Slashpass is a Slack command designed to facilitate secure password sharing among members of a Slack channel.
This project focuses on enabling communication in environments where mutual trust between parties is not required. Slashpass uses RSA, an asymmetric encryption algorithm, to securely share encrypted information point-to-point. Only the dedicated and independent Password Server for each client has the ability to decrypt and read the stored passwords, ensuring that only authorized participants can access sensitive information.
/passor/pass listlist the available passwords in the channel./pass <secret>or/pass show <secret>retrieve a one time use link with the secret content, this link expires in 15 minutes./pass insert <secret>retrieve a link with an editor to create a secret, this link expires in 15 minutes./pass remove <secret>make unreachable the secret, to complete deletion in necessary doing it manually from the s3 password storage./pass configure <password_server_url>this is the command used for the initial setup, it is only necessary to execute it once.
In order to be efficient with the resource management and facilitate the deploy process this guide shows the process to put in producction a serverless infracstructure using AWS Lambda plus API Gateway using Zappa
- AWS account (https://aws.amazon.com/)
- One-Time Secret account (https://onetimesecret.com/)
- poetry
Follow these steps to set up and deploy the Slashpass Private Server.
Clone the slashpass-private-server project and navigate to the project directory:
git clone [email protected]:slashpass/slashpass-private-server.git
cd slashpass-private-server
Install the required dependencies using Poetry:
poetry install
Copy the example configuration file to create your own zappa_settings.json:
cp zappa_settings.example.json zappa_settings.json
Edit the zappa_settings.json file and update the following fields:
s3_bucket: Replace with your own S3 bucket name. environment_variables: Replace values as needed. See the table below for the required environment variables.
Ensure your AWS CLI credentials are configured. If needed, refer to the official AWS documentation:
Deploy the server stage using Zappa:
poetry run zappa deploy server
Done! now you will need to configure your server in Slack, using the command /pass configure <new_server_url> to retrieve your server URL use the command poetry run zappa status server and check the API Gateway URL. If you have any error using the command after configuration use poetry run zappa tail command to check the server logs.
To set up your local development environment, follow these steps:
- Install Dependencies To install all necessary dependencies, including development-specific ones, use the following command:
poetry install --with dev
- Start the Server When running the server locally, it will load environment variables from the zappa_settings.json file, specifically from the settings section labeled "dev". Modify these variables as needed for local development purposes.
To start the server, use:
poetry run start-server
- Run Tests To execute the test suite, run:
poetry run pytest tests
| Key | Description |
|---|---|
| AWS_ACCESS_KEY_ID | Your AWS public key with permissions to access S3. |
| AWS_SECRET_ACCESS_KEY | Your AWS private key. |
| AWS_S3_REGION (optional) | The AWS region where the password storage bucket will be created. Defaults to us-east-1. |
| ENCRYPTION_KEY_URL (optional) | URL to retrieve the Slack Server public key. Defaults to https://slack.slashpass.co/public_key. |
| ONETIMESECRET_KEY (optional) | API key for your One-Time Secret account. |
| ONETIMESECRET_USER (optional) | Username for your One-Time Secret account. |
| ONETIMESECRET_REGION (optional) | Region for your One-Time Secret account, could be us or eu. Defaults to us. |
| PASSWORD_STORAGE | Unique name for the S3 bucket where passwords will be stored. |
| BIP39 | Mnemonic phrase used for generating deterministic keys. You can generate one using: poetry run generate-bip39. |