Aranya is a software development tool for governing access to data and services over a decentralized, zero-trust framework with secure end-to-end encrypted data exchange built-in.
Aranya has been designed with an emphasis on security, efficiency, and portability.
The root cause of cyber insecurity is complexity; and yet when we attempt to protect our systems, our solution is to add more.
Software developers must not expect customers to mitigate defects using external security tools and an endless cycle of patching. Software must become secure by design.
Aranya is our contribution to this effort. It is a batteries-included tool which allows developers to produce software with built-in micro-segmentation. This complete solution covers access management with user onboarding, authentication and authorization, freeing the developer to focus on the problem they wish to solve.
For users, software built on Aranya is less complex to operate securely, and is secure regardless of the network it is run on.
More documentation on Aranya is provided here:
Install Rust: https://www.rust-lang.org/tools/install
Download the source code from this repository or from crates.io:
Integrate the client library into your application. Refer to the integration test here for an example: test
Create a config file for the daemon before running it. Refer to this documentation on the JSON config file parameters: config
Example daemon config.json file:
{
// The daemon's name.
"name": "name",
// The daemon's working directory.
//
// Must already exist.
"work_dir": "/var/lib/work_dir",
// Used to receive API requests from the user library client.
"uds_api_path": "/var/run/uds.sock",
// The path where the daemon should write its PID file.
"pid_file": "/var/run/hub.pid",
// Aranya sync server address.
"sync_addr": "0.0.0.0:4321"
}
Build the daemon crate and run it in the background.
After the daemon has started up, start the application.
This repository contains the following components:
The Rust Client Library is the library that your application will interface with. By integrating the library into an application, IDAM/RBAC and secure data transmission can be easily added without needing to develop complex security architectures, protocols, and cryptography.
The Daemon Process is a long-running executable that can interface with the Aranya Core library directly.
The daemon handles Aranya DAG maintenance for the application.
The daemon's responsibilities include:
- Periodically syncing state between networked Aranya peers to ensure they all have a consistent DAG.
- Interfacing with the Aranya Core library
- Receiving requests from the Rust Client Library via the Unix Domain Socket
tarpcAPI
The Aranya Policy is a security control policy written in Aranya's domain-specific policy language and executed by the Aranya runtime.
The Aranya Core repo has all the main components of Aranya that are needed for the core functionality to work. This is a library that includes the storage module (for DAG and FactDB), crypto module (with default crypto engine automatically selected), sync engine, and runtime client (including policy VM).
Aranya Fast Channels are encrypted channels between 2 peers that could be either bidirectional or unidirectional.
This repository is maintained by software engineers employed at SpiderOak