MyNixOS website logo
Description

Remote multi-db SQLCipher server.

festung is a server that provides an HTTP API to execute queries against encrypted SQLite databases.

Festung

Remote multi-db SQLCipher server exposing a REST API

Build

The festung container is built with the help of an auxiliary container called steinmetz. The steinmetz container gathers and compiles all build dependencies, so that build process of festung itself is faster. You can build both containers by invoking make with no target.

$ make

Run

To spin up a festung instance do

$ docker run --rm --tty --interactive --publish 127.0.0.1:2728:2728 --name festung festung

or just do

$ make start

If you want to persist the vaults between multiple runs, you either have to mount a directory from the host system or create a docker volume. The latter could be done by doing

$ docker volume create vaults

and then run festung like so

$ docker run --rm -it -p 127.0.0.1:2728:2728 --mount source=vaults,target=/var/festung --name festung festung

Interact

Once you have a festung instance running you can interact with the API by using curl, httpie or an HTTP client of your choice.

The databases that are handled by festung are encrypted. The key is provided through the Authorization header whose value is base64 encoded

$ echo foo | base64
Zm9vCg==

The request body for issuing queries against festung contains the fields sql and params. To create a new table foo in the database 1 (encrypted with the password "foo") you can issue the following request:

# http localhost:2728/1 Authorization:Zm9vCg== sql='CREATE TABLE foo (id INT, b VARCHAR)' params:='[]'
{
    "data": [],
    "headers": [],
    "last_row_id": 0,
    "rows_changed": 0
}

The params paramter can be used for parametrizing queries. Let's say we insterted some data in our table

# http localhost:2728/1 Authorization:Zm9vCg== sql='INSERT INTO foo VALUES (1, "b")' params:='[]'
{
    "data": [],
    "headers": [],
    "last_row_id": 0,
    "rows_changed": 0
}

then we could use params as follows:

# http localhost:2728/1 Authorization:Zm9vCg== sql='SELECT * FROM foo WHERE id IN (?)' params:='[1]'
{
    "data": [
        [
            1,
            "b"
        ]
    ],
    "headers": [
        {
            "name": "id",
            "type": "INT"
        },
        {
            "name": "b",
            "type": "VARCHAR"
        }
    ],
    "last_row_id": 0,
    "rows_changed": -1
}
Metadata

Version

0.9.1.2

License

Platforms (75)

    Darwin
    FreeBSD
    Genode
    GHCJS
    Linux
    MMIXware
    NetBSD
    none
    OpenBSD
    Redox
    Solaris
    WASI
    Windows
Show all
  • aarch64-darwin
  • aarch64-genode
  • aarch64-linux
  • aarch64-netbsd
  • aarch64-none
  • aarch64_be-none
  • arm-none
  • armv5tel-linux
  • armv6l-linux
  • armv6l-netbsd
  • armv6l-none
  • armv7a-darwin
  • armv7a-linux
  • armv7a-netbsd
  • armv7l-linux
  • armv7l-netbsd
  • avr-none
  • i686-cygwin
  • i686-darwin
  • i686-freebsd
  • i686-genode
  • i686-linux
  • i686-netbsd
  • i686-none
  • i686-openbsd
  • i686-windows
  • javascript-ghcjs
  • loongarch64-linux
  • m68k-linux
  • m68k-netbsd
  • m68k-none
  • microblaze-linux
  • microblaze-none
  • microblazeel-linux
  • microblazeel-none
  • mips-linux
  • mips-none
  • mips64-linux
  • mips64-none
  • mips64el-linux
  • mipsel-linux
  • mipsel-netbsd
  • mmix-mmixware
  • msp430-none
  • or1k-none
  • powerpc-netbsd
  • powerpc-none
  • powerpc64-linux
  • powerpc64le-linux
  • powerpcle-none
  • riscv32-linux
  • riscv32-netbsd
  • riscv32-none
  • riscv64-linux
  • riscv64-netbsd
  • riscv64-none
  • rx-none
  • s390-linux
  • s390-none
  • s390x-linux
  • s390x-none
  • vc4-none
  • wasm32-wasi
  • wasm64-wasi
  • x86_64-cygwin
  • x86_64-darwin
  • x86_64-freebsd
  • x86_64-genode
  • x86_64-linux
  • x86_64-netbsd
  • x86_64-none
  • x86_64-openbsd
  • x86_64-redox
  • x86_64-solaris
  • x86_64-windows