INFO ] core: post-unseal setup complete
    vault_1              | 2017/06/23 05:58:22.127321 [INFO ] core: successful mount: path=transit/ type=transit
    goldfish_1           |   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
    vault_1              | 2017/06/23 05:58:22.133197 [INFO ] core: enabled credential backend: path=approle/ type=approle
    goldfish_1           |                                  Dload  Upload   Total   Spent    Left  Speed
    100   122    0     0  100   122      0  38006 --:--:-- --:--:-- --:--:-- 61000
    goldfish_1           |   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
    goldfish_1           |                                  Dload  Upload   Total   Spent    Left  Speed
    100    22    0     0  100    22      0  13025 --:--:-- --:--:-- --:--:-- 22000
    goldfish_1           |   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
    goldfish_1           |                                  Dload  Upload   Total   Spent    Left  Speed
      0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
    goldfish_1           |   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
    goldfish_1           |                                  Dload  Upload   Total   Spent    Left  Speed
    100   178    0     0  100   178      0  73130 --:--:-- --:--:-- --:--:--  173k
    goldfish_1           |   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
    goldfish_1           |                                  Dload  Upload   Total   Spent    Left  Speed
    100   228  100   228    0     0  46644      0 --:--:-- --:--:-- --:--:-- 57000
    goldfish_1           | 2017/06/23 05:58:22 [INFO ]: Server token accessor: e0eb5905-f25b-2ba0-ce21-1803211bf28d
    goldfish_1           | 2017/06/23 05:58:22 Goldfish config reloaded
    goldfish_1           | Goldfish version: v0.4.0
    goldfish_1           | Goldfish successfully bootstrapped to vault
    goldfish_1           |
    goldfish_1           |   .
    goldfish_1           |   ...             ...
    goldfish_1           |   .........       ......
    goldfish_1           |    ...........   ..........
    goldfish_1           |      .......... ...............
    goldfish_1           |      .............................
    goldfish_1           |       .............................
    goldfish_1           |          ...........................
    goldfish_1           |         ...........................
    goldfish_1           |         ..........................
    goldfish_1           |         ...... ..................
    goldfish_1           |       ......    ...............
    goldfish_1           |      ..        ..      ....
    goldfish_1           |     .                 ..
    goldfish_1           |
    goldfish_1           |
    goldfish_1           | ⇛ http server started on [::]:8000
    goldfish-frontend_1  | 172.19.0.1 - - [23/Jun/2017:06:00:52 +0000] "GET /api/login/csrf HTTP/1.1" 200 20 "http://localhost:8080/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4" "-"
    goldfish_1           | {"time":"2017-06-23T06:00:52.377168792Z","remote_ip":"172.19.0.1","host":"localhost","method":"GET","uri":"/api/login/csrf","status":200, "latency":84,"latency_human":"84.699µs","bytes_in":0,"bytes_out":20}
    goldfish_1           | {"time":"2017-06-23T06:00:52.379753509Z","remote_ip":"172.19.0.1","host":"localhost","method":"GET","uri":"/api/health","status":200, "latency":2783,"latency_human":"2.783979ms","bytes_in":0,"bytes_out":225}
    goldfish-frontend_1  | 172.19.0.1 - - [23/Jun/2017:06:00:52 +0000] "GET /api/health HTTP/1.1" 200 225 "http://localhost:8080/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4" "-"
    
    opened by ecliptik 11
  • wrapping token is not valid or does not exist

    wrapping token is not valid or does not exist

    Goldfish version: v0.8.0 Vault version: v0.8.3

    Lately our Goldfish container (see this comment on setup https://github.com/Caiyeon/goldfish/issues/190#issuecomment-352559276) has been giving the following message after running a few hours,

    12/1/2017 5:19:53 AMURL: PUT https://vault.ourdomain.com:8200/v1/sys/wrapping/unwrap
    12/1/2017 5:19:53 AMCode: 400. Errors:
    12/1/2017 5:19:53 AM
    12/1/2017 5:19:53 AM* wrapping token is not valid or does not exist
    12/1/2017 5:19:58 AM2017/12/01 13:19:58 [ERROR]: Bootstrapping goldfish Failed to unwrap provided token, revoke it if possible
    12/1/2017 5:19:58 AMReason:Error making API request.
    

    The goldfish role was setup following the guide in the wiki. The container is deployed by first getting it's wrapping token from vault with,

    export GOLDFISH_TOKEN=`vault write -f -format=json -wrap-ttl=5m auth/approle/role/goldfish/secret-id | jq -r .wrap_info.token`
    

    and then bootstrapping with the command,

    goldfish -config=/app/config.hcl -token=${GOLDFISH_TOKEN}
    

    Am I setting the wrapping token incorrectly? Or is there a way to find out why the token keeps expiring? I don't think this is a bug necessarily and it was happening with goldfish v0.7.4, but any guidance would be appreciated.

    opened by ecliptik 10
  • Goldfish fails to connect to Vault to unwrap the secret-id when the Vault Cluster is in redirect HA mode

    Goldfish fails to connect to Vault to unwrap the secret-id when the Vault Cluster is in redirect HA mode

    When the vault cluster is HA and setup to redirect to the leader instead of forwarding, Goldfish fails to follow redirects and results in failing to start due to the fact that it's hitting a standby node. The vault client should follow redirects.

    Vault version: 0.7.3 Goldfish version: 0.5.1

    bug-dependency 
    opened by silverbadge 10
  • Is Goldfish Proxy-Aware?

    Is Goldfish Proxy-Aware?

    Hey everyone,

    So I'm running Goldfish in an environment where all outbound traffic has to go through a proxy, and I'm trying to use the Slack webhook. Is there any config option I can pass to Goldfish to tell it where to proxy through?

    opened by TuxOtaku 9
  • How do I run this locally to connect to my cloud Vault?

    How do I run this locally to connect to my cloud Vault?

    I have a Vault running on Kubernetes that I port forward to https://localhost:8200. I have the TLS cert and the token on hand. I am able to connect to this with the official Vault UI and djenriquez/vault-ui.

    I would like to run Goldfish locally and connect to this, however it has not been clear to me what I'm supposed to configure before I run npm run dev to properly connect. I get 500/502 errors.

    Any advice? Thank you.

    opened by booboothefool 0
  • Github integration not clear

    Github integration not clear

    I see some references to github integration - the request feature in the GUI and a few lines in the wiki, but no clear explanation of what this feature does or how it works. It sounds very exciting but I may be making undue assumptions.

    opened by zfLQ2qx2 0
  • Feature request: Add JWT support

    Feature request: Add JWT support

    Feature request:

    Is this a front-end feature or backend? (or both?) both?

    Description of feature: Add please support to enter JWT tokens to do a login

    Are you able to submit a pull request for this feature? no

    opened by mdeknowis 0
  • Feature Request: Add HSTS HTTP header for security

    Feature Request: Add HSTS HTTP header for security

    When Qualys does a vulnerability scan on Goldfish, one of the vulns it reports is "Strict-Transport-Security HTTP Header missing". Could this be added?

    Strict-Transport-Security "max-age=63072000; includeSubdomains;"

    If I read the spec right, this should work both when GoldFish is running in HTTP mode (so the header is ignored) or HTTPS (where it does what it's supposed to).

    Thanks!

    opened by dswhite42 1
  • Feature Request: Image Support

    Feature Request: Image Support

    Feature request:

    Not sure if it's just a frontend ticket, but should be possible ;)

    Description of feature: Would be great to upload images via goldfish, e.g. for QR code for 2NFA and save them as secret.

    Are you able to submit a pull request for this feature? yes

    opened by hypery2k 0
  • Feature Request: Write to multiple Vault clusters

    Feature Request: Write to multiple Vault clusters

    We have several Vault clusters distributed at various locations around the world. We have implemented our own solution for replicating secrets out to each cluster. This works, but it would be nice if during login, Goldfish could authenticate versus multiple clusters at once. Then when the user adds/updates a secret, it is written simultaneously to all remote clusters.

    opened by travis-bear 0
  • Feature Request: Gitlab Support

    Feature Request: Gitlab Support

    Feature request:

    Is this a front-end feature or backend? Backend, I think?

    Description of feature: We store stuff in a local GitLab instance, and would like to use that for our source of truth there vs. GitHub.

    Are you able to submit a pull request for this feature? I've written some GitLab stuff in Go before, so possibly!

    opened by patcable 0
  • Vault v0.10.1 bug thread

    Vault v0.10.1 bug thread

    The new vault release seems to have a new API that causes a lot of bugs. I'm not sure if the vault official API is backwards compatible, and I do not have time currently to investigate. I'm on a vacation, and will not be able to look at these issues until July at the earliest.

    If you find a bug, feel free to attach a report to this thread. In the meanwhile, the v0.10.1 vault release should have a free built-in UI, which should satisfy most (or all) use cases.

    opened by Caiyeon 5
  • Bug: Default install instructions do not work in Ubuntu

    Bug: Default install instructions do not work in Ubuntu

    Vault v0.10.1

    GOLDFISH_VERSION=v0.9.0

    Operating system: Ubuntu 18.04

    Steps to reproduce: Step 1 -- 4th command at: https://github.com/Caiyeon/goldfish/wiki/Production-Deployment ./vault write secret/goldfish DefaultSecretPath="secret/" UserTransitKey="usertransit" BulletinPath="secret/bulletins/"

    Expected behaviour: Return success

    Actual behaviour: Error

    image

    Error
    writing data to secret/goldfish: Error making API request.
    
    URL: PUT http://127.0.0.1:8200/v1/secret/goldfish
    Code: 404. Errors:
    
    WARNING! The following warnings were returned from Vault:
    
      * Invalid path for a versioned K/V secrets engine. See the API docs for the
      appropriate API endpoints to use. If using the Vault CLI, use 'vault kv put'
      for this operation.`
    

    Q1) Should the above command be changed to? ./vault kv put secret/goldfish DefaultSecretPath="secret/" UserTransitKey="usertransit" BulletinPath="secret/bulletins/"

    Q2) After I use the command from Q1 when I insert the "wrapping token" in web UI, I get the following error message. How to fix this?

    image

    Here is the content of config.hcl

    listener "tcp" {
      address       = ":8000"         # listen on default http port
      tls_disable = 1
      
    }
    vault {
      address       = "http://127.0.0.1:8200"
      tls_skip_verify = 1
    }
    disable_mlock = 1
    

    Here is the error message on the console:

    image

    Goldfish version: v0.9.0
    Goldfish successfully bootstrapped to vault
    
      .
      ...             ...
      .........       ......
       ...........   ..........
         .......... ...............
         .............................
          .............................
             ...........................
            ...........................
            ..........................
            ...... ..................
          ......    ...............
         ..        ..      ....
        .                 ..
    
    
    {"time":"2018-04-30T03:29:29.744634622Z","id":"","remote_ip":"10.0.1.9","host":"10.0.1.50:8000","method":"GET","uri":"/","status":200, "latency":4932647,"latency_human":"4.932647ms","bytes_in":0,"bytes_out":1017}
    {"time":"2018-04-30T03:29:29.776492264Z","id":"","remote_ip":"10.0.1.9","host":"10.0.1.50:8000","method":"GET","uri":"/assets/js/manifest.47a7fdd660e1df2c5976.js","status":200, "latency":904676,"latency_human":"904.676µs","bytes_in":0,"bytes_out":1868}
    {"time":"2018-04-30T03:29:29.79812789Z","id":"","remote_ip":"10.0.1.9","host":"10.0.1.50:8000","method":"GET","uri":"/assets/js/app.28dd93835375aefc420a.js","status":200, "latency":3320265,"latency_human":"3.320265ms","bytes_in":0,"bytes_out":35703}
    {"time":"2018-04-30T03:29:29.799790103Z","id":"","remote_ip":"10.0.1.9","host":"10.0.1.50:8000","method":"GET","uri":"/assets/css/app.cad22887ff5ae9774c3db7ffdb37dc37.css","status":200, "latency":22031213,"latency_human":"22.031213ms","bytes_in":0,"bytes_out":250757}
    {"time":"2018-04-30T03:29:29.880110108Z","id":"","remote_ip":"10.0.1.9","host":"10.0.1.50:8000","method":"GET","uri":"/assets/js/vendor.39969aea672c8e4f6fd2.js","status":200, "latency":79239207,"latency_human":"79.239207ms","bytes_in":0,"bytes_out":942634}
    {"time":"2018-04-30T03:29:30.337703152Z","id":"","remote_ip":"10.0.1.9","host":"10.0.1.50:8000","method":"GET","uri":"/assets/js/11.8335c809476da0859479.js","status":200, "latency":548282,"latency_human":"548.282µs","bytes_in":0,"bytes_out":16842}
    {"time":"2018-04-30T03:29:30.357628766Z","id":"","remote_ip":"10.0.1.9","host":"10.0.1.50:8000","method":"GET","uri":"/assets/img/logo.ba9a34f.svg","status":200, "latency":11584048,"latency_human":"11.584048ms","bytes_in":0,"bytes_out":247654}
    {"time":"2018-04-30T03:29:30.385427206Z","id":"","remote_ip":"10.0.1.9","host":"10.0.1.50:8000","method":"GET","uri":"/assets/fonts/fontawesome-webfont.af7ae50.woff2","status":200, "latency":8952348,"latency_human":"8.952348ms","bytes_in":0,"bytes_out":77160}
    {"time":"2018-04-30T03:29:30.468788125Z","id":"","remote_ip":"10.0.1.9","host":"10.0.1.50:8000","method":"GET","uri":"/v1/health","status":200, "latency":993825,"latency_human":"993.825µs","bytes_in":0,"bytes_out":74}
    {"time":"2018-04-30T03:29:30.473430686Z","id":"","remote_ip":"10.0.1.9","host":"10.0.1.50:8000","method":"GET","uri":"/v1/vaulthealth","status":200, "latency":6266894,"latency_human":"6.266894ms","bytes_in":0,"bytes_out":202}
    {"time":"2018-04-30T03:29:44.551480286Z","level":"-","prefix":"echo","file":"asm_amd64.s","line":"510","message":"[\x1b[31mPANIC RECOVER\x1b[0m] runtime error: invalid memory address or nil pointer dereference goroutine 34 [running]:\ngithub.com/caiyeon/goldfish/vendor/github.com/labstack/echo/middleware.RecoverWithConfig.func1.1.1(0x2384f40, 0x1000, 0xc4203d0000, 0x2e574a0, 0xc42048a620)\n\tF:/gopath/src/github.com/caiyeon/goldfish/vendor/github.com/labstack/echo/middleware/recover.go:75 +0x12a\npanic(0x15952a0, 0x2e9dda0)\n\tC:/Go/src/runtime/panic.go:491 +0x283\ngithub.com/caiyeon/goldfish/vault.VerifyTokenRights(0xc420012f90, 0x24, 0x12, 0xc420054e70, 0xc42004be60, 0x0)\n\tF:/gopath/src/github.com/caiyeon/goldfish/vault/vault.go:261 +0x1ef\ngithub.com/caiyeon/goldfish/vault.Bootstrap(0xc420012c30, 0x24, 0xc42047e900, 0x0)\n\tF:/gopath/src/github.com/caiyeon/goldfish/vault/vault.go:164 +0x1a0\ngithub.com/caiyeon/goldfish/handlers.Bootstrap.func1(0x2e574a0, 0xc42048a620, 0x17d6283, 0xd)\n\tF:/gopath/src/github.com/caiyeon/goldfish/handlers/handlers.go:101 +0x292\ngithub.com/caiyeon/goldfish/vendor/github.com/labstack/echo.(*Echo).add.func1(0x2e574a0, 0xc42048a620, 0xd,
    0x1804304)\n\tF:/gopath/src/github.com/caiyeon/goldfish/vendor/github.com/labstack/echo/echo.go:467 +0x87\ngithub.com/caiyeon/goldfish/server.StartListener.func1.1(0x2e574a0, 0xc42048a620, 0xc420483bc0, 0x2e49c60)\n\tF:/gopath/src/github.com/caiyeon/goldfish/server/server.go:54 +0xa4\ngithub.com/caiyeon/goldfish/vendor/github.com/labstack/echo/middleware.GzipWithConfig.func1.1(0x2e574a0, 0xc42048a620, 0x0, 0x0)\n\tF:/gopath/src/github.com/caiyeon/goldfish/vendor/github.com/labstack/echo/middleware/compress.go:92 +0x17f\ngithub.com/caiyeon/goldfish/vendor/github.com/labstack/echo/middleware.BodyLimitWithConfig.func1.1(0x2e574a0, 0xc42048a620, 0x0, 0x0)\n\tF:/gopath/src/github.com/caiyeon/goldfish/vendor/github.com/labstack/echo/middleware/body_limit.go:87 +0x19f\ngithub.com/caiyeon/goldfish/vendor/github.com/labstack/echo/middleware.RecoverWithConfig.func1.1(0x2e574a0, 0xc42048a620, 0x0, 0x0)\n\tF:/gopath/src/github.com/caiyeon/goldfish/vendor/github.com/labstack/echo/middleware/recover.go:82 +0xe1\ngithub.com/caiyeon/goldfish/vendor/github.com/labstack/echo/middleware.LoggerWithConfig.func2.1(0x2e574a0, 0xc42048a620, 0x0, 0x0)\n\tF:/gopath/src/github.com/caiyeon/goldfish/vendor/github.com/labstack/echo/middleware/logger.go:111 +0x121\ngithub.com/caiyeon/goldfish/vendor/github.com/labstack/echo.(*Echo).ServeHTTP.func1(0x2e574a0, 0xc42048a620, 0xc420056538, 0x17b2e20)\n\tF:/gopath/src/github.com/caiyeon/goldfish/vendor/github.com/labstack/echo/echo.go:558 +0x108\ngithub.com/caiyeon/goldfish/vendor/github.com/labstack/echo.(*Echo).ServeHTTP(0xc4200564e0, 0x2e49c60, 0xc42039c000, 0xc420158200)\n\tF:/gopath/src/github.com/caiyeon/goldfish/vendor/github.com/labstack/echo/echo.go:567 +0x228\nnet/http.serverHandler.ServeHTTP(0xc420062c30, 0x2e49c60, 0xc42039c000, 0xc420158200)\n\tC:/Go/src/net/http/server.go:2619 +0xb4\nnet/http.(*conn).serve(0xc42006bf40, 0x2e4aae0, 0xc420503c40)\n\tC:/Go/src/net/http/server.go:1801 +0x71d\ncreated by net/http.(*Server).Serve\n\tC:/Go/src/net/http/server.go:2720 +0x288\n\ngoroutine 1 [chan receive]:\nmain.main()\n\tF:/gopath/src/github.com/caiyeon/goldfish/server.go:106 +0x4fa\n\ngoroutine 5 [syscall]:\nos/signal.signal_recv(0x0)\n\tC:/Go/src/runtime/sigqueue.go:131 +0xa6\nos/signal.loop()\n\tC:/Go/src/os/signal/signal_unix.go:22 +0x22\ncreated by os/signal.init.0\n\tC:/Go/src/os/signal/signal_unix.go:28 +0x41\n\ngoroutine 8 [chan receive]:\ngithub.com/caiyeon/goldfish/vault.init.0.func1()\n\tF:/gopath/src/github.com/caiyeon/goldfish/vault/vault.go:34 +0x59\ncreated by github.com/caiyeon/goldfish/vault.init.0\n\tF:/gopath/src/github.com/caiyeon/goldfish/vault/vault.go:33 +0x35\n\ngoroutine 9 [IO wait]:\ninternal/poll.runtime_pollWait(0x7fcbe1f56f70, 0x72, 0xffffffffffffffff)\n\tC:/Go/src/runtime/netpoll.go:173 +0x57\ninternal/poll.(*pollDesc).wait(0xc4200ec298, 0x72, 0xc4203d7900, 0x0, 0x0)\n\tC:/Go/src/internal/poll/fd_poll_runtime.go:85 +0xae\ninternal/poll.(*pollDesc).waitRead(0xc4200ec298, 0xffffffffffffff00, 0x0, 0x0)\n\tC:/Go/src/internal/poll/fd_poll_runtime.go:90 +0x3d\ninternal/poll.(*FD).Accept(0xc4200ec280, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)\n\tC:/Go/src/internal/poll/fd_unix.go:334 +0x1e2\nnet.(*netFD).acce\n"}
    {"time":"2018-04-30T03:29:44.552957896Z","id":"","remote_ip":"10.0.1.9","host":"10.0.1.50:8000","method":"POST","uri":"/v1/bootstrap","status":500, "latency":11578470,"latency_human":"11.57847ms","bytes_in":57,"bytes_out":35}
    
    opened by vikaskedia 2
  • Bug: vault kv store version2 errror/panic seems that it is not supported

    Bug: vault kv store version2 errror/panic seems that it is not supported

    Bug report:

    Vault version: 0.10.1

    Goldfish version: 0.9.0

    Operating system: CentOS7

    Steps to reproduce: Follow production deployment guide

    Expected behaviour: Working instance of goldfish

    Actual behaviour: Error when executing the following step

    vault write secret/goldfish DefaultSecretPath="secret/" UserTransitKey="usertransit" BulletinPath="secret/bulletins/"
    

    because secret/ path has been converted from version1 to version2 kv store

    Also I worked around this by changing the command to

    vault kv put secret/goldfish DefaultSecretPath="secret/" UserTransitKey="usertransit" BulletinPath="secret/bulletins/"
    

    But I got a error panic when I tried to add wrapped token at the first login

    {"time":"2018-04-29T08:33:34.094166162Z","level":"-","prefix":"echo","file":"asm_amd64.s","line":"510","message":"[\x1b[31mPANIC RECOVER\x1b[0m] runtime error: invalid memory address or nil pointer dereference goroutine 50 [running]:\ngithub.com/caiyeon/goldfish/vendor/github.com/labstack/echo/middleware.RecoverWithConfig.func1.1.1(0x2384f40, 0x1000, 0xc4203c0000, 0x2e574a0, 0xc4201b4ee0)\n\tF:/gopath/src/github.com/caiyeon/goldfish/vendor/github.com/labstack/echo/middleware/recover.go:75 +0x12a\npanic(0x15952a0, 0x2e9dda0)\n\tC:/Go/src/runtime/panic.go:491 +0x283\ngithub.com/caiyeon/goldfish/vault.VerifyTokenRights(0xc42048f2c0, 0x24, 0x12, 0xc420398fc0, 0xc420047f80, 0x0)\n\tF:/gopath/src/github.com/caiyeon/goldfish/vault/vault.go:261 +0x1ef\ngithub.com/caiyeon/goldfish/vault.Bootstrap(0xc42048f0e0, 0x24, 0xc4203b8a80, 0x0)\n\tF:/gopath/src/github.com/caiyeon/goldfish/vault/vault.go:164 +0x1a0\ngithub.com/caiyeon/goldfish/handlers.Bootstrap.func1(0x2e574a0, 0xc4201b4ee0, 0x17d6283, 0xd)\n\tF:/gopath/src/github.com/caiyeon/goldfish/handlers/handlers.go:101 +0x292\ngithub.com/caiyeon/goldfish/vendor/github.com/labstack/echo.(*Echo).add.func1(0x2e574a0, 0xc4201b4ee0, 0xd, 0x1804304)\n\tF:/gopath/src/github.com/caiyeon/goldfish/vendor/github.com/labstack/echo/echo.go:467 +0x87\ngithub.com/caiyeon/goldfish/server.StartListener.func1.1(0x2e574a0, 0xc4201b4ee0, 0x17ca214, 0x4)\n\tF:/gopath/src/github.com/caiyeon/goldfish/server/server.go:54 +0xa4\ngithub.com/caiyeon/goldfish/vendor/github.com/labstack/echo/middleware.GzipWithConfig.func1.1(0x2e574a0, 0xc4201b4ee0, 0x0, 0x0)\n\tF:/gopath/src/github.com/caiyeon/goldfish/vendor/github.com/labstack/echo/middleware/compress.go:92 +0x17f\ngithub.com/caiyeon/goldfish/vendor/github.com/labstack/echo/middleware.BodyLimitWithConfig.func1.1(0x2e574a0, 0xc4201b4ee0, 0x0, 0x0)\n\tF:/gopath/src/github.com/caiyeon/goldfish/vendor/github.com/labstack/echo/middleware/body_limit.go:87 +0x19f\ngithub.com/caiyeon/goldfish/vendor/github.com/labstack/echo/middleware.RecoverWithConfig.func1.1(0x2e574a0, 0xc4201b4ee0, 0x0, 0x0)\n\tF:/gopath/src/github.com/caiyeon/goldfish/vendor/github.com/labstack/echo/middleware/recover.go:82 +0xe1\ngithub.com/caiyeon/goldfish/vendor/github.com/labstack/echo/middleware.LoggerWithConfig.func2.1(0x2e574a0, 0xc4201b4ee0, 0x0, 0x0)\n\tF:/gopath/src/github.com/caiyeon/goldfish/vendor/github.com/labstack/echo/middleware/logger.go:111 +0x121\ngithub.com/caiyeon/goldfish/vendor/github.com/labstack/echo.(*Echo).ServeHTTP.func1(0x2e574a0, 0xc4201b4ee0, 0xc420054538, 0x17b2e20)\n\tF:/gopath/src/github.com/caiyeon/goldfish/vendor/github.com/labstack/echo/echo.go:558 +0x108\ngithub.com/caiyeon/goldfish/vendor/github.com/labstack/echo.(*Echo).ServeHTTP(0xc4200544e0, 0x2e49c60, 0xc420396a80, 0xc4201c2000)\n\tF:/gopath/src/github.com/caiyeon/goldfish/vendor/github.com/labstack/echo/echo.go:567 +0x228\nnet/http.serverHandler.ServeHTTP(0xc420060c30, 0x2e49c60, 0xc420396a80, 0xc4201c2000)\n\tC:/Go/src/net/http/server.go:2619 +0xb4\nnet/http.(*conn).serve(0xc4201c55e0, 0x2e4aae0, 0xc4201b6400)\n\tC:/Go/src/net/http/server.go:1801 +0x71d\ncreated by net/http.(*Server).Serve\n\tC:/Go/src/net/http/server.go:2720 +0x288\n\ngoroutine 1 [chan receive]:\nmain.main()\n\tF:/gopath/src/github.com/caiyeon/goldfish/server.go:106 +0x4fa\n\ngoroutine 5 [syscall]:\nos/signal.signal_recv(0x0)\n\tC:/Go/src/runtime/sigqueue.go:131 +0xa6\nos/signal.loop()\n\tC:/Go/src/os/signal/signal_unix.go:22 +0x22\ncreated by os/signal.init.0\n\tC:/Go/src/os/signal/signal_unix.go:28 +0x41\n\ngoroutine 8 [chan receive]:\ngithub.com/caiyeon/goldfish/vault.init.0.func1()\n\tF:/gopath/src/github.com/caiyeon/goldfish/vault/vault.go:34 +0x59\ncreated by github.com/caiyeon/goldfish/vault.init.0\n\tF:/gopath/src/github.com/caiyeon/goldfish/vault/vault.go:33 +0x35\n\ngoroutine 9 [IO wait]:\ninternal/poll.runtime_pollWait(0x7f56de65df70, 0x72, 0xffffffffffffffff)\n\tC:/Go/src/runtime/netpoll.go:173 +0x57\ninternal/poll.(*pollDesc).wait(0xc4200ea298, 0x72, 0xc4203cf900, 0x0, 0x0)\n\tC:/Go/src/internal/poll/fd_poll_runtime.go:85 +0xae\ninternal/poll.(*pollDesc).waitRead(0xc4200ea298, 0xffffffffffffff00, 0x0, 0x0)\n\tC:/Go/src/internal/poll/fd_poll_runtime.go:90 +0x3d\ninternal/poll.(*FD).Accept(0xc4200ea280, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)\n\tC:/Go/src/internal/poll/fd_unix.go:334 +0x1e2\nnet.(*netFD).accept(0xc420\n"}
    
    opened by Abukamel 3
Releases(v0.9.0)
  • v0.9.0(Feb 24, 2018)

    Summary:

    The deployment config file has slightly changed. The certificate information has been moved to its own struct. Check this wiki page for samples, or the sample config file

    Goldfish now also accepts non-approle tokens for deployment. They still must be wrapped. The procedures for bootstrapping are identical, goldfish will determine whether the token is approle or not. The recommended bootstrap method is still an approle token, and therefore deployment instructions on wiki pages will remain in approle fashion.

    Fixes:

    • 1718640 Fixed a bug in token creator regarding periodic TTLs
    • e63d3e1 PKI integration now includes the issuing_ca field, for a full certificate chain

    Features:

    • 9c75ad5 Allow custom login paths (#185)
    • ca3d9a0 Support for Vault with custom CA certs (#220)
    • 089caa6 Support for bootstrapping with a non-approle wrapped token (#222)
    • 143f6f3 Support ip_sans and alt_names fields to PKI integration (#223)
    • 5280814 Added explicit common_name field to PKI integration
    • ee66442 Allow for multi-line pastes in secret input boxes (#234)
    • f64ef16 Added warning notification for users when their token is about to expire
    • dd2576b Added a revoke-self button on login page

    Misc:

    • 35184cc Fixed misaligned footer on low-resolution screens
    • 344fca9 Secrets page inputs made monospace (#235)
    • ad4d0ce Corrected sort triangle orientation (#236)
    • 803e758 Vault API updated to v0.9.3
    • 888c28b Added self-compile instructions
    • cf72faa Updated VueJS to v2.5.13
    • 0de45b3 Minor text changes

    Verifications:

    SHA256 sum of binaries:

    • goldfish-linux-amd64: a716db6277afcac21a404b6155d0c52b1d633f27d39fba240aae4b9d67d70943
    • goldfish-windows-amd64.exe: 1a270bda441168e17d96952c78a24725ccd40c637b702e8e27e3ab5d664de10b
    Source code(tar.gz)
    Source code(zip)
    goldfish-linux-amd64(62.41 MB)
    goldfish-windows-amd64.exe(62.38 MB)
  • v0.8.0(Dec 15, 2017)

    Summary:

    v0.8.0 brings some security updates and new features to the frontend. Deployment steps remain the same.

    Notes:

    • TLS1.0, TLS1.1 have been disabled (#205)
    • DES/3DES ciphersuites have been disabled (#205)
    • Goldfish can now fetch its certificates from vault's PKI backend (#143)

    Fixes:

    • f9ef8c6 Fixed a bug with editing non-string secret values
    • 6d893df Disabled TLS1.0 and TLS1.1, and disabled deprecated ciphersuites (#205)
    • 8e4b003 Fixed non-critical panics when an authentication backend is empty

    Features:

    • b693f7d Allow using certificates from PKI backend (#143)
    • 3d5cc83 Allow sorting secrets alphabetically (#200)
    • e1e22a8 Updated frontend to Bulma v0.6.1 (Color-scheme changed as a result)
    • 250c15a User (tokens, userpass, etc.) page modal views have been filled out with details (#210)
    • 2914960 Line-by-line diff views added to policy requests
      • Syntax highlight and diff don't play ball together. Pull requests are welcome (#192)
    • 7762cba Smart search (policies page) got a lot smarter (#212)
      • Goldfish now borrows Vault's core code to check for a policy's capabilities on a path

    Misc:

    • c7a17b8 Fixed icon alignments (#182)
    • 47a4a8a Favicon added (#168)
    • ceef80c Added screenshots and very basic frontend integration testing with Chromeless (#184)
    • 3caaed9 Secrets (key and value) boxes have been made monospace (#189)
    • 40632e2 Added confirmation to deleting multiple secrets (#196)
    • 715de22 Fixed typos
    • abc52a5 Frontend assets are now built with node v8.2.0+
    • 2cf9d6d Added confirmations for deleting single secret
    • c37d8ff Vault API updated to v0.9.0
    Source code(tar.gz)
    Source code(zip)
    goldfish-linux-amd64(62.20 MB)
    goldfish-windows-amd64.exe(62.17 MB)
  • v0.8.0-rc1(Dec 5, 2017)

    This is a release candidate only! Deployment steps remain the same.

    Notes:

    • TLS1.0, TLS1.1 have been disabled (#205)
    • DES/3DES ciphersuites have been disabled (#205)
    • Goldfish can now fetch its certificates from vault's PKI backend (#143)
      • This feature requires a vault token (i.e. bootstrapping) to be provided at launch time
      • See the sample config file for usage

    Fixes:

    • f9ef8c6 Fixed a bug with editing non-string secret values
    • 6d893df Disabled TLS1.0 and TLS1.1, and disabled deprecated ciphersuites (#205)

    Features:

    • b693f7d Allow using certificates from PKI backend (#143)
    • 3d5cc83 Allow sorting secrets by type and name (#200)

    Misc:

    • c7a17b8 Fixed icon alignments (#182)
    • 47a4a8a Favicon added (#168)
    • ceef80c Added screenshots and very basic frontend integration testing with Chromeless (#184)
    • 3caaed9 Secrets (key and value) boxes have been made monospace (#189)
    • 40632e2 Added confirmation to deleting multiple secrets (#196)
    • 715de22 Fixed typos
    Source code(tar.gz)
    Source code(zip)
    goldfish-linux-amd64(68.43 MB)
    goldfish-windows-amd64.exe(68.39 MB)
  • v0.7.4(Oct 25, 2017)

  • v0.7.3(Sep 28, 2017)

  • v0.7.2(Sep 28, 2017)

  • v0.7.1(Sep 26, 2017)

    Deployment steps are unchanged. Simply change your URL's version number and redeploy.

    Fixes:

    • 0bf4e9f Fixed decoding on token requests
    • 2c2cf30 Fixed Github login error
    • 0d24c91 Fixed leaking file descriptor
    • 3b46f0f Fixed #159

    Major:

    • 0f3ae97 Added support for nomad bootstrap file
    • 0b00478 Requested tokens are orphaned by default
    • 21933d5 Allow multi-select on secrets page - #153
    • c1dc09e Allow multi-delete on secrets page - #153
    • 76f0496 4294d93 Secrets page navigation changed to query parameters in url - #151
      • This allows for back & forward button navigation, and for URLs to load secrets directly

    Minor:

    • da44e3b Removed demo link in footer that led nowhere
    • 832b1fb Removed deprecated files
    • ea8aeb1 Removed deprecated code
    • 6f9b49a Quality of life updates to requests page
    Source code(tar.gz)
    Source code(zip)
    goldfish-linux-amd64(67.15 MB)
    goldfish-windows-amd64.exe(67.10 MB)
  • v0.7.1-rc1(Sep 19, 2017)

    This is a release candidate only! Deployment steps are unchanged

    Fixes:

    • 0bf4e9f Fixed decoding on token requests
    • 2c2cf30 Fixed Github login error
    • 0d24c91 Fixed leaking file descriptor

    Major:

    • 0f3ae97 Added support for nomad bootstrap file
    • 0b00478 Requested tokens are orphaned by default
    • 21933d5 Allow multi-select on secrets page - #153
    • c1dc09e Allow multi-delete on secrets page - #153
    • 76f0496 4294d93 Secrets page navigation changed to query parameters in url - #151
      • This allows for back & forward button navigation, and for URLs to load secrets directly

    Minor:

    • da44e3b Removed demo link in footer that led nowhere
    • 832b1fb Removed deprecated files
    • ea8aeb1 Removed deprecated code
    • 6f9b49a Quality of life updates to requests page
    Source code(tar.gz)
    Source code(zip)
    goldfish-linux-amd64(67.15 MB)
    goldfish-windows-amd64.exe(67.11 MB)
  • v0.7.0(Aug 26, 2017)

    v0.7.0 brings an expanded requests system. Users can now request for:

    • Creating a new policy
    • Deleting an existing policy
    • Creating a vault token (must be wrapped)
      • This means you can generate a root token in seconds!

    Deployment steps are identical to that of v0.6.0

    Fixes:

    • 64d74d4 Granular mutexes added to request system to prevent race condition
    • 5cfebf0 Fixed 404 in renew button in nav bar
    • 19c536c Fixed periodic entry in token creator
    • cddc6f6 Fixed the too many open files error #149

    Major:

    • dba9ca5 Revamped request system
      • There are 20+ commits for this, unlisted for conciseness
    • 390ec54 Added policy deletion request
    • 01a86da Added policy creation request
    • 5c8962a bd767ad Added token creation to requests system
      • Accessible in token creator page
    • 9bc367c Add orphan option to token creator #138
    • 197a3eb Okta login support #146

    Minor:

    • da8b0c0 Updated VueJS to 2.4.2
    • e011a1c Added confirmation button to deleting secrets
    • 8e7869f Added goldfish version update checks from GitHub
    • 21880fe Development script launches vault with 5 unseal keys instead of 1
    • 5033594 Added a reset button to dependencies page
    • a028612 Viewing Users page will no longer load the first page of tokens immediately
    Source code(tar.gz)
    Source code(zip)
    goldfish-linux-amd64(67.75 MB)
    goldfish-windows-amd64.exe(67.76 MB)
  • v0.7.0-rc1(Aug 19, 2017)

    v0.7.0 brings an expanded requests system. Users can now request for:

    • Creating a new policy
    • Deleting an existing policy
    • Creating a vault token (must be wrapped)
      • This means you can generate a root token in seconds!

    Deployment steps are identical to that of v0.6.0

    Fixes:

    • 64d74d4 Granular mutexes added to request system to prevent race condition
    • 5cfebf0 Fixed 404 in renew button in nav bar

    Major:

    • dba9ca5 Revamped request system
      • There are 20+ commits for this, unlisted for conciseness
    • 390ec54 Added policy deletion request
    • 01a86da Added policy creation request
    • 5c8962a bd767ad Added token creation to requests system
      • Accessible in token creator page
    • 9bc367c Add orphan option to token creator #138

    Minor:

    • da8b0c0 Updated VueJS to 2.4.2
    • e011a1c Added confirmation button to deleting secrets
    • 8e7869f Added goldfish version update checks from GitHub
    • 21880fe Development script launches vault with 5 unseal keys instead of 1
    • 5033594 Added a reset button to dependencies page
    Source code(tar.gz)
    Source code(zip)
    goldfish-linux-amd64(67.74 MB)
    goldfish-windows-amd64.exe(67.75 MB)
  • v0.6.0(Aug 1, 2017)

    v0.6.0 is an update focused on deployment, security, and bug fixes.

    The deployment has been simplified. Goldfish no longer requires a wrapping token at launch time, but will require the operator to provide one through the UI to bootstrap. Transit encryption is also now optional. See wiki for details

    Memory lock (identical to vault's implementation) is on by default in this version. A couple of race conditions have been fixed as well.

    Fixes:

    • 2dd3d5d Fixed theoretical race conditions in server token renewal
    • 9beb290 Fixed theoretical race conditions in request system
    • 2735bce Added cache control middleware to prevent clients from caching responses (e.g. Safari)
    • 82a546d Fixed a cosmetic bug that occurred when switching tabs too fast in user listing page

    Major:

    • 40f1946 Allow for provisioning of the vault wrapping token after launching in the UI
      • This means goldfish can launch without being bootstrapped!
    • c1298b6 Transit encryption is now optional (will only be used if ServerTransitKey is set in config)
    • 975e1be e7f97fe ecb5c66 LDAP group & user listing has been added
    • 2633a57 84074bd Added mlock by default (just like vault)
    • 7f12f9d Updated bulma to v0.5.0
      • Requests page should now display properly regardless of the max width of policy body

    Minor:

    • 457705a API has been versioned. Note this does not guarantee backwards compatibility.
    • 9cf5dd6 Added an endpoint for goldfish server's health
    • e671d1e Requests page unseal key entry is starred out on the client side
    • e966bc3 Use highlightJS for token creator page role details
    • 47e8640 Wrapper page can now handle unwrapping wrapped credentials
    Source code(tar.gz)
    Source code(zip)
    goldfish-linux-amd64(67.68 MB)
    goldfish-windows-amd64.exe(67.69 MB)
  • v0.5.1(Jul 25, 2017)

    Deployment steps have not changed from v0.5.0. However, as of v0.5.0, you may want to update your goldfish approle to periodic (see wiki deployment instructions)

    Fixes:

    • e42ba32 Fixed a channel bug that prevented goldfish from renewing its own token (#124)
    • 0643355 Fixed missing fmt error messages. Thanks to @Albibek #123
    • 10a72d1 Fixed an LDAP and Userpass login bug #128
    • 5494004 Fixed 404s in dependencies tool #132

    Major:

    • de8aa0f Updated bulma css to v0.4.3 - a couple of UI elements updated as a result
    • 6792408 HCL syntax highlight has been switched to ruby, since that is syntactically closer
    • 847d8d6 Allow for nested mount names (#115)
    • 8ea4537 Unwrapping no longer requires user to be logged in

    Minor:

    • eb693f2 Listing tokens, userpass, and approle logic have been separated
    • 7dc0b13 Vault API locked to v0.7.3 release
    • 834dc9e Switched breadcrumb component to bulma native
    • 968ea93 716ed9c Navbar updated to bulma native. Renew and Logout buttons added to navbar
    • c03ad48 Secrets page is no longer purged on error as long as current path does not change
    • 3f2d3e7 3377479 On launch, goldfish will assert whether it can renew itself (#124)
    • d9821a5 Warning messages added to token creator page when conflicting options are selected
    Source code(tar.gz)
    Source code(zip)
    goldfish-linux-amd64(67.59 MB)
    goldfish-windows-amd64.exe(67.60 MB)
  • v0.5.0(Jul 8, 2017)

    Deploying goldfish is even simpler - public folder is packed inside the binary. You only have to deploy ONE binary! See wiki for details

    Major:

    • bb7f94d Switched authentication from cookies to token based (#105)
      • All cookies and CSRF protection have been removed (no cookies => no CSRF)
    • af9aaa8 Static assets folder public is built into the binary with go.rice (#112)
    • 76014b0 Static assets are gzipped before being served. Most assets will see a 50%+ size reduction
    • 1e5d578 Mount resource type added to dependencies tool (#99)

    Minor:

    • ac9e561 Pagination of tokens moved to client-side; theoretical race condition fixed (#97)
    • 6e16899 Allow for empty values to valid keys when writing secrets
    • 496acff Added capability to write secrets with special characters (e.g. &) (#109)
    • 62395f7 Fixed a hardcoded display name in dropdown
    • 878e219 Request body size limited to 32MB (like vault)
    • edcc9de Extra vault verification when displaying transit page's default key
    • 2b865fb Fixed a bug when trying to go up in directory while already at a mount's top level (#108)
    • c459082 Added option to display secret as JSON (#110)
    • 9b84fa1 Added proper autofocus to input fields in secrets page (#111)
    • 0990f5d Fixed headers in secrets page (#114)
    Source code(tar.gz)
    Source code(zip)
    goldfish-linux-amd64(67.26 MB)
    goldfish-windows-amd64.exe(67.25 MB)
  • v0.5.0-rc1(Jul 5, 2017)

    Deploying goldfish is now simpler - public folder is packed inside the binary. You only have to deploy ONE binary! See wiki for details

    This is a release candidate. Nothing is guaranteed.

    Major:

    • bb7f94d Switched authentication from cookies to token based (#105)
      • All cookies have been removed, and thus all CSRF protection has been removed (no cookies => no CSRF)
    • af9aaa8 Static assets folder public is built into the binary with go.rice (#112)
      • Deployments don't need to unzip anymore, just run the one binary!
    • 76014b0 Static assets are gzipped before being served. Most assets will see a 50%+ size reduction

    Minor:

    • 1e5d578 Mount resource type added to dependencies tool (#99)
    • ac9e561 Pagination of tokens moved to client-side; theoretical race condition fixed (#97)
    • 6e16899 Allow for empty values to valid keys when writing secrets
    • 496acff Added capability to write secrets with special characters (e.g. &) (#109)
    • 62395f7 Fixed a hardcoded display name in dropdown
    • 878e219 Request body size limited to 32MB (like vault)
    • edcc9de Extra vault verification when displaying transit page's default key
    • 2b865fb Fixed a bug when trying to go up in directory while already at a mount's top level (#108)
    • c459082 Added option to display secret as JSON (#110)
    • 9b84fa1 Added proper autofocus to input fields in secrets page (#111)
    • 0990f5d Fixed headers in secrets page (#114)
    Source code(tar.gz)
    Source code(zip)
    goldfish-linux-amd64(67.23 MB)
  • v0.4.1(Jun 27, 2017)

    Major:

    • Resource dependency checker page added (#28)
      • Currently only resource type 'Policy' is supported
      • Can detect if any tokens, roles, userpass users, or approles that depend on provided policy
    • Session button & dropdown implemented in navigation bar when user is logged in (#51)
    • Secret deletion button added to secret list view (#71) (#69)
    • Add auto http to https redirect key to config (strictly port 80 to port 443) (#84)

    Minor:

    • Govendor'd all go libraries for consistency (following vault's suit) (#73)
    • Development environment and script updated (#79)
    • Config parser strictly requires http or https scheme for vault address (#91) (#77)
    • Warning signs added to nonsensical options in token creator page (#56)
    • Select element is unsquished (#33)
    Source code(tar.gz)
    Source code(zip)
    goldfish-linux-amd64(59.13 MB)
    goldfish-windows-amd64.exe(59.13 MB)
    public.zip(2.12 MB)
  • v0.4.0(Jun 17, 2017)

    Deployment instructions have changed

    Check the wiki for details


    Major:

    • Config system has been changed to a file-based system. Now, launching goldfish in production requires just two parameters:

      • token, which used to be vault_token but has been renamed
      • config, which should be the path of a file that specifies everything cmd args used to specify.
      • Full example of a config file can be found here
    • When launching goldfish in dev mode, it will also start a localhost dev vault instance. This means you no longer have to spin up your own separate vault instance before developing goldfish.

      • This also means launching a reproducible development environment no longer needs a bash script to feed data into vault.

    Note: binaries have gotten much bigger because vault core itself is now packed in.

    Source code(tar.gz)
    Source code(zip)
    goldfish-linux-amd64(59.40 MB)
    goldfish-windows-amd64.exe(59.45 MB)
    public.zip(1.81 MB)
  • v0.3.3(Jun 13, 2017)

    Note: this is possibly the last update before a config overhaul in #59

    Major:

    • New 'Wrapper' page, allowing arbitrary map write/read into a wrapping token. Thanks @yonniluu!
    • Added tls_disable cmd arg, much like Vault's server config file. Allows goldfish to launch in production settings but without https

    Minor:

    • Removed github.io scripts, because they are third-party and I'm paranoid
    Source code(tar.gz)
    Source code(zip)
    goldfish-linux-amd64(12.48 MB)
    goldfish-windows-amd64.exe(12.52 MB)
    public.zip(1.81 MB)
  • v0.3.2(Jun 9, 2017)

  • v0.3.0(Jun 2, 2017)

    Major:

    • Policy searching is much smarter. Searching for secret/foo will return policies that contain path secret/*
    • Added backend wrapper unit tests and acceptance tests, achieving 80% code coverage
    • Added continuous integration for both backend and frontend, allowing for successful/reject compiles every commit

    Minor:

    • Added tls_skip_verify option to allow for self-signed vault instances
    • Added version option to display version of goldfish for consistency and debugging purposes
    • General speed and text improvements
    Source code(tar.gz)
    Source code(zip)
    goldfish-linux-amd64(12.40 MB)
    goldfish-windows-amd64.exe(12.44 MB)
    public.zip(1.13 MB)
  • v0.2.5(May 27, 2017)

Owner
Tony Cai
Paranoid about security. Love open source stuff. Formerly @SAP. @Azure 2018
Tony Cai
webchat via WebSockets/WebRTC that allows messaging/video call/screen sharing

Live demo: pychat.org, video Table of contents About When should I use pychat How to host pychat Run test docker image Run prod docker image Native se

Andrew 188 Oct 11, 2021
Native desktop applications using Vue.js.

Vuido Create native desktop applications for Windows, OS X and Linux using Vue.js. Introduction Vuido is a framework for creating native desktop appli

Michał Męciński 6.1k Oct 20, 2021
A B/S mode system monitor for linux (demo http://199.247.1.240:2048)

中文说明 sysmon Sysmon is a C/S mode system monitor for Linux distribution. With server side daemon, you can remotely watch usage of your system resources

何培勤 111 Sep 14, 2021
a hilarious peer to peer drawing game built with vue.js using Ably channels.

a hilarious peer to peer drawing game built with vue.js using Ably channels.

Ably Labs 33 Oct 9, 2021
🖥️ Secman Desktop is the desktop client for secman. powered by @scmn-dev.

Secman Desktop ??️ Secman Desktop is the desktop client for secman. secman.dev/download Build & Run First sign up via Secman Signup Website Requiremen

Secman 5 Oct 11, 2021
Laqu-l 122 Oct 10, 2021
atmo is a selfhosted temperature and humidity monitoring system for you home.

atmo atmo is a selfhosted temperature and humidity monitoring system for you home. It uses standard ZigBee sensors but without the need for a commerci

Alexander Zeller 11 Aug 3, 2021
A platform where users can sell and buy new as well as old/used products. Made using Golang, Gorilla Mux, SQLite and Vue.js

A platform where users can sell and buy new as well as old/used products. Made using Golang, Gorilla Mux, SQLite and Vue.js

Niloy Sikdar 18 Oct 6, 2021
Cloud-native platform for building an NFT Marketplace on top of Algorand blockchain.

Built on OpenAlgoNFT OpenAlgoNFT is an open-source cloud-native platform for building an NFT Marketplace on top of Algorand blockchain. Learn more on

Ulam Labs 33 Oct 13, 2021
BookSplore - A Place to Enjoy Books

Booksplore is a website where you can enjoy, and explore the world of books - with your friends, and in the comfort of your browser! It offers a safe online environment for you to engross yourself in the world of books with your friends.

null 20 Oct 2, 2021
The code that powers voten.co

Where your vote(n) matters Voten.co Voten.co is an open-source, beautiful, highly customizable yet deadly simple, and warm community. To get a quick t

Voten 1.2k Oct 8, 2021
Free and customizable Pomodoro timer app built with Nuxt.

AnotherPomodoro is a very creatively named Pomodoro timer application running in the browser. It helps you manage your time so that you can spend more time doing work in exchange for time spent on watching videos of cute cats ??

Imre Gera 38 Oct 7, 2021
A Vue component to use native sharing mechanism of the device as part of the Web Share API.

vue-navigator-share A Vue component to use native sharing mechanism of the device as part of the Web Share API. Support only https and mobile browser

Gabriel Bibiano 18 Aug 21, 2021
Web application for organization of foodsaving groups worldwide - frontend code and central location for feature planning. For server-side code, go to https://github.com/yunity/karrot-backend

A web platform to support foodsaving groups worldwide. ?? ?? ?? karrot (Frontend) (Backend) This is the frontend repository, i.e. the browser-side sof

yunity 292 Oct 18, 2021
Native mobile applications using Vue and NativeScript.

Supporting NativeScript-Vue NativeScript-Vue is an MIT-licensed open source project made possible by our sponsors: and these awesome backers: Tiago Al

NativeScript-Vue 4.8k Oct 15, 2021
Rust app to tag your music library.

OneTagger Cross-platform music tagger written in Rust, Vue.js and Quasar. It can fetch metadata from Beatport, Traxsource, Juno Download and Discogs.

null 60 Oct 16, 2021
This project was created to help represent a fundamental app written with Vue.

Simple Vue App This project was created to help represent a fundamental app written with Vue. The heroes and villains theme is used throughout the app

John Papa 19 Mar 6, 2021
:white_check_mark: Todoist clone, written in Rails + Vue

Imitation is the sincerest form of flattery. This is a clone of the Todoist web-app. Here's how it looks: Visit a live instance to check it out! You c

Paul Kuruvilla 195 Oct 13, 2021