Vault integration

--------- Signed-off-by: Lyubomir Bandrov <lyubomir.bandrov@senofi.ca> Signed-off-by: Yanko Zhelyazkov <yanko@senofi.ca> Co-authored-by: Yanko Zhelyazkov <yanko@senofi.ca> Signed-off-by: Yanko Zhelyazkov <yanko@senofi.ca> add readme for hashicorp vault wallet config Signed-off-by: Yanko Zhelyazkov <yanko@senofi.ca>
senofi · Sep 4, 2024 · e573cbe · e573cbe
1 parent 094380d
commit e573cbe
Show file tree

Hide file tree

Showing 35 changed files with 4,317 additions and 4,005 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -2,8 +2,9 @@ name: Docker
 
 on:
   push:
-    tags:
-      - '*'
+    branches:
+      - main
+  workflow_dispatch:
 
 jobs:
   docker:

diff --git a/.gitignore b/.gitignore
@@ -107,3 +107,6 @@ dist
 .tern-port
 packages/athena/json_docs/json_validation/ibp_openapi_v3.publish.yaml
 packages/athena/env/dev.json
+
+# IDEs
+.idea
diff --git a/README.md b/README.md
@@ -133,6 +133,35 @@ You should be able to manage channels, Using 2.0 lifecycle to install, approve,
 * URL - http://127.0.0.1:5985/_utils/
 * Login - admin/password
 
+# Configure Fabric Operations Console Wallet With Hashicorp Vault
+The Fabric Operations Console wallet stores and manages the cryptographic materials that represent different entities and identities who interact on the Hyperledger Fabric network. By default, the wallet stores the crypto materials inside the browser's local store. If that is the preferred setup, no further configuration or action is needed to configure the wallet.
+
+HashiCorp Vault is an open-source tool designed to manage secrets and protect sensitive data like certificates, tokens, passwords, etc. If you decide to use HashiCorp Vault to securely store and manage the cryptographic materials, you may configure the wallet to use HashiCorp Vault.
+
+The configuration is a JSON file with the following structure:
+
+```json
+{
+    "vaultEnginePath": "{% engine path %}",
+    "authMethodPath": "{% user authentication path %}",
+    "url": "{% Hashicorp Vault API url %}",
+    "username": "{% user name %}",
+    "password": "{% user password %}",
+    "vaultPath": "{% folder path to store the crypto materials %}",
+    "apiVersion": "v1"
+}
+```
+
+The wallet requires a KV secrets engine path. You may create a new secrets engine dedicated to the console wallet. The configured user should be enabled with a username and password authentication method. The user should have a proper access policy to work with the configured secrets engine. You may configure the vault path variable to a convenient name. This path points to the root path under the configured secrets engine where your cryptographic materials will be stored and accessed by the wallet.
+
+The properly configured JSON file should be accessible to the console at the following path:
+```
+/server/conf/vault/vault-config.json
+```
+
+You may consult the official HashiCorp Vault documentation for detailed instructions on how to create and configure a HashiCorp Vault secrets engine, user, and respective authentication method and access policy.
+
+
 # Developing Fabric Operations Console
 This repository is managed using [Lerna](https://github.com/lerna/lerna).
 

diff --git a/docker/build_image.sh b/docker/build_image.sh
@@ -15,8 +15,8 @@ docker build \
 	--build-arg CONSOLE_TAG=${GIT_TAG} \
 	--pull -f ${SRC_DIR}/console/Dockerfile ${SRC_DIR}/../packages/.
 
-docker tag ${IMAGE_BUILD_NAME} ghcr.io/hyperledger-labs/fabric-console:latest
+docker tag ${IMAGE_BUILD_NAME} ghcr.io/senofi/fabric-console:latest
 if [[ -n $GIT_TAG ]]; then
-	echo "Creating tagged image $GIT_TAG:"
-	docker tag ${IMAGE_BUILD_NAME} ghcr.io/hyperledger-labs/fabric-console:${GIT_TAG}
+  	echo "Creating tagged image $GIT_TAG:"
+	docker tag ${IMAGE_BUILD_NAME} ghcr.io/senofi/fabric-console:${GIT_TAG}
 fi
diff --git a/docker/docker-compose-console.yaml b/docker/docker-compose-console.yaml
@@ -7,7 +7,7 @@ networks:
 services:
     fabric-console:
         container_name: fabric-console
-        image: ghcr.io/hyperledger-labs/fabric-console:latest
+        image: ghcr.io/senofi/fabric-console:latest
         ports:
             - "3000:3000"
         volumes:

diff --git a/docker/publish_image.sh b/docker/publish_image.sh
@@ -8,10 +8,10 @@ echo "Found tag $GIT_TAG"
 # Push the images
 echo "Pushing 'latest' image:"
 echo ${GITHUB_TOKEN} | docker login ghcr.io -u $GITHUB_ACTOR --password-stdin
-docker push ghcr.io/hyperledger-labs/fabric-console:latest
+docker push ghcr.io/senofi/fabric-console:latest
 
 # -n means if GIT_TAG's length is greater than 0
 if [[ -n $GIT_TAG ]]; then
-	echo "Pushing tagged image $GIT_TAG:"
-	docker push ghcr.io/hyperledger-labs/fabric-console:${GIT_TAG}
+  echo "Pushing tagged image $GIT_TAG:"
+	docker push ghcr.io/senofi/fabric-console:${GIT_TAG}
 fi
diff --git a/docs/_config.yml b/docs/_config.yml
@@ -2,7 +2,7 @@ remote_theme: pmarsceill/just-the-docs
 title: Fabric Operations Console
 aux_links:
   "Fabric Operations Console":
-  - "//github.com/hyperledger-labs/fabric-operations-console"
+  - "//github.com/senofi/fabric-operations-console"
 
 # Back to top link
 back_to_top: true
-Original file line number
+Diff line change
@@ Expand Up / @@ -2,8 +2,9 @@ name: Docker @@
     on:
       push:
-        tags:
-          - '*'
+        branches:
+          - main
+      workflow_dispatch:
     jobs:
       docker:
@@ Expand Down @@