New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Email Encryption with PGP #4657
Comments
Said notification provider is located here: uptime-kuma/server/notification-providers/smtp.js Lines 6 to 123 in 822ce53
Agree that Transmitting notifications via plain text is likely not ideal. If you want to "secure" this part, I would suggest using a notification provider which is designed for this use case. I am a bit unsure if the added maintenance effort adds value. What do you mean by
|
Thanks, added to the ticket.
This is standard for PGP implementations, like in Proton Mail etc. Getting into the details I'd suppose the security benefit here comes from protecting the uptime status of your services/infrastructure from an attacker. So perhaps uptime status could be removed from the email subject when enabling PGP (and from headers if it's in there?) leaving them generic, only communicating what's down and when in the encrypted body message.
Thanks, and I have been for sometime but nothing beats email for its open decentralised nature. Email is often omnipresent on devices whereas specific apps are not so much. Also not being tied into an app or special service provider is nice, favouring an open and standardised format.
I wonder how much extra dev maintenance this would be, perhaps it could be as little as an extra module, and a few input boxes for those that enable it? Support wise, I'd imagine this would be an advanced feature that support was not provided on. I've touched in this a little above but knowing the uptime status of critical infra could be used in an attack or to validate an attack etc. Uptime of servers/networking equipment etc could be accessed by plain text emails or via unencrypted notification service providers. This could be rare, targeted and effort filled attack in general but it could also be as easy as using a work based SMTP server, and a disgruntled email IT colleague with access could learn of certain services being down from the plain text and using this info nefariously.
Thanks, fixed type. |
You would be surprised by ho much of the support effort are these harder to configure features. The support-trouble especially start when a lackluster maintained module gets added (read: I am unsure if the module is working correctly as they have not enabled issues) We can add such a feature if
I still don't get what you mean by work nicely and secure email providers in
|
Fair enough. I don't have time to develop this unfortunately. If someone wants to pick it up I'd be happy to help where I can. |
📑 I have found these related issues/pull requests
uptime-kuma/server/notification-providers/smtp.js
Lines 6 to 123 in 822ce53
🏷️ Feature Request Type
Change to existing notification-provider
🔖 Feature description
Email notifications are pretty great and reliable, but it would be absolutely fantastic to be able to encrypt the email messages using PGP.
This would work nicely with secure email providers.
✔️ Solution
Add PGP email encryption module to Nodemailer for more secure email notifications. 🔒
https://github.com/nodemailer/nodemailer-openpgp
❓ Alternatives
using an unencrypted email? 🔓
📝 Additional Context
Nope
The text was updated successfully, but these errors were encountered: