Getting Started
Broadly speaking, the steps to get started with Redact are as follows:
Get access to a redact-store instance
Install the redact-client locally on a device
Point your browser to a Redact-enabled website
Setup Redact-store
The storage service can be either self-hosted or provided by a third-party. Since it only stores encrypted data, the provider of the storage service does not need to be trusted, but should provide a reasonable level of protection against unauthorized requests.
A self-hosted storage is fairly easy to setup, and primarily involves procuring a database (currently only MongoDB is supported) and standing up the redact-store server to connect to it.
A third-party storage will simply provide a URL for the Client to connect to.
Self-hosted Storage
Get access to a MongoDB instance
Sign up for a free, fully-managed instance at mongodb.com (easy, quick)
Set up an instance on your local device or host your own instance (harder, time-consuming, more customizable)
Minimum supported MongoDB version is 3.6+
If running MongoDB locally and the storage cannot connect, try using 127.0.0.1 in the connection string instead of a hostname
Install Rust: https://www.rust-lang.org/tools/install
git clone https://github.com/pauwels-labs/redact-store.git
echo "export REDACT_DB_URL=\"<mongo connection string>\"" >> config/config.env
echo "export REDACT_DB_NAME=\"<db name>\"" >> config/config.env
source config/config.env
cargo r
The port and address listened on by the storage server will be provided to the client.
Support multimedia (e.g. images, video)
Redact leverages object storage services in order to store large chunks of data that are unlikely or difficult to fit in a traditional database.
Currently, the only supported object storage is a Google Cloud Storage bucket.
In order to add this functionality to your storer, do the following:
Sign up for Google Cloud and provision a Google Cloud Storage bucket
Go to the Permissions tab of the bucket details page and add a new principal with Storage Legacy Bucket Writer permissions
Go to the IAM & Admin section of Google Cloud and click on Service Accounts
Click on Keys > Create new key, and create a new JSON key
Download the key and save it to a safe place on your computer
echo "export SERVICE_ACCOUNT=\"<path to file downloaded>\"" >> config/config.env
echo "export REDACT_GOOGLE_STORAGE_BUCKET_NAME=\"<bucket name>\"" >> config/config.env
source config/config.env
cargo r
Install redact-client
git clone https://github.com/pauwels-labs/redact-client.git
Provide the Storage URL in
config/config.yaml#storage.url
If you set-up your own storage server using the steps above, the URL will likely be https://localhost:8081
If you set-up your own storage server, notice that the config allows for specifying a custom server CA certificate at
storage.tls.server.ca.filepath
. You MUST copy the CA certificate generated by the storage server to this location. Within the redact-store directory, it should be located attls/server/cert/ca.pem
, copy this file to the client atcerts/storer-ca.pem
.
cargo r
Visit Redact-enabled website
We have an example website that allows you to demo Redact’s current feature-set called Redact Feed, which allows you to post text and multimedia and see those posts displayed. Redact Feed will soon support data sharing and other social features.
Once the Client is setup locally and points to a working storage instance, Redact-enabled websites will “just work” (TM). The Client handles generation and coordination of cryptographic material with no further input.
Warning
Redact currently only supports storing keys unencrypted on the file system. Support for hardware and software key vaults is upcoming.