Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add rustyvault website #66

Merged
merged 5 commits into from
May 28, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .github/workflows/rust.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,14 @@ name: Rust
on:
push:
branches: [ "main" ]
paths-ignore:
- "docs/**/*"
- ".github/workflows/website.yml"
pull_request:
branches: [ "main" ]
paths-ignore:
- "docs/**/*"
- ".github/workflows/website.yml"

env:
CARGO_TERM_COLOR: always
Expand Down
31 changes: 31 additions & 0 deletions .github/workflows/website.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
name: Test deployment

on:
pull_request:
paths:
- ".github/workflows/website.yml"
- "docs/**/*"
push:
branches: [main]

defaults:
run:
shell: bash
working-directory: ./docs

jobs:
test-deploy:
name: Test deployment
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-node@v4
with:
node-version: 18

- name: Install dependencies
run: yarn install --frozen-lockfile
- name: Test build website
run: yarn build
20 changes: 20 additions & 0 deletions docs/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# Dependencies
/node_modules

# Production
/build

# Generated files
.docusaurus
.cache-loader

# Misc
.DS_Store
.env.local
.env.development.local
.env.test.local
.env.production.local

npm-debug.log*
yarn-debug.log*
yarn-error.log*
1 change: 1 addition & 0 deletions docs/NOTES.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
cp -r docs/* versioned_docs/version-0.12.x/
33 changes: 33 additions & 0 deletions docs/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# SeaORM Documentation

This website is built using [Docusaurus 2](https://docusaurus.io/), a modern static website generator.

## Installation

```console
yarn install
```

## Local Development

```console
yarn start
```

This command starts a local development server and opens up a browser window. Most changes are reflected live without having to restart the server.

## Build

```console
yarn build
```

This command generates static content into the `build` directory and can be served using any static contents hosting service.

## Deployment

```console
GIT_USER=<Your GitHub username> USE_SSH=true yarn deploy
```

If you are using GitHub pages for hosting, this command is a convenient way to build the website and push to the `gh-pages` branch.
3 changes: 3 additions & 0 deletions docs/babel.config.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
module.exports = {
presets: [require.resolve('@docusaurus/core/lib/babel/preset')],
};
78 changes: 78 additions & 0 deletions docs/docs/install.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
---
sidebar_position: 2
title: Install
---

# Install RustyVault

RustyVault must be installed properly in your environment before it actually works. Currently RustyVault is only available by source code. RustyVault can be used as an application or a library, thus:

1. RustyVault is available to compile from source code only, or
2. RustyVault is availabe on [crates.io](https://crates.io/crates/rusty_vault) for other Rust projects.

This document is about how to build and install RustyVault in the application form. For the library form, please go to [docs.rs](https://docs.rs/rusty_vault/latest/rusty_vault) for more information.

## Operating System

RustyVault is supposed to work on the following operating systems:

* Linux
* macOS
* Windows (experimental)

In this document, macOS is used as the demonstration operating system.

## Prerequisite

RustyVault is developed in [Rust](https://rust-lang.org) programming language, so Rust must be properly installed in your environment before building RustyVault.

Read [this](https://www.rust-lang.org/tools/install) to make Rust work for you.

## Build from Source

Clone the latest RustyVault source code from Github:

~~~bash
git clone https://github.com/Tongsuo-Project/RustyVault.git
~~~

Then you have a directory called RustyVault now. Change directory into it.

~~~bash
cd RustyVault
~~~

Simply build the binary by using the tool Cargo.

~~~bash
cargo build
~~~

Rust toolchain is responsible for taking care of almost everything during the build process. After RustyVault is successfully built, you get a bundle of files in the `RustyVault/target/debug` directory. There will be a executable file called `rvault`, which is the application of RustyVault.

## Verify RustyVault

Simply run the following command:

~~~bash
target/debug/rvault --help
~~~

And you will get a response similar to:

~~~bash
A secure and high performance secret management software that is compatible with Hashicorp Vault.

Usage: rvault [COMMAND]

Commands:
server Start a rusty_vault server
status Print seal and HA status
help Print this message or the help of the given subcommand(s)

Options:
-h, --help Print help
-V, --version Print version
~~~

That means you now have a ready-to-use RustyVault binary.
182 changes: 182 additions & 0 deletions docs/docs/quick-start.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,182 @@
---
sidebar_position: 1
title: Quick Start
---

# RustyVault Quick Start

In this document, we demonstrate several minimum but necessary steps for starting up a RustyVault server and make it functional for real features.

This quick start document includes examples to:

1. how to build RustyVault binary from source
2. how to start a basic RustyVault server
3. how to configure a RustyVault server
4. how to use a RustyVault server to store sensitive data (the 'secrets', for instance)

## Build from Source

Read [install.md](./install.md) if you want more detailed information on installation.

Clone RustyVault from Github:

~~~bash
git clone https://github.com/Tongsuo-Project/RustyVault.git

cd RustyVault
~~~

Build RustyVault by using Rust toolchain:

~~~bash
cargo build
~~~

If the build is successful, then you now have an executable binary file called `rvault` in `RustyVault/target/debug` directory.

## Run the Server

RustyVault runs as a daemon in the operation system. It's basically a server that provides a set of RESTful HTTP APIs. So after the server is running in the background, you can send HTTP requests to ask the server to do the jobs.

To launch a RustyVault server, a configuration file is needed. As Hashicorp Vault, RustyVault can also parse HCL configuration files. A typical usable example RustyVault configuration file is as follows:

~~~conf
storage "file" {
path = "./data"
}

listener "tcp" {
address = "127.0.0.1:8200"
tls_disable = "true"
tls_cert_file = "servercert.pem"
tls_key_file = "serverkey.pem"
tls_disable_client_certs = false
tls_require_and_verify_client_cert = false
}

daemon = true
daemon_user = "paul"
daemon_group = "staff"

work_dir = "/Users/paul/work/tmp/rusty_vault/"

api_addr = "http://127.0.0.1:8200"
log_level = "debug"
pid_file = "rusty_vault.pid"
~~~

You need to change the variables like `daemon_user`, `daemon_group` and `work_dir` to the actual value in your environment. Then just copy and paste it to a local file, say, `rvault.hcl` somewhere on your machine.

Then launch the server (assume you are still in `RustyVault` directory):

~~~bash
target/debug/rvault server --config /path/to/rvault.hcl
~~~

Check the process is running:

~~~bash
ps -xa | grep rvault

89174 ?? 0:00.46 target/debug/rvault server --config /Users/paul/work/tmp/rvault.hcl
89448 ttys006 0:00.00 grep rvault
~~~

There should be an `rvault` process running in background.

Now the server is listening on TCP port 8200 and it's ready for incoming HTTP requests.

## Initialize RustyVault

Before it's fully usable, a RustyVault server needs to be initialized. For instance, a master key is generated during the initialization procedure and is used to `seal` and `unseal` RustyVault, thus the data in RustyVault can be correctly encrypted.

In this section, we use command line tool `curl` to manipulate the server and use `jq` to parse the JSON data in the HTTP responses. `jq` is not required, but we highly recommend to install it on your machine. Click [here](https://jqlang.github.io/jq/download/) for more information on installing `jq`.

To launch the server, simply run:

~~~bash
curl --request PUT --data '{"secret_shares": 1, "secret_threshold": 1}' http://127.0.0.1:8200/v1/sys/init | jq
~~~

The response should be similar to this:

~~~json
{
"keys": [
"7df5ff90cd9417e04cbb9f6db65e0b16ce265d5108fd07e45bdae1a35bf5da6a"
],
"root_token": "bc9e904b-acff-db3d-4cfd-f575cb36428a"
}
~~~

Now we have a key to unseal RustyVault and a root token.

You can check the initialization status by sending:

~~~bash
curl http://127.0.0.1:8200/v1/sys/init | jq
{
"initialized": true
}
~~~

## Unseal the RustyVault Server

When RustyVault is initialized properly, it's in the *sealed* status. *Seald* here means everything in RustyVault is encrypted and protected, thus no one can use any functionality RustyVault. You need to *unseal* it to make it fully functional.

To unseal, the key generated in previous section will be used:

~~~bash
curl --request PUT --data '{"key": "7df5ff90cd9417e04cbb9f6db65e0b16ce265d5108fd07e45bdae1a35bf5da6a"}' http://127.0.0.1:8200/v1/sys/unseal | jq
~~~

If everything went smoothly, then a response with `sealed: false` will be returned:

~~~json
{
"sealed": false,
"t": 1,
"n": 1,
"progress": 0
}
~~~

This indicates the RustyVault server is not sealed and it's ready to do more real jobs.

## Write Secrets to RustyVault

A frequently used feature of RustyVautl is *secret*, it's basically a secure key-value storage that can retain arbitary sensitive values such as password, credentials, tokens, keys and so forth.

RustyVault needs client authentication for further operations. In this demonstration, we utilize the `root_token` generated in previous section for simplicity.

Let's ask RustyVault to store a `foo: bar` value under the key `test`:

~~~bash
curl --Header "Cookie: token=bc9e904b-acff-db3d-4cfd-f575cb36428a" --request POST --data '{ "foo": "bar" }' http://127.0.0.1:8200/v1/secret/test | jq
~~~

Then read it out:

~~~bash
curl --Header "Cookie: token=bc9e904b-acff-db3d-4cfd-f575cb36428a" http://127.0.0.1:8200/v1/secret/test | jq
{
"renewable": false,
"lease_id": "",
"lease_duration": 3600,
"auth": null,
"data": {
"foo": "bar"
}
}
~~~

In the `data` section of the responsed JSON, you can see the `foo:bar` value once again!

## Next Steps

In this document, we built a RustyVault server, started it up and configured it to accept user commands such as storing sensitive data. All examples here are only for demonstration purposes, they may not safe in real production scenarios. Some more features are introduced in RustyVault to make it production ready:

* Authentication methods: RustyVault offers different authentication methods, which allow you create new client tokens with fine-grained access policy,
* More storage types: This demonstration uses local file as storage, but in reality it's neither efficient nor secure. RustyVault also supports other remote storage types like database, remote file system or so.
* Running status: a log file is located in the working directory of RustyVault, important information is logged in it for debug or other purposes.
* Compatibility with Hashicorp Vault: RustyVault is compatible with Hashicorp Vault, so most Hashicorp Vault documentation is also worth to read to help you understand RustyVault ;-)
Loading
Loading