Skip to content
/ dead-man-hand Public
forked from bkupidura/dead-man-hand

DMH will execute action when you will not be able to. Dead-man-switch software with privacy in mind.

License

GPL-3.0 license
0 stars 14 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

alexandear-org/dead-man-hand

BranchesTags
 
 

Repository files navigation

dead-man-hand-logo

Idea

Dead-Man-Hand will execute pre-added actions when you will no longer be "available".

All actions are encrypted and when properly configured nobody will be able to get action details untill you are dead.

Main goal of DMH is to ensure that actions can be executed only when you are dead. And before that time, every action should be confidential - even for people who have access to DMH.

Features

  • Privacy focused - even with access to DMH you will not be able to see action details.
  • Tested - almost 100% code covered by unit tests and integration tests.
  • Small footprint (less than 20MB of RAM needed)
  • Multiple action execution methods (json_post, bulksms, mail)

How it works

dmh-flow
  1. User creates action
  2. DMH encrypts action with age
  3. DMH uploads encryption private key to Vault
  4. Vault encrypts private key with own key and saves it (Vault will release encryption private key when user will be considered dead)
  5. DMH saves encrypted action, discards plaintext action, discards private key (from now, nobody is able to see unencrypted action, even DMH)
  6. When user will not be available for some time (configured per action), she/he would be considered dead.
  7. When both DMH and Vault will decide that user is dead, Vault secrets will be released, actions would be decrypted and executed.
  8. After execution, DMH will remove encryption private key from Vault - to ensure that action will remain confidential (only valid for actions with min_interval: 0).

To decrypt action, access to DMH and Vault is required - DMH stores encrypted data and Vault stores encryption key.

To provide best possible privacy/security, its required to run DMH and Vault on different systems/servers/locations.

Installation

Docker (recommended)

docker run --name dead-man-hand -e DMH_CONFIG_FILE=/data/config.yaml -v /srv/dead-man-hand/data:/data -p 8080:8080 ghcr.io/bkupidura/dead-man-hand:latest

Baremetal

  1. Install golang
  2. Clone repo: git clone https://github.com/bkupidura/dead-man-hand.git
  3. Build binaries: cd dead-man-hand && make build
  4. Run dmh: DMH_CONFIG_FILE=config.yaml ./dmh

Execute plugins

DMH is easly extensible and support below plugins:

  • dummy - log action message
  • json_post - send HTTP POST request
  • mail - send mail over SMTP
  • bulksms - send SMS with bulksms.com

Documentation

Documentation is available in wiki

About

DMH will execute action when you will not be able to. Dead-man-switch software with privacy in mind.

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

5 tags

Packages

No packages published

Languages

  • Go 99.7%
  • Other 0.3%