Skip to content

Commit

Permalink
Vault integration
Browse files Browse the repository at this point in the history
---------

Signed-off-by: Lyubomir Bandrov <lyubomir.bandrov@senofi.ca>
Signed-off-by: Yanko Zhelyazkov <yanko@senofi.ca>
Co-authored-by: Yanko Zhelyazkov <yanko@senofi.ca>
Signed-off-by: Yanko Zhelyazkov <yanko@senofi.ca>

add readme for hashicorp vault wallet config

Signed-off-by: Yanko Zhelyazkov <yanko@senofi.ca>
  • Loading branch information
lbandrov authored and yzhivkov committed Sep 4, 2024
1 parent 094380d commit ddb66e0
Show file tree
Hide file tree
Showing 35 changed files with 3,962 additions and 3,582 deletions.
5 changes: 3 additions & 2 deletions .github/workflows/deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,9 @@ name: Docker

on:
push:
tags:
- '*'
branches:
- main
workflow_dispatch:

jobs:
docker:
Expand Down
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -107,3 +107,6 @@ dist
.tern-port
packages/athena/json_docs/json_validation/ibp_openapi_v3.publish.yaml
packages/athena/env/dev.json

# IDEs
.idea
29 changes: 29 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,35 @@ You should be able to manage channels, Using 2.0 lifecycle to install, approve,
* URL - http://127.0.0.1:5985/_utils/
* Login - admin/password

# Configure Fabric Operations Console Wallet With Hashicorp Vault
The Fabric Operations Console wallet stores and manages the cryptographic materials that represent different entities and identities who interact on the Hyperledger Fabric network. By default, the wallet stores the crypto materials inside the browser's local store. If that is the preferred setup, no further configuration or action is needed to configure the wallet.

HashiCorp Vault is an open-source tool designed to manage secrets and protect sensitive data like certificates, tokens, passwords, etc. If you decide to use HashiCorp Vault to securely store and manage the cryptographic materials, you may configure the wallet to use HashiCorp Vault.

The configuration is a JSON file with the following structure:

```json
{
"vaultEnginePath": "{% engine path %}",
"authMethodPath": "{% user authentication path %}",
"url": "{% Hashicorp Vault API url %}",
"username": "{% user name %}",
"password": "{% user password %}",
"vaultPath": "{% folder path to store the crypto materials %}",
"apiVersion": "v1"
}
```

The wallet requires a KV secrets engine path. You may create a new secrets engine dedicated to the console wallet. The configured user should be enabled with a username and password authentication method. The user should have a proper access policy to work with the configured secrets engine. You may configure the vault path variable to a convenient name. This path points to the root path under the configured secrets engine where your cryptographic materials will be stored and accessed by the wallet.

The properly configured JSON file should be accessible to the console at the following path:
```
/server/conf/vault/vault-config.json
```

You may consult the official HashiCorp Vault documentation for detailed instructions on how to create and configure a HashiCorp Vault secrets engine, user, and respective authentication method and access policy.


# Developing Fabric Operations Console
This repository is managed using [Lerna](https://github.com/lerna/lerna).

Expand Down
6 changes: 3 additions & 3 deletions docker/build_image.sh
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@ docker build \
--build-arg CONSOLE_TAG=${GIT_TAG} \
--pull -f ${SRC_DIR}/console/Dockerfile ${SRC_DIR}/../packages/.

docker tag ${IMAGE_BUILD_NAME} ghcr.io/hyperledger-labs/fabric-console:latest
docker tag ${IMAGE_BUILD_NAME} ghcr.io/senofi/fabric-console:latest
if [[ -n $GIT_TAG ]]; then
echo "Creating tagged image $GIT_TAG:"
docker tag ${IMAGE_BUILD_NAME} ghcr.io/hyperledger-labs/fabric-console:${GIT_TAG}
echo "Creating tagged image $GIT_TAG:"
docker tag ${IMAGE_BUILD_NAME} ghcr.io/senofi/fabric-console:${GIT_TAG}
fi
2 changes: 1 addition & 1 deletion docker/docker-compose-console.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ networks:
services:
fabric-console:
container_name: fabric-console
image: ghcr.io/hyperledger-labs/fabric-console:latest
image: ghcr.io/senofi/fabric-console:latest
ports:
- "3000:3000"
volumes:
Expand Down
6 changes: 3 additions & 3 deletions docker/publish_image.sh
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,10 @@ echo "Found tag $GIT_TAG"
# Push the images
echo "Pushing 'latest' image:"
echo ${GITHUB_TOKEN} | docker login ghcr.io -u $GITHUB_ACTOR --password-stdin
docker push ghcr.io/hyperledger-labs/fabric-console:latest
docker push ghcr.io/senofi/fabric-console:latest

# -n means if GIT_TAG's length is greater than 0
if [[ -n $GIT_TAG ]]; then
echo "Pushing tagged image $GIT_TAG:"
docker push ghcr.io/hyperledger-labs/fabric-console:${GIT_TAG}
echo "Pushing tagged image $GIT_TAG:"
docker push ghcr.io/senofi/fabric-console:${GIT_TAG}
fi
2 changes: 1 addition & 1 deletion docs/_config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ remote_theme: pmarsceill/just-the-docs
title: Fabric Operations Console
aux_links:
"Fabric Operations Console":
- "//github.com/hyperledger-labs/fabric-operations-console"
- "//github.com/senofi/fabric-operations-console"

# Back to top link
back_to_top: true
Expand Down
Loading

0 comments on commit ddb66e0

Please sign in to comment.