Created by Jordane Gengo (titus)
Hive Keychain
has been crafted for schools within the 42network, but its benefits extend to students developing tools with the 42API.
Since July 2022, 42 implemented a rotation of API application secrets, enhancing security. However, this enhancement also poses a potential pitfall for your services. To ensure streamlined management of your applications, we introduce this monitoring and alerting tool. By adding your keys, you'll receive notifications and reports regarding key expiration or malfunction.
Moreover, this app addresses another common challenge: the ownership of keys by individual team members. By consolidating all your team's keys in one accessible platform, you can avoid the surprise of an imminent key expiration while a team member is on vacation, for example.
Screenshots:
- Send Slack notifications when an app is not valid.
- Send Slack notifications when an app is about to expire (24 hours, 7 days, 14 days).
- Update the saved expiration date if it changes.
- Allows to send notifications via Discord
- Allows to send notifications via email
This app is developed to run with the 42 OAuth. You will first need to create a 42 API app in the intranet.
Instructions
- Generate a new API application on the 42 intranet
- In the field Redirect URI add: http://localhost:4001/api/auth/callback/42-school
- From the available scopes, choose "Access the user public data" and then proceed to submit.
- Save the credentials, you will need them later.
We recommend using the Docker setup as it's easier and more straightforward.
Also, please note that you will need a running PostgreSQL instance to run the app.
Clone the repository locally
git clone git@github.com:hivehelsinki/42-api-keychain keychain
cd keychain
Copy and fill in the information in front/.env
to run the frontend app.
cp front/.env.sample front/.env
vim .env
Copy and fill in the information in back/.env
to run the backend app.
cp back/.env.sample back/.env
vim .env
Install the dependencies, navigate to the root directory and execute the following command:
npm run install
To run the app, navigate to the root directory and execute the following command:
npm run dev
Now you can access you application on localhost:4001
Clone the repository locally
git clone git@github.com:hivehelsinki/42-api-keychain keychain
cd keychain
Run the helper script to setup your .env file and follow the instructions
./install.sh
Run the containers
docker compose up --build
Now you can access you application on localhost:4001
How often it checks the keys and how to change it?
The keys are checked every day at 10am. To adjust this schedule, you can modify the time or frequency within the back/tasks/scheduled-check.js
file. However, I strongly recommend against changing the frequency. The code in the backend is not optimally structured for altering the frequency, and doing so could potentially lead to additional notifications or even missed notifications.
The Keychain's secret rotated, how can I update the secret?
To update the API secret for the app, edit the .env file and replace the existing FT_SECRET entry with the new secret, and then reload the container using the command docker-compose down && docker-compose up -d to apply the changes.
I'm a student and I want to use Keychain, how does that work?
Please note that if you intend to run this application as a student, you'll need to edit the file front/src/lib/auth.ts
. In this file, you should replace the section responsible for verifying the user's staff status with a check based on your
login credentials.
I updated my secret but it keeps showing the old expiration, what's wrong?
- Are you sure you are using the new secret and not the old one?
- If your new secret is valid but didn't rotate yet on the intranet it will keep displaying the old secret expiration. You need to go to the intranet page of your API app and click "Change now".
The application doesn't store any information that falls under GDPR regulations.