Strongbox is a secure file system that protects your files through FUSE (Filesystem in Userspace). It monitors file operations through FUSE callbacks, enforces process-based access control, and encrypts all persistent storage to ensure data security.
- Process-based Access Control: Manage file/directory permissions using process whitelists
- Transparent Encryption: Automatically encrypts and decrypts files during read/write operations
- Cross-platform Support: Works on Linux, macOS, and Windows
- Secure Storage: All files are encrypted before being stored on disk
- Memory-backed Option: Supports in-memory storage for temporary data
graph TD
user(User/Program)
filesystem(OS Filesystem)
fuse(FUSE Filesystem)
subgraph strongbox
access(Access Control)
encrypt(Encryption/Decryption)
storage(Persistent Storage)
access --> encrypt
encrypt --> storage
end
user -->|File Operations| filesystem
filesystem --> fuse
fuse -->|Callbacks| strongbox
Usage: ./strongbox [options]
-c string
Path to configuration file (default "config.yml")
-ui
Run with GUI interface (default: true)
Example:
strongbox -c ./config.ymlThe default configuration file is located at ~/.strongbox/config.yml. If the directory doesn't exist, it will be created automatically.
# Mount point for the secure filesystem
mountPoint: /tmp/securebox
backup:
# Path to encrypted persistent storage
path: /tmp/securebox_backup.db
# Enable in-memory storage (true/false)
memory: false
permission:
# Default action for unlisted processes (pass/deny)
defaultAction: deny
# Process whitelist (full binary paths)
allowProcess:
- "/bin/zsh"
- "/bin/ls"
- "/bin/rm"
- "/bin/mkdir"
- "/usr/local/bin/git"
- "/Applications/Visual Studio Code.app/Contents/MacOS/Electron"
logger:
# Log level (debug, info, warn, error)
level: info- Set Up Configuration: Edit
~/.strongbox/config.ymlto specify your mount point and allowed processes - Start Strongbox: Run
./strongbox(uses default config at~/.strongbox/config.yml) or./strongbox -c ./config.ymlto use a custom config file - Enter Password: You will be prompted to enter a password for encryption
- Access Files: Only whitelisted processes can access files in the mount point
- Automatic Encryption: All files are encrypted before being stored
- AES Encryption: Uses AES-128 encryption for all stored data
- Process Verification: Verifies process identities before granting access
- Secure Key Management: Passwords are hashed and never stored in plaintext
- Isolated Storage: Encrypted data is stored separately from the mount point
Strongbox also provides a GUI interface for easier management. Run with -ui flag to use the GUI.
- Go 1.16+
- FUSE (macOS: macFUSE, Linux: libfuse, Windows: WinFsp)
go build -o strongboxTo create a GUI application without console window on macOS:
- Install fyne tools:
go install fyne.io/tools/cmd/fyne@latest-
Create an icon file named
Icon.png(at least 128x128 pixels) -
Package the application:
fyne package -os darwin --app-id com.strongbox.app -name StrongBox- Run the application:
open StrongBox.appMIT