A stasis /ˈsteɪsɪs/ or stasis field, in science fiction, is a confined area of space in which time has been stopped or the contents have been rendered motionless.

stasis is a backup and recovery system with an emphasis on security and privacy; no personal information is collected, no unencrypted data leaves a client device and all encryption keys are fully in the control of their owner.

• Trust Issues - Do you trust your backup or infrastructure/storage provider with your unencrypted data?
• Multi-Device - How many backup providers would you need to cover all types of devices you own?
• Self-Hosted - What if your backup provider goes out of business?

• Recover user data from total failure or device loss
• Replicate data to local and remote/cloud storage
• Encrypt data before it leaves a device
• Manage all device backups from a single service

Along with provision, the goal is to be able to grab a blank/off-the-shelf device and recover the original system in an automated and repeatable way.

• Client-only Encryption - encryption and decryption is done by client applications; the server never deals with unencrypted data or metadata
• Device-only Secrets - user credentials and device secrets do not leave the device on which they were entered/generated
• Default Redundancy - copies of a device's encrypted data are sent to multiple nodes by default (local and remote)
• Hybrid Data Storage - various storage backends (Apache Geode, Slick, in-memory, file-based) are supported and used
• Secrets Escrow - enables storing encrypted device secrets on the server to simplify recovering of a lost or replaced device
• Serverless Mode - (TODO) enables creating backups and recovering from them without the presence of a server

Docker images for server, server-ui, identity and identity-ui can be found under Packages.

See deployment/production for more information on how to set up and deploy the services.

Client binaries for Linux, macOS and Android can be found for each release.

The provided installer can be used:

$ curl -s "https://raw.githubusercontent.com/sndnv/stasis/master/deployment/production/scripts/client_install.sh" | bash

The Linux and macOS clients can be uninstalled using:

$ curl -s "https://raw.githubusercontent.com/sndnv/stasis/master/deployment/production/scripts/client_uninstall.sh" | bash

The Linux and macOS clients can be updated by uninstalling the current version and installing the latest one:

$ curl -s "https://raw.githubusercontent.com/sndnv/stasis/master/deployment/production/scripts/client_uninstall.sh" | bash
$ curl -s "https://raw.githubusercontent.com/sndnv/stasis/master/deployment/production/scripts/client_install.sh" | bash

Secrets, configuration, logs and operation state are NOT removed when uninstalling the client!

On Android, installing and updating is done by simply downloading the apk file and running it.

Images and binaries for testing/development purposes can be created locally using the existing dev tools.

The majority of the code is Scala so, at the very least, Java (JDK17) and SBT need to be available on your dev machine.

Some submodules use Python (ex: client-cli), Flutter (ex: identity-ui) or Kotlin for Android (ex: client-android) so the appropriate tools for those platforms need to be available as well.

Protobuf is also used, however, it is handled by an sbt plugin and no additional tools are needed.

There are also some Python and Bash scripts to help with deployment and testing.

• Adoptium JDK
• Scala
• sbt
• Python
• Pylint
• Flutter
• Docker
• AndroidStudio

1. Clone or fork the repo
2. Run sbt qa

To execute all tests and QA steps for the Scala submodules, simply run sbt qa from the root of the repo.

Image assets used by other submodules.

• Image files and Python script(s)
• Testing - n/a
• Packaging - n/a

Protocol Buffers file(s) defining gRPC services and messages used by the core networking and routing.

• protobuf spec
• Testing - n/a
• Packaging - n/a

Core routing, networking and persistence code. Represents the subsystem that handles data exchange.

• Scala code
• Testing - sbt "project core" qa
• Packaging - n/a

API and model code shared between the server and client submodules.

• Scala code
• Testing - sbt "project shared" qa
• Packaging - n/a

OAuth2 identity management service based on RFC 6749.

• Scala code
• Testing - sbt "project identity" qa
• Packaging - sbt "project identity" docker:publishLocal

Web UI for identity.

• Flutter code
• Testing - cd ./identity-ui && ./qa.py
• Packaging - cd ./identity-ui && ./deployment/production/build.py

Backup management and storage service.

• Scala code
• Testing - sbt "project server" qa
• Packaging - sbt "project server" docker:publishLocal

Web UI for server.

• Flutter code
• Testing - cd ./server-ui && ./qa.py
• Packaging - cd ./server-ui && ./deployment/production/build.py

Linux / macOS backup client, using server for management and storage.

• Scala code
• Testing - sbt "project client" qa
• Packaging - sbt "project client" docker:publishLocal

Command-line interface for client.

• Python code
• Testing - cd ./client-cli && source venv/bin/activate && ./qa.py
• Packaging - cd ./client-cli && source venv/bin/activate && pip install .

Desktop interface for client.

• Flutter code
• Testing - cd ./client-ui && ./qa.py

Android backup client, using server for management and storage.

• Kotlin code
• Testing - cd ./client-android && ./gradlew qa
• Packaging - via AndroidStudio - Build > Build Bundle(s)/APK(s) > Build APK(s)

Deployment, artifact and certificate generation scripts and configuration.

• Python and Bash code; config files
• Testing - cd ./deployment/dev/scripts && ./run_smoke_test.sh
• Packaging - see ./deployment/dev/docker-compose.yml

Ready for prime time but run in production at your own risk!

• identity / identity-ui - authentication service and web UI - complete
• server / server-ui - backup server and web UI - operational; some features are not yet available
• client / client-cli / client-ui- Linux / macOS client, CLI and UI - operational; some features are not yet available
• client-android - Android client - operational; some features are not yet available;

Contributions are always welcome!

Refer to the CONTRIBUTING.md file for more details.

We use SemVer for versioning.

This project is licensed under the Apache License, Version 2.0 - see the LICENSE file for details

Copyright 2018 https://github.com/sndnv

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.