Dnote, an Open-Source, self-hosted, solution for sharing passwords, credentials, and notes
Is that a password that you have in your clipboard? Maybe some sensitive information about your company?
Sharing confidential information, like credentials, across your team members is something that feels safe, however, most of the time it is not. Computers get stolen, accounts get compromised, and employees go rogue. It is super easy to copy and paste a production password so that one of your colleagues can access that critical service, but now that string of text is there forever, on your chat history or emails. In 2018, 37,000 "Eir" customers were affected by a data breach after a laptop, containing passwords and credentials to production servers, was stolen.
This begs the question... how do you securely share that password or piece of confidential information with a trusted co-worker? Enter Dnote.
Trust no one, even yourself
Dnote is an Open-Source, self-hosted, non-GMO service that allows you to quickly spin up a website, comprising of one text box and button, that offers you the solution to the aforementioned problem. There are two parts to the process, these are the encryption and decryption of the message you want to transmit. Whatever text you input on the web page is encrypted with AES256 (the type of encryption that the VPNs sponsoring YouTube videos like to call "Military-grade encryption") when you click the button. And one thing worth pointing out is that the encryption happens in your browser. Yours is already fully encrypted when it leaves your browser. The encrypted text is then stored in a Redis server. The result of this is a link/URL that has the decryption key embedded in it, which you can then paste on any chat room or email. Once that link is clicked, the encrypted message is retrieved from the Redis server and decrypted. Upon retrieval, the confidential data is deleted forever from the server and no trace of it will remain.
You might think that using other websites that provide the same service is safe, but you can’t be sure as you don’t know how they work internally. Dnote, like every other Open-Source application, gives you the chance to inspect the source code and be confident that you know what it is doing.
What if the server gets compromised, you may ask? Well, in that case, the perpetrators will not be able to decrypt any of the information stored in the database. The "weakest link" in the Dnote system is the user.
Clone the source code, and deploy it to a server within your company that is accessible to the intended users. In your terminal, run `make prod` to build. Then open your browser and go to port 4201 on that server, for example https://SERVERNAME:4201/. Simple, right?
Smartbox's Open-Source Community
This is the latest project that the Smartbox's Open-Source Governance Team is releasing. Comprised of people from different backgrounds with varying technological penchants, The Governance Team is unified under one common goal: Give back to the Open-Source community.
Please check out our Github page and feel free to submit a patch, an issue, or a star to any of our repos.
