search

louislam / uptime-kuma

A fancy self-hosted monitoring tool
https://uptime.kuma.pet
MIT License
60.22k stars 5.38k forks source link

Add Email Encryption with PGP #4657

Open hozza opened 7 months ago

hozza commented 7 months ago

📑 I have found these related issues/pull requests

https://github.com/louislam/uptime-kuma/blob/822ce5384b1c138ccea7a20112363358cdb67083/server/notification-providers/smtp.js#L6-L123

🏷️ Feature Request Type

Change to existing notification-provider

🔖 Feature description

Email notifications are pretty great and reliable, but it would be absolutely fantastic to be able to encrypt the email messages using PGP.

This would work nicely with secure email providers.

✔️ Solution

Add PGP email encryption module to Nodemailer for more secure email notifications. 🔒

https://github.com/nodemailer/nodemailer-openpgp

❓ Alternatives

using an unencrypted email? 🔓

📝 Additional Context

Nope

CommanderStorm commented 7 months ago

Said notification provider is located here: https://github.com/louislam/uptime-kuma/blob/822ce5384b1c138ccea7a20112363358cdb67083/server/notification-providers/smtp.js#L6-L123

Agree that Transmitting notifications via plain text is likely not ideal. The thing is that is that PGP does not encrypt the headers => also not the subject Yes, the body could be encrypted, but the value here is likely lower

If you want to "secure" this part, I would suggest using a notification provider which is designed for this use case.

I am a bit unsure if the added maintenance effort adds value. => what would you like to achieve/protect from in the first place?

What do you mean by

This would world nicely with secure email providers

hozza commented 7 months ago

Said notification provider is located here: https://github.com/louislam/uptime-kuma/blob/822ce5384b1c138ccea7a20112363358cdb67083/server/notification-providers/smtp.js#L6-L123

Thanks, added to the ticket.

The thing is that is that PGP does not encrypt the headers => also not the subject Yes, the body could be encrypted, but the value here is likely lower

This is standard for PGP implementations, like in Proton Mail etc.

Getting into the details I'd suppose the security benefit here comes from protecting the uptime status of your services/infrastructure from an attacker. So perhaps uptime status could be removed from the email subject when enabling PGP (and from headers if it's in there?) leaving them generic, only communicating what's down and when in the encrypted body message.

If you want to "secure" this part, I would suggest using a notification provider which is designed for this use case.

Thanks, and I have been for sometime but nothing beats email for its open decentralised nature. Email is often omnipresent on devices whereas specific apps are not so much. Also not being tied into an app or special service provider is nice, favouring an open and standardised format.

I am a bit unsure if the added maintenance effort adds value. => what would you like to achieve/protect from in the first place?

I wonder how much extra dev maintenance this would be, perhaps it could be as little as an extra module, and a few input boxes for those that enable it? Support wise, I'd imagine this would be an advanced feature that support was not provided on.

I've touched in this a little above but knowing the uptime status of critical infra could be used in an attack or to validate an attack etc. Uptime of servers/networking equipment etc could be accessed by plain text emails or via unencrypted notification service providers.

This could be rare, targeted and effort filled attack in general but it could also be as easy as using a work based SMTP server, and a disgruntled email IT colleague with access could learn of certain services being down from the plain text and using this info nefariously.

What do you mean by

This would world nicely with secure email providers

Thanks, fixed type.

CommanderStorm commented 7 months ago

You would be surprised by ho much of the support effort are these harder to configure features. Have a look at registering your own custom CA with uptime kuma for further details. The problem is that I don't know anything about PGP => Could not support users having trouble.

The support-trouble especially start when a lackluster maintained module gets added (read: I am unsure if the module is working correctly as they have not enabled issues)

We can add such a feature if

I still don't get what you mean by work nicely and secure email providers in

This would work nicely with secure email providers.

hozza commented 7 months ago

Fair enough. I don't have time to develop this unfortunately. If someone wants to pick it up I'd be happy to help where I can.