[erlang-questions] ANN: Cinched 0.0.1, an encryption microservice

[Mark Steele]

Hi list,

I've just released version 0.0.1 of an application I've been working on for
some time now called Cinched.

It's a microservice for providing encryption/decryption (partial JSON
document or blob).

Some of the goals I had in mind while putting this together is to simplify
key management for developers as well as centralize the encryption code to
make it easier to audit.

Under the hood:

   - riak_ensemble for key storage
   - cowboy for the TLS/HTTP handling
   - shamir secret sharing
   - libsodium (via NIF bindings)
   - OCSP checks (via NIF bindings)
   - poolboy for limiting CPU bound workers
   - exometer_core for metrics
   - jiffy for json parsing
   - ej for json document traversal
   - Lots of SELinux policy, Linux DAC controls

I'm pretty new at Erlang so I'd appreciate any feedback as well as harsh
criticism, it's all good.

Code is available on Github here: https://github.com/marksteele/cinched

As an FYI, it's targeted to RHEL/CentOS 7. Much of the security of the
system is dependent on a well behaving SELinux system with the right
reference policy.

PS: Has anyone managed to layer in an attestation protocol on top of Erlang
distribution in order to be able to establish trust between cluster peers?
I've found some academic research, but no code.

Cheers,


Mark Steele
CISSP, GPEN, GCIA, CSM
mark@REDACTED

LinkedIn: https://ca.linkedin.com/in/markrsteele
Github: https://github.com/marksteele
Personal: http://www.control-alt-del.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160203/e831c6d2/attachment.htm>