Introduction
Security
Secure by Design

Secure by Design

Sensitive Data Storage

Sensitive information is never directly stored in the Frontdown database. Instead, the system only keeps pointers to paths, while the actual data remains encrypted in the Keepass database.

graph TD
    Database[Frontdown Database]
    Database -->|Stores Only Paths| Core[Frontdown Core]
    Core -.->|No Sensitive Data| Keepass[Keepass Database]
    Keepass -->|Encrypted Storage| SensitiveData[Passwords & Keys]

Backup Agent Deployment

When deploying a new backup agent, the system dynamically generates a repository password by accessing the user’s Keepass database. This ensures that sensitive data is securely handled and isolated.

sequenceDiagram
    participant Client
    participant API as API (Django REST Framework)
    participant Keepass as Keepass System
    participant Agent as Backup Agent

    Client->>API: Deploy a new agent (POST /agents/)
    API->>Keepass: Access Keepass database
    Keepass-->>API: Generate repository password
    API->>Agent: Deploy agent with password
    Agent-->>API: Confirm deployment
    API-->>Client: Return response (201 Created)

Data Backup and Restore

Frontdown ensures backups are stored securely and can be restored without exposing sensitive data.

sequenceDiagram
    participant Client
    participant API as API (Django REST Framework)
    participant Agent as Backup Agent
    participant Storage as Storage Providers

    Client->>API: Initiate backup (POST /backups/)
    API->>Agent: Execute backup
    Agent->>Storage: Store encrypted data
    Storage-->>Agent: Confirm storage
    Agent-->>API: Return backup status
    API-->>Client: Return response (200 OK)

Key Design Highlights

  • Dynamic Credentials: Repository passwords are dynamically created during agent deployment, ensuring unique and secure credentials.
  • Keepass-Centric Storage: All sensitive information is kept encrypted in the Keepass database.
  • Limited Database Access: The Frontdown database only contains metadata and paths, ensuring that sensitive data remains inaccessible.
  • User-Centric Authentication: Actions are gated by the user’s login session.

Benefits of Secure-by-Design Architecture

  1. Maximum Security: No sensitive data is exposed to the system or external attackers.
  2. User Control: Users retain full ownership and control over their credentials and sensitive information.
  3. Scalability: Designed to work seamlessly across homelab setups and larger enterprise environments.
  4. Compliance Ready: Aligns with best practices for data security and encryption.

Conclusion

Frontdown’s secure-by-design architecture ensures peace of mind, allowing you to focus on your work while knowing your backups are protected at every step.

Next Steps

Last updated on
Keepass Management