Skip to content
/ inori Public

A lightweight, self-hosted secrets manager inspired by HashiCorp Vault

License

WTFPL license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SooditK/inori

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Inori

WTFPL

A lightweight, self-hosted secrets manager inspired by HashiCorp Vault. Inori securely stores secrets in a LibSQL database, encrypts them with AES-256, and provides optional Redis-based caching and rate limiting. It is designed for simplicity, security, and ease of deployment.

Features

  • Secure Storage: Secrets are encrypted using AES-256 before being stored in the database.
  • LibSQL Backend: Uses LibSQL for persistent, reliable storage.
  • Redis Caching (Optional): Speeds up secret retrieval and enables distributed rate limiting.
  • Rate Limiting: Protects against abuse (30 requests/minute per IP by default).
  • Audit Logging: All actions are logged for traceability.
  • Simple HTTP API: Easy to integrate with any system.
  • Docker Support: Quick to run locally or in production.

Installation

  1. Clone the repository:
git clone https://github.com/SooditK/inori.git
cd inori
  1. Create a .env file:
cp .env.example .env
  1. Get the environment variables (MASTER_SECRET_KEY & SECRETS_API_TOKEN)
openssl rand -hex 32 # MASTER_SECRET_KEY
openssl rand -hex 32 # SECRETS_API_TOKEN
  1. Start the service:
docker compose up -d

The service will be available at http://localhost:8080.

OR Run the service locally:

go run main.go

The service will be available at http://localhost:8080.

Usage

Authorization

Authorization: <your SECRETS_API_TOKEN>

Get a secret

GET /get?key=

Set a secret

POST /set?key=&value=

Delete a secret

DELETE /delete?key=

Example

curl -X POST "http://localhost:8080/set?key=MY_SECRET&value=supersecret" -H "Authorization: your_api_token"
curl "http://localhost:8080/get?key=MY_SECRET" -H "Authorization: your_api_token"
curl -X DELETE "http://localhost:8080/delete?key=MY_SECRET" -H "Authorization: your_api_token"

Environment Variables

  • MASTER_SECRET_KEY: The master secret key used to encrypt and decrypt secrets.
  • SECRETS_API_TOKEN: The API token used to authenticate requests.
  • LIBSQL_DB_URL: The URL of the LibSQL database.
  • LIBSQL_DB_AUTH_TOKEN: The authentication token for the LibSQL database.
  • REDIS_URL: The URL of the Redis server.

How It Works

  • Encryption: Secrets are encrypted with AES-256-GCM before storage.
  • Storage: Encrypted secrets are stored in LibSQL.
  • Caching: If Redis is configured, secrets are cached for faster reads.
  • Rate Limiting: Each IP is limited to 30 requests per minute (configurable in code).
  • Audit Logging: All actions (read, write, delete) are logged in the database.

Security Notes

  • Never share your MASTER_SECRET_KEY or SECRETS_API_TOKEN.
  • Use HTTPS in production to protect secrets in transit.
  • Rotate your API token and master key periodically.
  • Audit logs are stored in the database for traceability.

About

A lightweight, self-hosted secrets manager inspired by HashiCorp Vault

Resources

Readme

License

WTFPL license
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages