Rebrand to 'lockbox'

char · char · commit ab1ee46fbd19 · 2020-07-21T04:12:15.000+01:00
Since it's where you keep your keys ;)
diff --git a/.env.schema b/.env.schema
@@ -1,2 +1,2 @@
-DATABASE_URL=sqlite:///data/ssh-key-authority-dev.db
+DATABASE_URL=sqlite:///data/lockbox-dev.db
 SESSION_SECRET_KEY=
diff --git a/README.md b/README.md
@@ -1,22 +1,31 @@
-# ssh-key-authority
+# Lockbox
 
-A centralised location for your personal SSH keys. Written using [Starlette](https://www.starlette.io/).
-
-Supports:
+A place to put your keys. Lockbox is a centralised store for your personal SSH keys. It supports:
 
 - [GitHub](https://github.com/)
 - [GitLab](https://gitlab.com/)
 - [Gogs](https://gogs.io/) and [Gitea](https://gitea.io/)
 - Any `sshd` with an `AuthorizedKeysCommand` configuration directive
 
+Written using [Starlette](https://www.starlette.io/).
+
+## Security
+
+**Beware:** For all the systems you hook it up to, Lockbox is a [single point of failure](https://en.wikipedia.org/wiki/Single_point_of_failure).
+That is, if an adversary can gain control of your account on your Lockbox instance,
+they can deploy their own key and access any of the linked systems.
+
+Furthermore, the administrator of the Lockbox instance you are using is capable of adding keys under any user,
+so make sure you trust the admin. (In the best-case scenario, the admin is you.)
+
 ## Usage
 
 ```
 $ # set up a virtualenv, or don't, your choice. then:
 $ pip install -r requirements.txt
 $ cp .env.schema .env; $EDITOR .env # Set up the DATABASE_URL value
 $ alembic upgrade head # Run migrations to initialise the database
-$ ./run_prod.sh ./ssh-key-authority.sock # Starts a gunicorn instance (with a uvicorn worker) listening at unix:./ssh-key-authority.sock
+$ ./run_prod.sh ./lockbox.sock # Starts a gunicorn instance (with a uvicorn worker) listening at unix:./lockbox.sock
 $ # Use nginx to proxy into the socket
 ```
 
diff --git a/contrib/check_keys.sh b/contrib/check_keys.sh
@@ -10,11 +10,12 @@ if [ $? == 0 ]; then
 
   authorized_keys_file="~$KEYS_USER/.ssh/authorized_keys"
   if [ -f "$authorized_keys_file" ]; then
-    regular_authorized_keys=`sed '/.*###### SSH-KEY-AUTHORITY SECTION ######.*/{s///;q;}' < "$authorized_keys_file"`
+    regular_authorized_keys=`sed '/.*### LOCKBOX SECTION.*/{s///;q;}' < "$authorized_keys_file"`
 
-    (echo $regular_authorized_keys; echo '###### SSH-KEY-AUTHORITY SECTION ######
-# PLEASE DO NOT EDIT UNDER THIS SECTION
-# IT WILL BE WIPED BY SSH-KEY-AUTHORITY'; echo $fetched_keys) > authorized_keys_file
+    (echo $regular_authorized_keys; echo '### LOCKBOX SECTION
+# Please do not edit under this section, it is
+# automatically generated and may be wiped
+# at any time.'; echo $fetched_keys) > authorized_keys_file
   fi
 else
   >&2 echo "An error occurred while fetching $KEYS_USER's keys from $KEYS_HOST."
diff --git a/lockbox/__init__.py b/lockbox/__init__.py
@@ -9,15 +9,15 @@
 
 from starlette.staticfiles import StaticFiles
 
-from ssh_key_authority.db import database
-from ssh_key_authority.config import SESSION_SECRET_KEY
-from ssh_key_authority.auth import SessionAuthBackend
+from lockbox.db import database
+from lockbox.config import SESSION_SECRET_KEY
+from lockbox.auth import SessionAuthBackend
 
-from ssh_key_authority.routes.main_page import main_page_endpoint
-from ssh_key_authority.routes.login import login_endpoint, logout_endpoint
-from ssh_key_authority.routes.register import register_page_endpoint, register_endpoint
-from ssh_key_authority.routes.deploy_key import deploy_key_endpoint
-from ssh_key_authority.routes.list_keys import list_keys_endpoint
+from lockbox.routes.main_page import main_page_endpoint
+from lockbox.routes.login import login_endpoint, logout_endpoint
+from lockbox.routes.register import register_page_endpoint, register_endpoint
+from lockbox.routes.deploy_key import deploy_key_endpoint
+from lockbox.routes.list_keys import list_keys_endpoint
 
 app = Starlette(
     routes=[
diff --git a/lockbox/auth.py b/lockbox/auth.py
diff --git a/lockbox/config.py b/lockbox/config.py
diff --git a/lockbox/db.py b/lockbox/db.py
@@ -1,4 +1,4 @@
-from ssh_key_authority.config import DATABASE_URL
+from lockbox.config import DATABASE_URL
 
 import databases
 import sqlalchemy
diff --git a/lockbox/debug.py b/lockbox/debug.py
@@ -0,0 +1,3 @@
+from lockbox import app
+
+app.debug = True
diff --git a/lockbox/flashes.py b/lockbox/flashes.py
diff --git a/lockbox/routes/deploy_key.py b/lockbox/routes/deploy_key.py
@@ -3,8 +3,8 @@
 from starlette.requests import Request
 from starlette.responses import RedirectResponse
 
-from ssh_key_authority.flashes import flash
-from ssh_key_authority.db import database, keys, users
+from lockbox.flashes import flash
+from lockbox.db import database, keys, users
 
 
 class InvalidKeyException(Exception):
diff --git a/lockbox/routes/list_keys.py b/lockbox/routes/list_keys.py
@@ -3,7 +3,7 @@
 from starlette.requests import Request
 from starlette.responses import PlainTextResponse
 
-from ssh_key_authority.db import database, keys, users, access_keys
+from lockbox.db import database, keys, users, access_keys
 
 
 def generate_key_info(ssh_keys, include_comments: bool) -> Generator[str, None, None]:
diff --git a/lockbox/routes/login.py b/lockbox/routes/login.py
@@ -3,8 +3,8 @@
 from starlette.requests import Request
 from starlette.responses import RedirectResponse
 
-from ssh_key_authority.db import database, users
-from ssh_key_authority.flashes import flash
+from lockbox.db import database, users
+from lockbox.flashes import flash
 
 
 async def login_valid(username: str, password: str) -> bool:
diff --git a/lockbox/routes/main_page.py b/lockbox/routes/main_page.py
@@ -1,7 +1,7 @@
 from starlette.requests import Request
 
-from ssh_key_authority.templating import render_template
-from ssh_key_authority.config import REGISTRATION_ENABLED
+from lockbox.templating import render_template
+from lockbox.config import REGISTRATION_ENABLED
 
 
 async def main_page_endpoint(request: Request):
diff --git a/lockbox/routes/register.py b/lockbox/routes/register.py
@@ -3,10 +3,10 @@
 from starlette.requests import Request
 from starlette.responses import RedirectResponse, PlainTextResponse
 
-from ssh_key_authority.templating import render_template
-from ssh_key_authority.db import database, users
-from ssh_key_authority.config import REGISTRATION_ENABLED
-from ssh_key_authority.flashes import flash
+from lockbox.templating import render_template
+from lockbox.db import database, users
+from lockbox.config import REGISTRATION_ENABLED
+from lockbox.flashes import flash
 
 
 async def disabled_registration_endpoint(request: Request):
diff --git a/lockbox/templating.py b/lockbox/templating.py
@@ -1,7 +1,7 @@
 from starlette.requests import Request
 from starlette.templating import Jinja2Templates
 
-from ssh_key_authority.flashes import get_and_clear_flashes
+from lockbox.flashes import get_and_clear_flashes
 
 templates = Jinja2Templates(directory="templates")
 
diff --git a/migrations/env.py b/migrations/env.py
@@ -10,11 +10,11 @@
 
 import sys, os
 
-# Put the working directory in the sys path so that we can import ssh_key_authority
+# Put the working directory in the sys path so that we can import the lockbox package
 sys.path.insert(0, os.path.abspath("."))
 
-from ssh_key_authority.db import metadata as app_metadata
-from ssh_key_authority.config import DATABASE_URL
+from lockbox.db import metadata as app_metadata
+from lockbox.config import DATABASE_URL
 
 config.set_main_option("sqlalchemy.url", str(DATABASE_URL))
 target_metadata = app_metadata
diff --git a/run_dev.py b/run_dev.py
@@ -3,4 +3,4 @@
 import uvicorn
 
 if __name__ == "__main__":
-    uvicorn.run("ssh_key_authority.debug:app", host="127.0.0.1", port=5000, reload=True)
+    uvicorn.run("lockbox.debug:app", host="127.0.0.1", port=5000, reload=True)
diff --git a/ssh_key_authority/debug.py b/ssh_key_authority/debug.py
diff --git a/templates/base.html.j2 b/templates/base.html.j2
@@ -5,7 +5,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
 
     <link rel="icon" href="data:">
-    <title>{{ title }}{% if not override_title %} - SSH Key Authority{% endif %}</title>
+    <title>{{ title }}{% if not override_title %} - Lockbox{% endif %}</title>
 
     <link rel="stylesheet" href="/static/global.css">
 
diff --git a/templates/index.html.j2 b/templates/index.html.j2
@@ -1,9 +1,7 @@
 {% set override_title = true %}
-{% set title = "SSH Key Authority" %}
+{% set title = "Lockbox" %}
 {% set description = "A centralised location for your personal SSH keys." %}
-
 {% extends "base.html.j2" %}
-{% block title %}SSH Key Authority{% endblock %}
 
 {% block content %}
   {% if request.user.is_authenticated %}

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`		`-DATABASE_URL=sqlite:///data/ssh-key-authority-dev.db`
	`1`	`+DATABASE_URL=sqlite:///data/lockbox-dev.db`
`2`	`2`	`SESSION_SECRET_KEY=`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-from ssh_key_authority.config import DATABASE_URL`
	`1`	`+from lockbox.config import DATABASE_URL`
`2`	`2`
`3`	`3`	`import databases`
`4`	`4`	`import sqlalchemy`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+from lockbox import app`
	`2`	`+`
	`3`	`+app.debug = True`