Koofr Vault is an open-source, client-side encrypted folder for your Koofr cloud storage offering an extra layer of security for your most sensitive files. The encryption is compatible with rclone.
Koofr Vault is divided into two parts: the engine and the UI. The engine, made up of vault-core
and vault-wasm
, is written in Rust and compiled to WebAssembly. The UI, vault-web
, is written in React and uses Vite for frontend tooling. There is no server component; Koofr Vault only uses the public Koofr REST API.
The easiest way to run Koofr Vault locally is to build and run it with Docker. This will compile the app and build a Docker image using Caddy web server.
docker build --build-arg GIT_REVISION=$(git rev-parse --short HEAD) -t vault .
docker run --rm -p 5173:5173 vault
You can now open http://localhost:5173 in your browser.
Alternatively, you can build static files, which will produce vault-web.tar.gz
file with the static files:
docker build --build-arg GIT_REVISION=$(git rev-parse --short HEAD) --build-arg GIT_RELEASE=$(git describe --tags --exact-match 2> /dev/null || echo -n '') --target static-stage -t vault-static .
docker run --rm vault-static cat vault-web.tar.gz > vault-web.tar.gz
For development instructions, see the vault-wasm
README and vault-web
README.
Koofr Vault is built using GitHub Actions and published as a GitHub Release. You can download a release .tar.gz
file and run it locally, or use the extracted files from the release to verify what https://vault.koofr.net is serving. The current deployed Git revision can be found at https://vault.koofr.net/gitrevision.txt
Example:
mkdir koofr-vault-check
cd koofr-vault-check
wget https://github.com/koofr/vault/releases/download/v0.1.0/vault-web.tar.gz
tar xf vault-web.tar.gz
allok=true
for path in $(tar tf vault-web.tar.gz | grep -v './$' | sort); do
local=$(sha256sum "$path" | awk '{print $1}')
remote=$(curl -s "https://vault.koofr.net/${path:2}" | sha256sum | awk '{print $1}')
if [ "$local" = "$remote" ]; then
echo "$path OK"
else
echo "$path MISMATCH (local $local remote $remote)"
allok=false
fi
done
if [ "$allok" = "true" ]; then
echo "OK"
else
echo "MISMATCH"
fi
If you have a bug report, please send the report to support@koofr.net. If you are considering contributing to the Koofr Vault code, please contact us in order to discuss your intended contribution first, as we can not afford the effort to review arbitrary contributions at the moment.
Koofr Vault was developed and designed by the Koofr team.
We would like to extend a huge thank you to rclone for their encryption implementation.
Koofr Vault is licensed under the terms of the MIT license.