stasis app
stasis is a backup and recovery system with an emphasis on security and privacy; no personal information is collected, no unencrypted data leaves a client device and all encryption keys are fully in the control of their owner.
A stasis ˈsteɪsɪs/ or stasis field, in science fiction, is a confined area of space in which time has been stopped or the contents have been rendered motionless.
Why?
- Trust Issues: Do you trust your backup or infrastructure/storage provider with your unencrypted data?
- Multi-Device: How many backup providers would you need to cover all types of devices you own?
- Self-Hosted: What if your backup provider goes out of business?
Goals
- Recover user data from total failure or device loss
- Replicate data to local and remote/cloud storage
- Encrypt data before it leaves a device
- Manage all device backups from a single service
Along with provision
, he goal is to be able to grab a blank/off-the-shelf device and recover the original system in an automated and repeatable way.
Features:
- Client-only Encryption: encryption and decryption is done by client applications; the server never deals with unencrypted data or metadata
- Device-only Secrets: user credentials and device secrets do not leave the device on which they were entered/generated
- Default Redundancy: copies of a device's encrypted data are sent to multiple nodes by default (local and remote)
- Hybrid Data Storage: various storage backends (Apache Geode, Slick, in-memory, file-based) are supported and used
- Secrets Escrow: (TODO) enables storing encrypted device secrets on the server to simplify recovering of a lost or replaced device
- Serverless Mode: (TODO) enables creating backups and recovering from them without the presence of a server
Note: currently, this app requires a server counter-part. For that as well as for clients on other operating systems (Linux, Mac), please head over to the app's repo.