search

vaulty-co / vaulty

Tokenize, encrypt/decrypt, mask your data on the fly with Vaulty proxy
https://vaulty.co
Mozilla Public License 2.0
62 stars 11 forks source link

enhancement - reverse proxy chaining? #22

Open c-nv-s opened 3 years ago

c-nv-s commented 3 years ago

Is there a possibility to place Vaulty in front of another reverse proxy such as HAProxy or Caddy and then pass on the X-Forwarded-For Header so that the following proxy is still aware of the original client?

alovak commented 3 years ago

Hey, @c-nv-s! thanks for your question. Currently, it's not implemented, but I can add it.

Do you use Vaulty or plan to use it in production? It would be great to know that someone uses it :)

c-nv-s commented 3 years ago

Yes i'm testing it now and would love to use it in production

c-nv-s commented 3 years ago

I think what might also be nice is if you could facilitate encryption based on "dynamic public keys". So you could have a dictionary of X-Vaulty-APIKey header to public key e.g.

{
"00001" : "ssh-rsa AAAAB3NzaC1yc2EAAAADAQAB....",
"00002" : "ssh-rsa AAAAC5DslFj2alDBBB3NZC1B.....",
...
}

so when the request comes in, Vaulty would see the value of X-Vaulty-APIKey: 00002 and encrypt the value using "ssh-rsa AAAAC5DslFj2alDBBB3NZC1B....."

and an admin endpoint you can call to add/delete public keys to the list