A stasis /ˈsteɪsɪs/ or stasis field, in science fiction, is a confined area of space in which time has been stopped or the contents have been rendered motionless.
stasis
is a backup and recovery system with an emphasis on security and privacy; no personal information is collected,
no unencrypted data leaves a client device and all encryption keys are fully in the control of their owner.
- Trust Issues - Do you trust your backup or infrastructure/storage provider with your unencrypted data?
- Multi-Device - How many backup providers would you need to cover all types of devices you own?
- Self-Hosted - What if your backup provider goes out of business?
- Recover user data from total failure or device loss
- Replicate data to local and remote/cloud storage
- Encrypt data before it leaves a device
- Manage all device backups from a single service
Along with provision
, the goal is to be able to grab a blank/off-the-shelf
device and recover the original system in an automated and repeatable way.
- Client-only Encryption - encryption and decryption is done by client applications; the server never deals with unencrypted data or metadata
- Device-only Secrets - user credentials and device secrets do not leave the device on which they were entered/generated
- Default Redundancy - copies of a device's encrypted data are sent to multiple nodes by default (local and remote)
- Hybrid Data Storage - various storage backends (Apache Geode, Slick, in-memory, file-based) are supported and used
- Secrets Escrow - (TODO) enables storing encrypted device secrets on the server to simplify recovering of a lost or replaced device
- Serverless Mode - (TODO) enables creating backups and recovering from them without the presence of a server
Official images and binaries are not yet available, but they can be created locally using the existing dev tools.
The majority of the code is Scala so, at the very least, Java (JDK17) and SBT need to be available on your dev machine.
Some submodules use Python (ex: client-cli
), Flutter (ex: identity-ui
)
or Kotlin for Android (ex: client-android
) so the appropriate tools for those platforms need to be
available as well.
Protobuf is also used, however, it is handled by an sbt plugin and no additional tools are needed.
There are also some Python and Bash scripts to help with deployment and testing.
- Clone or fork the repo
- Run
sbt qa
To execute all tests and QA steps for the Scala submodules, simply run
sbt qa
from the root of the repo.
Protocol Buffers file(s) defining gRPC services and messages used by the core
networking and routing.
- protobuf spec
- Testing -
n/a
- Packaging -
n/a
Core routing, networking and persistence code. Represents the subsystem that handles data exchange.
- Scala code
- Testing -
sbt "project core" qa
- Packaging -
n/a
API and model code shared between the server
and client
submodules.
- Scala code
- Testing -
sbt "project shared" qa
- Packaging -
n/a
OAuth2 identity management service based on RFC 6749.
- Scala code
- Testing -
sbt "project identity" qa
- Packaging -
sbt "project identity" docker:publishLocal
Web UI for identity
.
- Flutter code
- Testing -
cd ./identity-ui && ./qa.py
- Packaging -
cd ./identity-ui && ./deployment/production/build.py
Backup management and storage service.
- Scala code
- Testing -
sbt "project server" qa
- Packaging -
sbt "project server" docker:publishLocal
Web UI for server
.
- Flutter code
- Testing -
cd ./server-ui && ./qa.py
- Packaging -
cd ./server-ui && ./deployment/production/build.py
Linux / macOS backup client, using server
for management and storage.
- Scala code
- Testing -
sbt "project client" qa
- Packaging -
sbt "project client" docker:publishLocal
Command-line interface for client
.
- Python code
- Testing -
cd ./client-cli && source venv/bin/activate && ./qa.py
- Packaging -
cd ./client-cli && source venv/bin/activate && pip install .
Android backup client, using server
for management and storage.
- Kotlin code
- Testing -
cd ./client-android && ./gradlew qa
- Packaging - via
AndroidStudio
-Build
>Build Bundle(s)/APK(s)
>Build APK(s)
Deployment, artifact and certificate generation scripts and configuration.
- Python and Bash code; config files
- Testing -
cd ./deployment/dev/scripts && ./run_smoke_test.sh
- Packaging -
see ./deployment/dev/docker-compose.yml
NOT production ready but usable
identity
/identity-ui
- authentication service and web UI - completeserver
/server-ui
- backup server nad web UI - operational; some features are not yet availableclient
/client-cli
- Linux / macOS client and CLI - operational; some features are not yet available; a desktop UI is not availableclient-android
- Android client - operational; some features are not yet available;
Contributions are always welcome!
Refer to the CONTRIBUTING.md file for more details.
We use SemVer for versioning.
This project is licensed under the Apache License, Version 2.0 - see the LICENSE file for details
Copyright 2018 https://github.com/sndnv
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.