Merge branch 'main' into dependabot/npm_and_yarn/frontend/postcss-8.4.31

.env.dev.example

@@ -15,7 +15,7 @@ HTTP_PROTOCOL=https://
 NEXTAUTH_URL=https://localhost
 OAUTH_REDIRECT_URI=https://localhost
 BACKEND_API_BASE=http://backend:8000
-NEXT_PUBLIC_BACKEND_API_BASE=https://localhost/ph-backend
+NEXT_PUBLIC_BACKEND_API_BASE=https://localhost/service
 NEXT_PUBLIC_NEXTAUTH_PROVIDERS=google,github,gitlab
 
 # WARNING: Replace this with a cryptographically strong random value. You can use `openssl rand -hex 32` to generate this.
@@ -43,3 +43,6 @@ DATABASE_PORT=5432
 DATABASE_NAME=postgres-db-name
 DATABASE_USER=postgres-user
 DATABASE_PASSWORD=postgres-password
+
+# Disable NextJs telemtry
+NEXT_TELEMETRY_DISABLED=1

.env.example

@@ -36,3 +36,7 @@ DATABASE_PORT=5432
 DATABASE_NAME=postgres-db-name
 DATABASE_USER=postgres-user
 DATABASE_PASSWORD=a765b221799be364c53c8a32acccf5dd90d5fc832607bdd14fccaaaa0062adfd
+
+
+# Disable NextJs telemtry
+NEXT_TELEMETRY_DISABLED=1

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,34 +1,21 @@
 ---
-name: Bug report
-about: Create a report to help us improve
-title: ""
-labels: bug
-assignees: ""
----
-
-### Describe the bug
+name: Feature request
+about: Suggest a feature for Phase
+labels: enhancement, feature
 
-A clear and concise description of what the bug is.
+---
 
-### To Reproduce
+## Is your feature request related to a problem?
 
-Steps to reproduce the behavior:
+*Please describe.*
 
-1. Go to '...'
-2. Click on '....'
-3. Scroll down to '....'
-4. See error
+## Describe the solution you'd like
 
-### Expected behavior
 
-A clear and concise description of what you expected to happen.
 
-### Screenshots
+## Describe alternatives you've considered
 
-If applicable, add screenshots to help explain your problem.
 
-### Platform you are having the issue on:
 
-### Additional context
+## Additional context
 
-Add any other context about the problem here.

.vscode/settings.json

@@ -5,7 +5,7 @@
     "package-lock.json": true
   },
   "editor.defaultFormatter": "dbaeumer.vscode-eslint",
-  "editor.formatOnSave": false,
+  "editor.formatOnSave": true,
   "editor.codeActionsOnSave": [
     "source.addMissingImports",
     "source.fixAll.eslint"
@@ -21,5 +21,9 @@
     "editor.formatOnSave": true,
     "editor.defaultFormatter": "esbenp.prettier-vscode"
   },
-  "prettier.ignorePath": ".gitignore" // Don't run prettier for files listed in .gitignore
+  "prettier.ignorePath": ".gitignore",
+  "[python]": {
+    "editor.defaultFormatter": "ms-python.autopep8",
+    "editor.formatOnSave": true
+  } // Don't run prettier for files listed in .gitignore
 }

CONTRIBUTING.md

@@ -35,12 +35,22 @@ Most of Phase's code is under the MIT license, though some paid feature restrict
 Any third party components incorporated into our code are licensed under the original license provided by the applicable component owner.
 
 ## Setup local development environment
-
 ### Dev server with hot reload
-
-1. Create a `.env.dev` file with `cp .env.dev.example .env.dev` and add atleast one OAuth provider.
-2. `docker-compose -f dev-docker-compose.yml up`.
-3. The Console is now running at `https://localhost` with HMR.
+1. Create a **.env.dev** file using
+    ```
+    cp .env.dev.example .env.dev
+    ```
+2. Add atleast one OAuth provider in your **.env.dev**. Follow the [docs](https://docs.phase.dev/self-hosting/configuration/envars)
+3. Verify that **dev-docker-compose.yml** file is populated with the correct environment variables by running
+    ```
+    docker compose -f dev-docker-compose.yml --env-file .env.dev config
+    ```
+4. Start the containers using 
+    ```
+    docker-compose -f dev-docker-compose.yml --env-file .env.dev up
+    ```
+5. The Console is now running at <https://localhost> with [HMR(Hot Module Replacement)](https://webpack.js.org/concepts/hot-module-replacement) and a self-signed certificate.
+   >**Note : Your browser might warn you about the self-signed certificate. You can safely accept the certificate and proceed. 
 
 ### Staging env to test production builds
 

README.md

@@ -3,7 +3,7 @@
   <img height="68" width="306" src="img/phase-console-wordmark-dark.png" alt="Phase">
 </h1>
 
-<h3 align="center">Open Source, end-to-end encrypted key management platform for developers to encrypt data in their apps.</h3>
+<h3 align="center">Open Source, end-to-end encrypted, self-hostable all in one platform for developers to manage secrets and environment variables. From their laptop 💻 to the cloud ☁️.</h3>
 
 <div align="center">
   <a href="https://phase.dev">Website</a> |
@@ -13,45 +13,75 @@
 </div>
 
 <hr/>
+
+<br>
+
 
-<img src="img/console-home.png" width="100%" alt="Phase Console" />
+## Console
+
+<img src="img/environment-secrets.png" width="100%" alt="Phase Console" />
 
 <div width="100%">
-  <img src="img/console-logs.png" alt="Phase Console" width="47%">
+  <img src="img/secrets-overview.png" alt="Phase Console" width="45%">
   &nbsp; &nbsp; &nbsp; &nbsp;
-  <img src="img/vscode-demo.png" alt="Phase Console" width="47%"/>
+  <img src="img/members.png" alt="Phase Console" width="45%"/>
 </div>
-
-<br>
 
-[Phase Console](https://phase.dev) is an open source, end-to-end encrypted key management solution for developers to seamlessly encrypt production data in their apps.
+- **[Phase Console](https://console.phase.dev)**: Dashboard for seamlessly creating, managing, rotating secrets and environment variables
 
-We're on a mission to make strong encryption accessible to all developers, not just security teams. That means redesigning the entire developer experience from the ground up.
-
-## Features
-
-- **[Phase Console](https://console.phase.dev)**: Dashboard for seamlessly creating, managing, rotating and monitoring keys
-- **[Phase KMS](https://phase.dev)**: A zero knowledge key management service
-- **[Dual-Key Model](https://docs.phase.dev/security#dual-key-model)**: Avoid single point of compromise of the private key via [secret splitting schemes](https://en.wikipedia.org/wiki/Secret_sharing)
 - **[Hold your keys](https://docs.phase.dev/security/phase-encryption#account-keyring)**: Maintain self-custody of your root keys via 24 word mnemonic phrase
+- **Secret management**: Diffs, version control and Point-in-time Recovery
+- **RBAC**: Fine-grained, role-based and cryptographic access control, per application, per environment.
+- **Service Tokens**: Authenticate CI runners, build tools and production environment with granualar-scope
+- **Secret referencing**: Inherit secrets to create sophisticated configurations
+- **[Audit Logs]()**: Compelte visibility into every change and access event 
 - **[Self Hosting](https://docs.phase.dev)**: Run Phase on your own infrastructure
-- **[Client SDKs](https://docs.phase.dev/sdks)**: Asynchronously encrypt data in the browsers of your users without any external API or sensitive keys [Live Demo](https://phase.dev/#use-cases)
-- **[Server SDKs](https://docs.phase.dev/sdks)**: Securely decrypt and process data in memory only when you need to with 3 lines of code
-- **[Phase I/O]()**: Self-hosted EaaS (Encryption as a Service) and a transparent proxy encryption (Coming Soon)
+- **[Phase KMS](https://phase.dev)**: A zero knowledge key management service
+- **[SDKs](https://docs.phase.dev/sdks)**: Encrypt / decrypt data with a few lines of code.
 
 And much more.
 
 ---
 
-## What about SSE?
+## CLI
+
+```bash
+# Your existing secrets
+> cat .env
+AWS_ACCESS_KEY_ID="AKIA2OGYBAH63UA3VNFG"
+AWS_SECRET_ACCESS_KEY="V5yWXDe82Gohf9DYBhpatYZ74a5fiKfJVx8rx6W1"
 
-Relying on automatic database, disk or bucket level encryption has its limitations, since the data is automatically decrypted when retrieved and the keys typically belong to the hosting provider. A breach is a single SQL or a IAM misconfiguration away.
+# Import your existing secrets
+> phase secrets import .env
+Successfully imported and encrypted 2 secrets.
+To view them please run: phase secrets list
 
-See:
+# View your secrets in Phase
+> phase secrets list
+KEY 🗝️                    | VALUE ✨                                                                  
+----------------------------------------------------------------------------------------------------     
+AWS_ACCESS_KEY_ID        | AKI**************NFG                                                     
+AWS_SECRET_ACCESS_KEY    | V5y**********************************6W1                                 
+
+🥽 To uncover the secrets, use: phase secrets list --show
+
+# Get rid of your .env
+> rm .env
+
+# Seamlessly inject secrets during runtime
+> phase run yarn dev
+$ next dev
+ready - started server on 0.0.0.0:3000, url: http://localhost:3000
+```
+
+
+- **CLI**: Fetch, decrypt and inject secrets and environment variables to your application. Zero code changes required.
+- Inject
+- Export secrets in a dotenv format
+- **Cross platform**: Easily install the Phase CLI on macOS, Ubuntu/Arch/Redhat/Alpine Linux, Windows, Docker.
+- **Keyring Integration** - Store keys and credentials securely in [macOS Keychain](https://en.wikipedia.org/wiki/Keychain_%28software%29), [Windows Credential Locker](https://learn.microsoft.com/en-us/windows/uwp/security/credential-locker), [KDE Wallet](https://en.wikipedia.org/wiki/KWallet), [GNOME Keyring](https://en.wikipedia.org/wiki/GNOME_Keyring) etc.
+- **[Private Key Sharding](https://docs.phase.dev/security#dual-key-model)**: Avoid single point of compromise of the private key via [secret splitting schemes](https://en.wikipedia.org/wiki/Secret_sharing)
 
-- [OWASP - Cryptographic Failures](https://owasp.org/Top10/A02_2021-Cryptographic_Failures/#example-attack-scenarios)
-- [IAM misconfiguration](https://github.com/nagwww/s3-leaks)
-- [Problems with S3 encryption](https://www.secwale.com/p/encryption)
 
 ---
 
@@ -65,11 +95,12 @@ The quickest and most reliable way to get started is making a new free account o
 
 ### Deploy Phase Console on your infrastructure
 
-Deployment options:
+- [Docker Compose](https://docs.phase.dev/self-hosting/docker-compose)
+- [AWS](https://docs.phase.dev/self-hosting/aws)
+- [Azure](https://docs.phase.dev/self-hosting/azure)
+- [Google Cloud Platform](https://docs.phase.dev/self-hosting/gcp)
+- [DigitalOcean](https://docs.phase.dev/self-hosting/digitalocean)
 
-- Docker-compose
-- AWS
-- DigitalOcean
 
 See: [Self-hosting Phase](https://docs.phase.dev/self-hosting)
 
@@ -83,29 +114,13 @@ See: [Self-hosting Phase](https://docs.phase.dev/self-hosting)
 
 More coming soon!
 
-Example:
-
-```js
-// Import & initialize
-const Phase = require('@phase.dev/phase-node')
-const phase = new Phase(APP_ID, APP_SECRET)
-
-// Encrypt
-const ciphertext = await phase.encrypt('hello world')
-
-// Decrypt
-const plaintext = await phase.decrypt(ciphertext)
-console.log(plaintext)
-$ hello world
-```
-
 ---
 
 ## Community vs Enterprise edition
 
-Phase operates on an [open-core](https://en.wikipedia.org/wiki/Open-core_model) model, similar to that of [GitLab](https://gitlab.com), [Infisical](https://infisical.com), [PostHog](https://posthog.com) etc.
+Phase operates on an [open-core](https://en.wikipedia.org/wiki/Open-core_model) model, similar to that of [GitLab](https://gitlab.com).
 
-This repo available under the [MIT expat license](/LICENSE), with the exception of the `ee` directory which will contain premium Pro or Enterprise features requiring a Phase license in the future.
+This repo available under the [MIT expat license](/LICENSE), with the exception of the `ee` directory which will contain Pro or Enterprise features requiring a Phase license.
 
 ---
 
@@ -121,7 +136,7 @@ For more information see: [SECURITY.md](/SECURITY.md)
 
 ## Contributing
 
-Whether it's big or small, we love contributions. See [CONTRIBUTING.md](/CONTRIBUTING.md)
+We love contributions. See [CONTRIBUTING.md](/CONTRIBUTING.md)
 
 You can join our [Slack](https://join.slack.com/t/phase-community/shared_invite/zt-1tkwzl31z-a6yCB5Uqlj~V2x43ep2Evg) if you have any questions!
 

backend/Dockerfile

@@ -15,6 +15,7 @@ RUN set -ex \
     && apk add --virtual rundeps $runDeps \
     && apk del .build-deps
 
+RUN apk add --no-cache curl
 RUN addgroup -S app && adduser -S app -G app
 ADD . /app
 WORKDIR /app

backend/README.md

@@ -1,9 +1,9 @@
 # Phase Console - Backend
 
-Python Django REST api + Postgres
+Django + Graphene + DRF
 
 ### Generate graphql schema for frontend
 
 ```bash
-./manage.py graphql_schema --schema backend.schema.schema --out ../dashboard/apollo/schema.graphql
+./manage.py graphql_schema --schema backend.schema.schema --out ../frontend/apollo/schema.graphql
 ```