Skip to content

Icarus-afk/SparkDB

Repository files navigation

SparkDB

A lightweight, secure SQLite-powered database server with encryption, authentication, role-based access control, HTTP API, and a full-featured web console.

# Initialize a project and start
sparkdb init && sparkdb start

Quick Start

go build -o sparkdb ./cmd/sparkdb
./sparkdb init
./sparkdb start

# Log in and run a query
curl -X POST http://localhost:9600/auth/login \
  -H "Content-Type: application/json" \
  -d '{"username": "admin", "password": "admin"}'

On first run, SparkDB creates a default admin user with password admin. Change this immediately in production. The web console shows a setup wizard on first login to help with this.

Features

  • SQLite-backed — full SQL via modernc.org/sqlite (pure Go, no CGO)
  • AES-256-GCM encryption — at-rest database encryption
  • Argon2id password hashing — memory-hard, timing-safe
  • Password strength validation — min 8 chars, uppercase, lowercase, digit
  • Multi-factor auth — JWT tokens, session tokens, and API keys
  • Encrypted API keys — stored as AES-256-GCM ciphertext at rest
  • Role-based access control — admin, developer, readonly, auditor
  • TLS support — auto-generated or custom certificates
  • Audit logging — all queries and actions logged (async, non-blocking)
  • Rate limiting & account lockout — brute-force protection
  • Backup and restore — on-demand and scheduled with automatic pruning
  • Prometheus metrics/metrics endpoint with P99 latency
  • Web console — built-in management UI with setup wizard, schema visualizer, inline data editing, and query editor
  • Primary/replica replication — query-log-based
  • Context-aware query execution — cancellation and timeout support
  • Parameterized queries — safe interpolation via params field

Documentation

Topic Description
Installation Build, init, Docker, Makefile targets
Configuration Config file, env vars, Docker secrets
Authentication JWT, sessions, API keys, user management, password policies
CLI Reference All commands, flags, shell meta-commands
API Reference REST endpoints, request/response formats
Replication Primary/replica setup, architecture
Security Encryption, rate limiting, query validation, CORS, password policies
Deployment Production checklist, Docker, systemd, reverse proxy
Development Project structure, tech stack, testing, web console

License

MIT

About

SparkDB — A lightweight, embeddable SQLite database server with encryption, RBAC, a web console, HTTP API, and primary/replica replication. Deploy SQLite like a real service.

Topics

Resources

Security policy

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors