6 releases (breaking)
| new 0.5.1 | Mar 13, 2025 |
|---|---|
| 0.5.0 | Mar 13, 2025 |
| 0.4.0 | Jan 9, 2025 |
| 0.3.0 | Dec 20, 2024 |
| 0.1.0 | Oct 16, 2024 |
#795 in Network programming
42 downloads per month
Used in 2 crates
31KB
710 lines
Aranya
Aranya is lovingly crafted and supported by SpiderOak. Aranya is licensed under the AGPL- if you want to use it commercially, drop us a line!
What is it?
Aranya is a software development tool for governing access to data and services over a decentralized, zero-trust framework with secure end-to-end encrypted data exchange built-in.
Aranya has been designed with an emphasis on security, efficiency, and portability.
The root cause of cyber insecurity is complexity; and yet when we attempt to protect our systems, our solution is to add more.
Software developers must not expect customers to mitigate defects using external security tools and an endless cycle of patching. Software must become secure by design.
Aranya is our contribution to this effort. It is a batteries-included tool which allows developers to produce software with built-in micro-segmentation. This complete solution covers access management with user onboarding, authentication and authorization, freeing the developer to focus on the problem they wish to solve.
For users, software built on Aranya is less complex to operate securely, and is secure regardless of the network it is run on.
Find more information on the Aranya Project docs site.
What's Contained In This Repo
This repository contains the following components:
-
Rust Client Library: interface for your application to interact with the Aranya Daemon in order to invoke Aranya Core functionality. Refer to the
aranya-clientREADME for more details on this component. -
Daemon Process: a long-running process that forwards requests from the client to the Aranya Core. Refer to the
aranya-daemonREADME for more information on this component. -
Aranya Policy: a markdown file of the security control policy written in Aranya's domain-specific policy language and executed by the Aranya runtime.
For more information on Aranya's internal components, see the Aranya Core README.
Getting Started
The following platforms are supported:
- Linux/arm64
- Linux/amd64
- MacOS
Aranya can be integrated into an existing project using the options below. See Example Applications to run a standalone Aranya app in C or Rust, or for a step-by-step tutorial on how to manually configure and integrate the example scenario, see the walkthrough.
We currently provide the following integrations for Aranya:
Rust Library
Dependencies
- Rust (Find version info in the rust-toolchain.toml)
NOTE: When building with Rust, the compiler will automatically download and use the version specified by the
rust-toolchain.toml.
- (Optional) cargo-make (v0.37.23)
- (Optional) Git for cloning the repository
NOTE: we have tested using the specified versions above. Other versions of these tools may also work.
If you'd like to run the Rust example app, see below.
Install
First, install the Aranya client.
From this repository:
git clone git@github.com:aranya-project/aranya.git
From crates.io:
Run the following in your project's directory:
cargo add aranya-client
Or, add it to your project's Cargo.toml:
[dependencies]
aranya-client = { version = ... }
See the aranya-client crate on
crates.io for the latest version.
Alternatively, we provide a way to generate a new workspace with a Rust example app that includes the Aranya client as a dependency. See the Rust example README for more information.
Build
If the source code has been downloaded, navigate to the Aranya project workspace.
Build the code using cargo or cargo-make.
Using cargo:
cargo build --release
Using cargo-make:
cargo make build
This will build the Aranya client and the
daemon executable. The built versions are available
in the target/release directory.
Integrate
Integrate the client library into your application. The aranya-client
README has more information on using
the Rust client.
An example of the Rust client library being used to create a team follows:
// create team.
info!("creating team");
let team_id = team
.owner
.client
.create_team()
.await
.expect("expected to create team");
info!(?team_id);
This snippet can be found in the Rust example.
Before starting your application, run the daemon by providing the path to a
configuration file. Find more details on
configuring and running the daemon in the aranya-daemon
README.
C API
Dependencies
- Rust (find version info in the rust-toolchain.toml)
NOTE: When building with Rust, the compiler will automatically download and use the version specified by the
rust-toolchain.toml.
- cmake (v3.31)
- clang (v18.1)
- cargo-make (v0.37.23)
- (Optional) Git for cloning the repository
NOTE: we have tested using the specified versions above. Other versions of these tools may also work.
If you'd like to run the C example app, see below.
Install
Prebuilt versions of the library are uploaded (along with the header file) to each Aranya release.
A prebuilt version of the aranya-daemon is available for supported platforms
in the Aranya release.
If your platform is unsupported, you may download the source code and build locally.
Download the source code:
git clone git@github.com:aranya-project/aranya.git
Build
As mentioned, prebuilt versions of the Aranya C API library, header file, and the Aranya daemon are uploaded to each Aranya release.
Instructions for generating the Aranya client library and aranya-client.h
header file locally are available in the aranya-client-capi
README.
To build the daemon locally, use cargo or cargo-make.
Using cargo:
cargo build --release
Using cargo-make:
cargo make build
The daemon executable will be available in the target/release directory.
Unit Tests
To run unit tests, run the following cargo-make command:
cargo make test
Integrate
Aranya can then be integrated using cmake. A
CMakeLists.txt
is provided to make it easier to build the library into an application.
An example of the C API being used to create a team follows:
// have owner create the team.
err = aranya_create_team(&team->clients.owner.client, &team->id);
EXPECT("error creating team", err);
This snippet has been modified for simplicity. For actual usage, see the C example.
Before starting your application, run the daemon by providing the path to a
configuration file. Find more details on
configuring and running the daemon in the aranya-daemon
README.
Example Applications
We have provided runnable example applications in both
Rust and C. These examples will
use the default policy that's contained in this repo to configure and run the
daemon automatically. The examples follow five users who are referred to by
their user role, Owner, Admin, Operator, Member A and Member B.
The examples go through the following steps:
Step 1: Build or download the prebuilt executable from the latest Aranya release. After providing a unique configuration file (see example.json) for each user, run the daemons.
Step 2. The Owner initializes the team
Step 3. The Owner adds the Admin and Operator to the team. Member A and
Member B can either be added by the Owner or Operator.
Step 4. The Admin creates an Aranya Fast Channels label
Step 5. The Operator assigns the created Fast Channels label to Member A
and Member B
Step 6. Member A creates an Aranya Fast Channel
Step 7. Member A uses this channel to send a message to Member B.
Optionally, Member B may also send a message back to Member A.
For more details on how Aranya starts and the steps performed in the examples, see the walkthrough.
Contributing
Find information on contributing to the Aranya project in
CONTRIBUTING.md.
Maintainers
This repository is maintained by software engineers employed at SpiderOak
Dependencies
~24–37MB
~583K SLoC