roma
Verified Safeby binrchq
Overview
An AI-powered, ultra-lightweight jump server (bastion host) providing secure and efficient remote access solutions with native AI integration through Model Context Protocol (MCP).
Installation
docker compose -f quickstart.yaml up -dEnvironment Variables
- ROMA_API_HOST
- ROMA_API_PORT
- ROMA_API_GIN_MODE
- ROMA_API_CORS_ALLOW_ORIGINS
- ROMA_COMMON_PORT
- ROMA_COMMON_LANGUAGE
- ROMA_COMMON_PROMPT
- ROMA_COMMON_HISTORY_TMP_DIR
- ROMA_COMMON_HISTORY_TMP_MAX_LINE
- ROMA_COMMON_HISTORY_TMP_MAX_SIZE
- ROMA_DATABASE_CDB_URL
- ROMA_DATABASE_RDB_URL
- ROMA_DATABASE_RDB_PASSWD
- ROMA_LOG_LEVEL
- ROMA_APIKEY_PREFIX
- ROMA_APIKEY_KEY
- ROMA_USER_1ST_USERNAME
- ROMA_USER_1ST_EMAIL
- ROMA_USER_1ST_PASSWORD
- ROMA_USER_1ST_PUBLIC_KEY
- ROMA_USER_1ST_NAME
- ROMA_USER_1ST_NICKNAME
- ROMA_USER_1ST_ROLES
- ROMA_CONTROL_PASSPORT_SERVICE_USER
- ROMA_CONTROL_PASSPORT_PASSWORD
- ROMA_CONTROL_PASSPORT_RESOURCE_TYPE
- ROMA_CONTROL_PASSPORT_PASSPORT
- ROMA_CONTROL_PASSPORT_PASSPORT_PUB
- ROMA_CONTROL_PASSPORT_DESCRIPTION
- ROMA_BANNER_SHOW
- ROMA_BANNER_BANNER
- ROMA_TITLE
- ROMA_BASE_ROOT
- APP_ENV
- ROMA_ENCRYPTION_KEY
- ROMA_JWT_SECRET
Security Notes
The project demonstrates strong security awareness with features like SSH key authentication (password login disabled by default), API key authorization, Role-Based Access Control (RBAC), space isolation, IP blacklisting, rate limiting, and comprehensive audit logging. Sensitive data like user passwords are Bcrypt hashed, and resource credentials are AES-256-GCM encrypted. Default/demo credentials (API keys, passwords, SSH keys) are present in example configuration files and Docker Compose setups; while explicitly stated for demo purposes and replaceable via a generation script, this still presents a potential risk if not changed in production environments. The documentation clearly outlines security best practices to mitigate these risks.
Similar Servers
mcp-filesystem-server
Provides secure and controlled access to the local filesystem via the Model Context Protocol (MCP) for AI agents and other applications.
ssh-mcp-server
Bridging AI assistants to remote SSH server operations for command execution, file transfer, and server status retrieval via the Model Context Protocol (MCP).
linux-mcp-server
This server provides read-only Linux system administration, diagnostics, and troubleshooting capabilities for AI agents using the Model Context Protocol (MCP).
toolhive-studio
ToolHive is a desktop application (Electron UI) for discovering, deploying, and managing Model Context Protocol (MCP) servers in isolated containers, and connecting them to AI agents and clients.