Manta is a Flask microservice that allows users to sign files using GPG without giving them access to the private key. Manta signs, the user gets the file back.
-
Token-based authentication
-
MFA with WebAuthn
-
Integration with Hashicorp Vault
-
Metrics and alerting with Prometheus
To run locally, use docker-compose:
$ docker compose up -d
The service is now reachable over port 8000.
The service requires a Hashicorp Vault and MySQL database to be reachable. Specify the host information in config.py
to properly connect. Alternatively, you can set the appropriate environment variables.
VAULT_HOST = os.environ.get('VAULT_HOST', 'localhost')
VAULT_PORT = os.environ.get('VAULT_PORT', '8200')
...
DATABASE_NAME = os.environ.get('DATABASE_NAME', 'manta')
DATABASE_HOST = os.environ.get('DATABASE_HOST', 'locahost')
DATABASE_USER = os.environ.get('DATABASE_USER', 'manta-user')
DATABASE_PASS = os.environ.get('DATABASE_PASS', 'manta-user-pw')
Set the DEBUG flag in the Dockerfile
to True
. Build the image and run it transiently:
$ docker build -t manta . && docker run --rm manta