mirror of
https://github.com/GothenburgBitFactory/taskwarrior.git
synced 2025-06-26 10:54:26 +02:00
Encrypt content sent to the server
This implements client-side encryption, so that users' task information is not availble to the server (or to anyone who does not have the `encryption_secret`).
This commit is contained in:
Dustin J. Mitchell
parent
6b70b47aa0
commit
a8d45c67c6
8 changed files with 206 additions and 26 deletions
|
|
@ -27,6 +27,11 @@ The following configuration parameters are available:
|
|||
* `server_dir` - path to a directory containing the local server's data.
|
||||
This is only used if `server_origin` or `server_client_id` are not set.
|
||||
Default: `taskchampion-sync-server` in the local data directory.
|
||||
* `encryption_secret` - Secret value used to encrypt all data stored on the server.
|
||||
This should be a long random string.
|
||||
If you have `openssl` installed, a command like `openssl rand -hex 35` will generate a suitable value.
|
||||
This value is only used when synchronizing with a remote server -- local servers are unencrypted.
|
||||
Treat this value as a password.
|
||||
* `server_origin` - Origin of the TaskChampion sync server, e.g., `https://taskchampion.example.com`.
|
||||
If not set, then sync is done to a local server.
|
||||
* `server_client_id` - Client ID to identify this replica to the sync server (a UUID)
|
||||
|
|
@ -34,16 +39,26 @@ The following configuration parameters are available:
|
|||
|
||||
### Synchronization
|
||||
|
||||
A TaskChampion replica "synchronizes" its local task database with other replicas via a sync server.
|
||||
A single TaskChampion task database is known as a "replica".
|
||||
A replica "synchronizes" its local information with other replicas via a sync server.
|
||||
Many replicas can thus share the same task history.
|
||||
|
||||
This operation is triggered by running `task sync`.
|
||||
Typically this runs frequently in a cron task.
|
||||
The operation is quick, especially if no changes have occurred.
|
||||
Synchronization is quick, especially if no changes have occurred.
|
||||
|
||||
The replica expects to be synchronized frequently, even if no server is involved.
|
||||
Each replica expects to be synchronized frequently, even if no server is involved.
|
||||
Without periodic syncs, the storage space used for the task database will grow quickly, and performance will suffer.
|
||||
|
||||
By default, TaskChampion syncs to a "local server", as specified by the `server_dir` configuration parameter.
|
||||
It is possible to switch to a remote server later by setting `server_origin` and `server_client_id` appropriately.
|
||||
Every replica sharing a task history should have precisely the same configuration for `server_origin`, `server_client_id`, and `encryption_secret`.
|
||||
|
||||
Synchronizing a new replica to an existing task history is easy: begin with an empty replica, configured for the remote server, and run `task sync`.
|
||||
The replica will download the entire task history.
|
||||
|
||||
It is possible to switch a single replica to a remote server by simply configuring for the remote server and running `task sync`.
|
||||
The replica will upload the entire task history to the server.
|
||||
Once this is complete, additional replicas can be configured with the same settings in order to share the task history.
|
||||
|
||||
## `taskchampion-sync-server`
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue