Awesome
Koofr Vault
Koofr Vault is an open-source, client-side encrypted folder for your Koofr cloud storage offering an extra layer of security for your most sensitive files. The encryption is compatible with rclone.
<img src="https://fdroid.gitlab.io/artwork/badge/get-it-on.png" alt="Get it on F-Droid" height="80"> <img src="https://developer.apple.com/app-store/marketing/guidelines/images/badge-example-preferred.png" alt="Get it on the App Store" height="60"> <img src="https://play.google.com/intl/en_us/badges/images/generic/en-play-badge.png" alt="Get it on Google Play" height="80">
Tech stack
Koofr Vault is divided into two parts: the engine and the UI. The engine, made up of vault-core
and vault-wasm
, is written in Rust and compiled to WebAssembly. The UI, vault-web
, is written in React and uses Vite for frontend tooling. There is no server component; Koofr Vault only uses the public Koofr REST API.
Build and run locally
The easiest way to run Koofr Vault locally is to build and run it with Docker. This will compile the app and build a Docker image using Caddy web server.
docker build --build-arg GIT_REVISION=$(git rev-parse --short HEAD) -t vault .
docker run --rm -p 5173:5173 vault
You can now open http://localhost:5173 in your browser.
Build static files
Alternatively, you can build static files, which will produce vault-web.tar.gz
file with the static files:
docker build --build-arg GIT_REVISION=$(git rev-parse --short HEAD) --build-arg GIT_RELEASE=$(git describe --tags --exact-match 2> /dev/null || echo -n '') --target static-stage -t vault-static .
docker run --rm vault-static cat vault-web.tar.gz > vault-web.tar.gz
Development
For development instructions, see the vault-wasm
README and vault-web
README.
Releases
Creating a new release
Push all changes to GitHub and make sure that GitHub Actions pass.
Bump vault-android
and vault-ios
versions:
vault-android/app/build.gradle.kts
:
- versionCode = 112001
- versionName = "0.1.12"
+ versionCode = 113001
+ versionName = "0.1.13"
vault-ios/Vault.xcodeproj/project.pbxproj
:
- CURRENT_PROJECT_VERSION = 112001;
+ CURRENT_PROJECT_VERSION = 113001;
- MARKETING_VERSION = 0.1.12;
+ MARKETING_VERSION = 0.1.13;
- CURRENT_PROJECT_VERSION = 112001;
+ CURRENT_PROJECT_VERSION = 113001;
- MARKETING_VERSION = 0.1.12;
+ MARKETING_VERSION = 0.1.13;
Add changes and commit, but do not push yet:
git add vault-android/app/build.gradle.kts vault-ios/Vault.xcodeproj/project.pbxproj
git commit -m 'Bump version'
Create a new tag:
git tag v0.1.13
Build and upload vault-android
:
cd vault-android
source .profile
./gradlew clean
./gradlew generateUniFFIBindings
./gradlew cargoBuild
./gradlew bundleRelease
Create a new Internal testing release in Google Play Console and upload the file vault-android/app/build/outputs/bundle/release/app-release.aab
. Then Promote release
to Production
. Send the changes for review. Managed publishing is used so that the reviewed changes will need to be published manually.
Build and upload vault-ios
:
- open
vault-ios/Vault.xcodeproj
in Xcode Product
>Archive
- in
Organizer
>Archives
select the latest Archive and clickDistribute app
- select
TestFlight & App Store
and clickDistribute
In App Store Connect wait for the build to be processed. This can take 15 minutes or more so be patient if the latest version does not yet appear between the builds.
When the build is processed, go to TestFlight and add the build to External testing. If the build is not pushed to TestFlight, App Store reviewers might not use the latest version and the review might get rejected.
Go to Distribution and create a new iOS app version. Select the build and send changes for review. The latest version will be released manually. Wait a few hours for the review to be completed.
If any review gets rejected, remove the Git tag (git tag --delete v0.1.13
), reset the Bump version
commit (git reset --hard HEAD~1
) and start over.
When the Google Play and App Store reviews are successfully completed, push the main
branch and the Git tag:
git push origin main v0.1.13
Wait for GitHub Actions to succeed.
Go to GitHub Releases, edit the generated release description, and Publish the release.
Go to Google Play Publishing overview and Publish the changes.
Go to App Store Connect and Release the version.
Deploy the latest GitHub Release to https://vault.koofr.net
Reproducibility
Koofr Vault is built using GitHub Actions and published as a GitHub Release. You can download a release .tar.gz
file and run it locally, or use the extracted files from the release to verify what https://vault.koofr.net is serving. The current deployed Git revision can be found at https://vault.koofr.net/gitrevision.txt
Example:
mkdir koofr-vault-check
cd koofr-vault-check
wget https://github.com/koofr/vault/releases/download/v0.1.0/vault-web.tar.gz
tar xf vault-web.tar.gz
allok=true
for path in $(tar tf vault-web.tar.gz | grep -v './$' | sort); do
local=$(sha256sum "$path" | awk '{print $1}')
remote=$(curl -s "https://vault.koofr.net/${path:2}" | sha256sum | awk '{print $1}')
if [ "$local" = "$remote" ]; then
echo "$path OK"
else
echo "$path MISMATCH (local $local remote $remote)"
allok=false
fi
done
if [ "$allok" = "true" ]; then
echo "OK"
else
echo "MISMATCH"
fi
Contributing
If you have a bug report, please send the report to support@koofr.net. If you are considering contributing to the Koofr Vault code, please contact us in order to discuss your intended contribution first, as we can not afford the effort to review arbitrary contributions at the moment.
Authors and acknowledgement
Koofr Vault was developed and designed by the Koofr team.
We would like to extend a huge thank you to rclone for their encryption implementation.
License
Koofr Vault is licensed under the terms of the MIT license.