Jargon Vault | Documentation

Disclaimer: You are solely responsible for protecting the data in your database by configuring the appropriate user access and network security measures. Jargon Vault acts only as a client to your database and cannot prevent malicious users from accessing your data, even though secure practices are implemented on the frontend. Please revadminiew our Terms and Agreement for more details.

Custom Jargon Vault Setup Guide and Documentation

Software Requirement

Configuring your own custom jargon vault requires a CouchDB database hosted by the user. This means you own and manage all the data stored by the application. The application communicates directly with your CouchDB instance over HTTP for all database operations. This setup eliminates the need for a separate API layer, thereby simplifying installation and maintenance. Once CouchDB is properly set up, you can configure the connection directly under the Settings section in Jargon Vault. During this process, the application will verify the connection to your CouchDB instance and ensure that all required configurations are in place.

Security Considerations When Hosting Your Own CouchDB

CouchDB supports basic, session, proxy, and JWT authentication methods. Jargon Vault currently supports only session authentication (Basic auth is skipped for security reasons). Support for proxy or JWT authentication may be added in the future as we receive additional customer requests.

When using session authentication, the application establishes a session with CouchDB using an initial username and password login. The password is not stored, and subsequent requests are managed through the session.

Even when the CouchDB authentication system is used to protect your data, we recommend taking additional security measures to ensure that your CouchDB instance is secure, especially if it is exposed to the internet.

Recommended practices
  • VPN: Use a Virtual Private Network (VPN) to secure remote access to your CouchDB instance.
  • SSH Pass-through: Restrict CouchDB access to local connections by tunneling through SSH.
  • Firewall: Configure rules to allow only authorized IPs or networks to access your CouchDB.

CouchDB-Specific Settings

  • Enable CORS: Ensure Cross-Origin Resource Sharing (CORS) is enabled in CouchDB to allow communication between different origins.
  • Authentication: Configure CouchDB to use authentication authentication (only session authentication supported at this time).

Other Considerations

Additionally, it is recommended that you

  • Ensure CouchDB is connected via HTTPS connection to encrypt traffic.
  • Regularly update CouchDB to the latest version to patch any vulnerabilities.
  • Limit Admin Privileges: Assign admin rights only to specific users and avoid using admin accounts for daily operations.
  • Enable Database Authorization: Use database-specific permissions to control access levels for each user or application.

⚠️Note: CouchDB does not support fine-grained access control (such as read/write permissions per document or field). All permissions are applied at the database level. If finer control is needed, consider enforcing it through a proxy or middleware layer, or by writing a custom validate_doc_update function within your CouchDB design document.

Additional Requirements

  • Network: Stable internet connection (if not connected locally) for database access.
  • CouchDB Version: Version 3.x or later.

Example

The following blog post from Kaihatsu Bridge provides a comprehensive guide on setting up your couch db and accessing via localhost.

https://kaihatsubridge.com/en/posts/access-your-remote-server-as-localhost-using-ssh-tunneling

Support and Feedback

For setup help, bugs, or feature requests, reach out to: [email protected] (Please include "Jargon Vault" in the subject.)

Consulting and Setup Services

Setting up infrastructure like CouchDB can be tricky. Kaihatsu Bridge offers consulting to help with secure and efficient setups, including:

  • Installing and configuring CouchDB (AWS, Azure, on-prem)
  • Implementing security (SSH, VPN, firewall)
  • CORS and session-based authentication setup
  • HTTPS configuration

Contact us: https://kaihatsubridge.com/en/contact

← Project Page