In his free time, Tony Cai developed an interactive user-face for Hashicorp's Vault program, which is proving popular on Github.

Student’s open-source software takes off on Github

June 26, 2017

If you build it, they will come. That’s the advice of computing science student Tony Cai, whose security software project is gaining traction in the open-source community.

Since launching on Github last February, Cai’s interactive user interface (UI) for Hashicorp’s security program Vault has been clocking up around 3000 views and 60 clones per week.

It has also earned 500 stars, a sign of appreciation equivalent to a Facebook “like,” from employees at top Vancouver-based companies including SAP, Salesforce and Tasktop.  

Vault allows large organizations to manage secret information including API keys, database usernames and passwords and certificates.

Currently a back-end-only platform, some coding expertise is required to operate the program using a series of text commands.

“It’s a really useful program, but without a user interface, it’s just a bit too tedious and repetitive,” says Cai.

“If a team brings a new member onboard who’s not familiar with this method, that becomes another overhead for the company.”

So Cai has set to work developing a front-end user interface, called Goldfish, that will help users and organizations save a valuable commodity: time.  

Taking optimization a step further, Cai has also developed a script that allows the computer to automatically generate a security token.

“The token should never be created under the eyes of one person, so changing one policy could take three administrators an hour of meeting time,” says Cai.

“But if the machine does it – nobody will ever get that secret out. Even if people are snowed in, which happened earlier this year, they can still do this in a matter of seconds from home.”

Cai’s inspiration came after a long day generating workflow scripts for Vault.  

“I was about to go home, but then I thought: What if I tried to do this in a different way?”

First, he had to tackle two new coding languages for the program’s front- and back-end: Golang and Vue.

“I personally find these languages amazing, but when I Googled them, there were only four results. At the time, not a lot of people were using these languages together.”

Another challenge: ensuring security.

“If companies are going to roll over their secure information, the projects I design for Vault need to be every bit as secure as the program itself. Everything I do, I have to keep security in mind.”

Cai is continuously refining the software in his spare time, while working full-time on a co-op work placement – on average, he spends around 15 hours a week, evenings and weekends, optimizing features for Vault.

Spurred on by the project’s success, he plans to bring some friends on-board as contributors to help develop additional features.

“Several people from major companies posted questions on the repository regarding production deployments," says Cai.

“If Hashicorp wanted to integrate these functions into Vault, I would be delighted.”

By sharing his story, Cai hopes to inspire other students to develop their own software.

“I think people often have great ideas, but they give up too early,” says Cai.

“I didn’t think I could make software that companies would want to use, but through persistence, I did it. I would encourage any student with an interest in software development to find a problem, and then go solve it.”

Want to contribute to the project? Cai is currently accepting pull requests on his repository.

To start creating your own software project, Cai recommends contributing to the Mozilla code base.