Businesses and technical people may want more control over the hosting of their data so we made it easy to self-host your own server.
All data is end-to-end encrypted so only the account holder can access secrets using the primary password but if you are self-hosting you are responsible for configuring TLS to protect the data in transit.
After installing the command line tools create a folder to store account data, initialize the config file and start the server.
By default the server will listen on all interfaces to port 5053, use the --bind option to change the bind address.
Configuration
Servers are permissionless which means no sign up is required to create an account therefore you are responsible for protecting access to the server, use the access control configuration to restrict access.
Transport Layer Security
To secure the communication with the server we recommend configuring an SSL certificate in the tls section:
[tls]
cert = "cert.pem"
key = "key.pem"Whilst the account data is secured using end-to-end encryption protecting the server communication with SSL helps to prevent MitM and replay attacks.
In the future we will support the Let's Encrypt ACME protocol to make configuring TLS easier.
Access Control
The configuration supports access control with deny and allow sections to control which accounts are allowed to connect.
To restrict access to certain account addresses use an allow list:
[access]
allow = [
"0x3ebe1c7c8e56a1e9b813073e30caf1a0cd8e7634"
]Only the specific addresses listed are allowed to connect to the server. Alternatively it's possible to explicitly deny certain account addresses.
[access]
deny = [
"0x7ebe1c7c89e56a1e9b813073e30caf1a0cd8e5541"
]