README
¶
🔥 Fireblaze Vault
Fireblaze Vault is a tokenization service, aims to be an open platform designed to protect your sensitive data and inherit best-in-class security posture in order to fast-track certifications like PCI DSS, SOC2, HIPAA and others.
Fireblaze Vault helps with tokenization and secure storage of sensitive data, and digital assets like PII, Credit Cards, Passports/IDs, Credentials, and more.
Insights
- vaulting of payment card data (avoid liability and being locked-in to a payment provider)
- analytics on card scheme, brand, type, currency, banks
- risk assessment based on geolocation, ip address, black lists
- 1-click payment solution, driving impulsive sales up by 55%, removing the barrier of card details re-entry
- automated AML checks on passports/IDs
- GDPR compliant personal identifiable information (PII) storage
Store a payment card
Request
curl -X POST \
http://localhost:3000/v1/card \
-H 'Content-Type: application/json' \
-d '{
"holder": "leonardo", # Cardholder name
"number": "4415281263901560", # Payment card number
"exp_month": 1, # Expiry month
"exp_year": 2022, # Expiry year
"cvc": 123, # MC(Card Verification Code), VISA(Card Verification Value)
"auto_delete": "THREE_MONTHS" # Delete this data in 3 months
}'
Response
{
"auto_delete_on": "2020-06-27T07:08:31.500606Z",
"expires_on": "2022-02-01T00:00:00.000000001Z",
"first_six": 466945,
"hash": "ZmJpZC0xNDQzNjM1MzE3MzMxNzc2MTQ4V06Nh[...]",
"last_four": 8424,
"metadata": {
"currency": "USD",
"issuer": {
"country": "United States of America",
"country_code": "US",
"latitude": 38,
"longitude": -97,
"map": "https://www.google.com/maps/search/?api=1&query=38,-97"
},
"scheme": "visa"
},
"mpi": {
"acs": "https://secure5.arcot.com/acspage/cap?RID=35325&VAA=B",
"eci": 2,
"enrolled": true,
"par": "eNpdU8tymzAU3ecrvMumYz1AgD2yZnDsTpMZ[...]"
},
"request_ip": "127.0.0.1",
"risk": {
"score": 30
},
"token": "tok_e4912b25-b8ef-4cf8-bb0d-449bcaf58e08",
"user_agent": "grpc-go/1.25.1"
}
Tech stack
We use protobuf to serialize the data and gRPC to transport it, for compatibility we also support JSON serilization over HTTP transport via reverse-proxy, auto-generated thanks to grpc-gateway, which also generates the Swagger documentation, available at https://doc.fireblaze.io/card.
Sensitive data is encrypted at rest using AES-GCM and an HSM module to generate entropy for the encryption keys which must be FIPS 140-2 Level 3 certified to meet compliance. Check the kms service for the GCP CloudKMS implementation. Feel free to extend the interface with other implementations e.g. AWS CloudHSM
We like to think of data in graphs, leveraging ent as our entity framework, which supports PostgreSQL, MySQL, SQLite, Gremlin.
The infrastructure is designed around Kubernetes with the goal of passing PCI-DSS Level 1 compliance.
The pipelines run on our self-hosted Gitlab, feel free to request access, you can sign-in with your Github account.
Fireblaze Vault is currently in MVP status, we're proud to solve this challenge and excited to share it with the community.
Technical features
- compliant tokenization of digital assets
- payment card validation w/ regex & luhn check
- payment card metadata retrieval
- payment card risk probability
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
vault
Package vault implements security best practices in order to store sensitive information, compliant with regulations.
|
Package vault implements security best practices in order to store sensitive information, compliant with regulations. |
|
pkg
|
|
|
iin
Package iin provides a common interface for Issuer Identification Number services.
|
Package iin provides a common interface for Issuer Identification Number services. |
|
interceptor
Package interceptor holds grpc interceptors similar to http middleware.
|
Package interceptor holds grpc interceptors similar to http middleware. |
|
interceptor/logging
grpc_logging is a "parent" package for gRPC logging middlewares.
|
grpc_logging is a "parent" package for gRPC logging middlewares. |
|
interceptor/logging/logrus
`grpc_logrus` is a gRPC logging middleware backed by Logrus loggers It accepts a user-configured `logrus.Entry` that will be used for logging completed gRPC calls.
|
`grpc_logrus` is a gRPC logging middleware backed by Logrus loggers It accepts a user-configured `logrus.Entry` that will be used for logging completed gRPC calls. |
|
interceptor/logging/logrus/ctxlogrus
`ctxlogrus` is a ctxlogger that is backed by logrus It accepts a user-configured `logrus.Logger` that will be used for logging.
|
`ctxlogrus` is a ctxlogger that is backed by logrus It accepts a user-configured `logrus.Logger` that will be used for logging. |
|
interceptor/logging/zap
`grpc_zap` is a gRPC logging middleware backed by ZAP loggers It accepts a user-configured `zap.Logger` that will be used for logging completed gRPC calls.
|
`grpc_zap` is a gRPC logging middleware backed by ZAP loggers It accepts a user-configured `zap.Logger` that will be used for logging completed gRPC calls. |
|
interceptor/logging/zap/ctxzap
`ctxzap` is a ctxlogger that is backed by Zap It accepts a user-configured `zap.Logger` that will be used for logging.
|
`ctxzap` is a ctxlogger that is backed by Zap It accepts a user-configured `zap.Logger` that will be used for logging. |