I'm using vagrant to provide some APIs to my clients (using high computational power) so some of my clients want to run these boxes on their own machines and willing to pay well
this source code is my whole business so how can I protect this source code well? can I set a password to the box? is that enough or there is any other approach
There are multiple questions here and i will try to answer them to the best of my understanding.
can I set a password to the box?
take a look at the vagrant documentation here https://www.vagrantup.com/docs/vagrantfile/ssh_settings.html
Look at
config.ssh.password
and
config.ssh.insert_key
settings. They may be able to password protect and disable passwordless login to your vm.
how can I protect this source code well?
Depending on the language you use, you can provide only compiled code or obfuscated code. Search the web for code obfuscation tools to know more.
is that enough?
I would ask you to read this from stackoverflow itself from the past. There are some very useful advice there about trying to protect the source code or the futility of it. How to protect your software code?
Here is the google search link which lists all the stackoverflow discussions from the past. See if any of them help you. https://www.google.com/search?q=how+to+protect+code+site:stackoverflow.com&hl=en&sa=X&ved=2ahUKEwjgiOm3zq_pAhWRHjQIHZYsAgQQrQIoBDABegQIAhAN&biw=1253&bih=569&dpr=1.5
