The manifesto

Sun Dec 03 2023

Why did I make this?

Turns out, it was for a selfish reason. I’ve been developing software for a long time. At the dawn of the consumer internet, we just built HTML files and uploaded them to sites like geocities (R.I.P.). Since then, things have gotten extremely complicated. The scale of complexity for creating a simple site has grown exponentially.

‘End-to-end encryption of data is paramount for privacy.’

If you go on YouTube and start digesting a lot of content on how to make a SAAS, side hustle, a blog, or even create content, you will be inundated with a set of tools and recommendations. For example, let’s say you did some research on how to create a blog. Here’s a sample list of the tools you would get recommended to use.

• Twitter
• Instagram
• A Hrefs or another SEO tool
• Some analytics software, such as Google Analytics
• A domain provider
• A wordpress blog provider
• An email account
• A contact form account
• A mailing list provider
• Multiple API Keys

Now that’s alot of credentials to store! Yes, you should use a password manager to manage all of your passwords, but sometimes some pieces of that data doesn’t fit nicely into a password manager. Then you have a bunch of disjoint data to manage. I like to keep all my data contextually relevant and near each other. I found myself storing all the data sort of like this.

#Socials
Twitter @account/password
Intagram @account/password

#Email
myemail@something.com/password

#FTP
mysite.ftp.com:21/password

#Wordpress Login
http://www.wcfg.dev/wp-admin
wp-admin/password

#Contact Me Form provider
username/password
APIKEY: efc36a44-c56c-48f2-ae58-5218267daaf6

#Analytics
APIKEY: 356c69d3-2b85-40b0-9364-5e813e4f7d25
etc...

I would end up storing this in just a plain text file on my computer. But then I wouldn’t be able to modify things on the go. As technology has pushed us more to the cloud, maintaining this information on the go has changed the way I work. Maybe I’d email myself a copy or upload it to google drive. I also felt like maybe I should put it in my note taking software. All of those options always felt dirty though. I wanted something more secure.

‘All encryption happens client-side in your browser.’

This is where the idea came from. I wanted something that was encrypted and stored in the cloud. My thought was: End-to-end encryption of data is paramount for privacy. So I bootstrapped the site and decided to throw it online to start storing my account information. Then it got me thinking, what else can I store here? Managing multiple environments of data can be a pain, but it was the perfect candidate for the type of data I want to store. So I’m now storing things like my compose files for my environments here.

Development:

version: "3.7"
#Local development
services:
  wcfg-blog:
    image: wcfg-blog
    container_name: wcfg-blog
    restart: unless-stopped
    networks:
      - nginx-network
    environment:
      API_KEY: 356c69d3-2b85-40b0-9364-5e813e4f7d25

I also have some of my .env files located here for doing development and testing.

NODE_ENV=development
SERVER_PORT= 8080
POSTGRES_USER= admin
POSTGRES_HOST= pg16
POSTGRES_DATABASE= wcfg
POSTGRES_PASSWORD= password202020202
POSTGRES_PORT= 5432

PUBLIC_AUTH_CLIENT_ID= 12258135asdfassf
PUBLIC_SITE_SERVER_URL= http://localhost:5173
PUBLIC_TOKEN_SERVER_URL= http://keycloak:5175

I can then store my production compose files as well and environment variables in one easy to use place. Having a secure cloud repository for this information, helps me feel secure, having a nice end-to-end encrypted backup.

With the invention of the Web Crypto libraries, this made all of this simple to implement, as well as using trusted encryption libraries vs having to roll my own. All encryption happens client-side in your browser. This way the only thing that get’s sent over the wire is already encrypted. It uses RSA asymmetric key cryptography to secure the data. So only you have access to your public and private keys. As long as you protect and backup your keys, the data is safe. No site is perfect. Even if there is a data breach, with your keys, the data is useless.

I am curious to know, does anybody else operate this way when developing? Where do you keep all your configurations? If you have any thoughts or questions, shoot me an email contact@wcfg.dev