Remote multi-db SQLCipher server.
festung is a server that provides an HTTP API to execute queries against encrypted SQLite databases.
Festung
Remote multi-db SQLCipher server exposing a REST API
Build
The festung
container is built with the help of an auxiliary container called steinmetz
. The steinmetz
container gathers and compiles all build dependencies, so that build process of festung
itself is faster. You can build both containers by invoking make
with no target.
$ make
Run
To spin up a festung instance do
$ docker run --rm --tty --interactive --publish 127.0.0.1:2728:2728 --name festung festung
or just do
$ make start
If you want to persist the vaults between multiple runs, you either have to mount a directory from the host system or create a docker volume. The latter could be done by doing
$ docker volume create vaults
and then run festung like so
$ docker run --rm -it -p 127.0.0.1:2728:2728 --mount source=vaults,target=/var/festung --name festung festung
Interact
Once you have a festung instance running you can interact with the API by using curl
, httpie
or an HTTP client of your choice.
The databases that are handled by festung are encrypted. The key is provided through the Authorization header whose value is base64 encoded
$ echo foo | base64
Zm9vCg==
The request body for issuing queries against festung contains the fields sql
and params
. To create a new table foo
in the database 1
(encrypted with the password "foo"
) you can issue the following request:
# http localhost:2728/1 Authorization:Zm9vCg== sql='CREATE TABLE foo (id INT, b VARCHAR)' params:='[]'
{
"data": [],
"headers": [],
"last_row_id": 0,
"rows_changed": 0
}
The params
paramter can be used for parametrizing queries. Let's say we insterted some data in our table
# http localhost:2728/1 Authorization:Zm9vCg== sql='INSERT INTO foo VALUES (1, "b")' params:='[]'
{
"data": [],
"headers": [],
"last_row_id": 0,
"rows_changed": 0
}
then we could use params
as follows:
# http localhost:2728/1 Authorization:Zm9vCg== sql='SELECT * FROM foo WHERE id IN (?)' params:='[1]'
{
"data": [
[
1,
"b"
]
],
"headers": [
{
"name": "id",
"type": "INT"
},
{
"name": "b",
"type": "VARCHAR"
}
],
"last_row_id": 0,
"rows_changed": -1
}