ilterra/stealth_safe

By ilterra

Updated 26 days ago

StealthSafe backend API for encrypted SSBC2 briefcases, SFTP storage, and secure automation.

Image
Security
Web servers
Databases & storage
0

303

ilterra/stealth_safe repository overview

StealthSafe Docker Backend

ilterra/stealth_safe is the backend API and encrypted storage engine for StealthSafe Docker Edition.

It reads and writes StealthSafe-compatible encrypted .ssbc2 briefcases, manages encrypted profiles and attachments, connects to local or SFTP storage, and exposes a versioned REST API for the official web interface and controlled server-side integrations.

This image is one half of StealthSafe Docker Edition. Most users should run it together with ilterra/stealth_safe_frontend.

Quick Installation

The recommended installation package configures both official images, host folder access, persistent data, and the web port.

After extracting the package, start the published production images.

macOS or Linux
chmod +x start-stealthsafe-production.sh
./start-stealthsafe-production.sh
Windows

Run:

start-stealthsafe-production-windows.bat

When startup finishes, open:

http://localhost:33330

What The Backend Provides

  • Encrypted StealthSafe profiles and .ssbc2 briefcases.
  • Compatibility with the SSBC2 format used by StealthSafe for Apple devices.
  • Local, cloud-synchronized, NAS, and host-mounted folder storage.
  • Direct SFTP storage using password or private-key authentication.
  • Persistent encrypted SFTP caching with read-only access when the remote server is unavailable.
  • Encrypted attachments and briefcase sharing recipients.
  • A documented REST API under /api/v1.
  • API documentation at /docs and an OpenAPI document at /openapi.yaml.

The backend can be used without the official frontend by internal tools, automation, or another trusted user interface. It is not intended to be exposed directly to the public Internet without an HTTPS reverse proxy and an appropriate external access-control layer.

Backend-Only Example

The following example publishes the API only on the local machine and mounts a host folder at /host:

docker run -d \
  --name stealthsafe-backend \
  --restart unless-stopped \
  -p 127.0.0.1:18080:8080 \
  -e STEALTHSAFE_DATA_DIR=/data \
  -e STEALTHSAFE_LISTEN_ADDR=:8080 \
  -e STEALTHSAFE_MOUNT_POINTS=Host=/host \
  -v stealthsafe-data:/data \
  -v /absolute/path/to/stealthsafe-files:/host \
  ilterra/stealth_safe:latest

Then open:

On Windows, replace the bind-mount source with an absolute Docker-compatible path such as C:/Users/Alex/Documents/StealthSafe.

Host filesystem permissions still apply. The container runs as the unprivileged user 65532:65532 by default.

Configuration

VariableDefaultPurpose
STEALTHSAFE_DATA_DIR/dataPersistent encrypted profiles and remote cache
STEALTHSAFE_LISTEN_ADDR:8080Backend HTTP listen address
STEALTHSAFE_SCAN_MAX_DEPTH12Maximum folder scan depth
STEALTHSAFE_MOUNT_POINTSHost=/hostDisplay names mapped to container paths

For several mounted folders, use comma-separated mappings:

Documents=/host-documents,Shared=/host-shared

Storage And Security

The /data directory must be persistent. It contains encrypted profile data and synchronized remote cache data. Host folders containing .ssbc2 files are mounted separately and remain under the host operating system's permission model.

The production image contains a compiled and stripped Go binary in a minimal scratch runtime. It contains no shell, package manager, source tree, or compiler. Production builds use Garble to increase the cost of reverse engineering, but data security relies on the encrypted SSBC2 format rather than source-code secrecy.

Do not embed passwords, private keys, or other secrets in image layers or Compose files. SFTP credentials entered through StealthSafe are stored inside the encrypted user profile.

Image Tags And Platforms

  • latest: most recently published release.
  • Version tags such as 2.2.1-alpha: pin a specific application release.

Published images support:

  • linux/386
  • linux/amd64
  • linux/arm/v7
  • linux/arm64

For repeatable deployments, use the same version tag for both the backend and frontend images.

Tag summary

Content type

Image

Digest

sha256:6871e48c4

Size

6.4 MB

Last updated

26 days ago

docker pull ilterra/stealth_safe