spiffe · v0lkan · Nov 8, 2024 · Nov 8, 2024 · v0lkan · Nov 8, 2024
@@ -1,5 +1,3 @@
-![SPIKE](assets/spike-banner-lg.png)
-
 ## Secure Production Identity for Key Encryption (SPIKE)
 
 **SPIKE**  is a lightweight **secrets store** that uses [SPIFFE][spiffe] 

@@ -1,5 +1,3 @@
-![SPIKE](../assets/spike-banner.png)
-
 ## SPIKE Architectural Decision Records (*ADRs*)
 
 * [ADR-0001: Display Secrets in Plain Text in SPIKE Pilot Admin CLI](adrs/adr-0001.md)

@@ -1,5 +1,3 @@
-![SPIKE](../assets/spike-banner.png)
-
 # ADR-0001: Display Secrets in Plain Text in SPIKE Pilot Admin CLI
 
 - Status: accepted

@@ -1,11 +1,9 @@
-![SPIKE](../assets/spike-banner.png)
+# ADR-0002: Use Docsify for Documentation System
 
 - Status: accepted
 - Date: 2024-11-03
 - Tags: Documentation
 
-# ADR-0002: Use Docsify for Documentation System
-
 ## Context
 
 We need a documentation system that:

@@ -1,12 +1,11 @@
-![SPIKE](../assets/spike-banner.png)
+# ADR-0003: Root Key Management and Storage Strategy
 
 - Status: accepted
 - Date: 2024-11-03
 - Tags: Security, Storage, Encryption
 
-# ADR-0003: Root Key Management and Storage Strategy
-
 ## Context
+
 We need a secure strategy for managing the root key that **SPIKE Nexus**
 uses. This key is critical for the system's security and requires:
 
@@ -20,11 +19,11 @@ uses. This key is critical for the system's security and requires:
 
 We will implement a multi-layered approach for root key management:
 
-1. Runtime Storage:
+* 1. Runtime Storage:
   - Root key will be stored in memory only as plain text
   - This applies to both SPIKE Nexus and SPIKE Keeper components
 
-2. Persistent Storage:
+* 2. Persistent Storage:
   - Root key will be stored in PostgreSQL database
   - The stored version will be:
     - Salted

@@ -1,11 +1,9 @@
-![SPIKE](../assets/spike-banner.png)
+# ADR-0004: SPIKE Keeper Minimalist Design Approach
 
 - Status: accepted
 - Date: 2024-11-03
 - Tags: Security, Redundancy, Availability
 
-# ADR-0004: SPIKE Keeper Minimalist Design Approach
-
 ## Context
 
 **SPIKE Keeper** serves as a critical component in our system's key management 

@@ -1,11 +1,9 @@
-![SPIKE](../assets/spike-banner.png)
+# ADR-0005: Use SPIFFE mTLS for Inter-Component Authentication and Communication
 
 - Status: accepted
 - Date: 2024-11-03
 - Tags: Security, Networking, SPIFFE, SPIRE
 
-# ADR-0005: Use SPIFFE mTLS for Inter-Component Authentication and Communication
-
 ## Context
 
 Our system requires secure communication between various components with:

@@ -1,11 +1,9 @@
-![SPIKE](../assets/spike-banner.png)
+# ADR-0006: Trust Boundary Definition and Security Assumptions
 
 - Status: accepted
 - Date: 2024-11-03
 - Tags: Security, Threat Model, Trust
 
-# ADR-0006: Trust Boundary Definition and Security Assumptions
-
 ## Context
 
 We need to clearly define our system's trust boundaries and security assumptions 

@@ -1,11 +1,10 @@
-![SPIKE](../assets/spike-banner.png)
+
+# ADR-0007: Root Key Lifecycle and Management Strategy
 
 - Status: accepted
 - Date: 2024-11-03
 - Tags: Security
 
-# ADR-0007: Root Key Lifecycle and Management Strategy
-
 ## Context
 
 Our system requires a robust and secure approach to managing the root key, 

@@ -1,12 +1,12 @@
-![SPIKE](../assets/spike-banner.png)
+
+# ADR-0008: Administrative Access Control System
 
 - Status: accepted
 - Date: 2024-11-03
 - Tags: Security, Administration, Disaster Recovery
 
-# ADR-0008: Administrative Access Control System
-
 ## Context
+
 We need a secure and auditable system for administrative access that:
 - Manages initial system provisioning
 - Controls ongoing administrative access

@@ -1,12 +1,12 @@
-![SPIKE](../assets/spike-banner.png)
+
+# ADR-0009: Multi-Administrator Support System
 
 - Status: accepted
 - Date: 2024-11-03
 - Tags: Security, Administration, Disaster Recovery
 
-# ADR-0009: Multi-Administrator Support System
-
 ## Context
+
 The system needs to support multiple administrators with different levels of 
 access and responsibilities. We need to:
 - Allow delegation of administrative tasks
@@ -17,14 +17,17 @@ access and responsibilities. We need to:
 - Handle emergency access scenarios
 
 ## Decision
+
 We will implement a hierarchical multi-admin system with policy-based access control:
 
 ### Administrative Hierarchy
+
 - Initial admin has super-admin privileges
 - Ability to create and manage other admin accounts
 - Policy-based access control for different admin roles
 
 ### Access Control
+- 
 - Role-based access control (RBAC)
 - Tenant-based isolation
 - Fine-grained permissions

@@ -1,11 +1,9 @@
-![SPIKE](../assets/spike-banner.png)
+# ADR-0010: Session Token Storage Strategy for SPIKE Nexus
 
 - Status: accepted
 - Date: 2024-11-03
 - Tags: Security, Sessions, Memory Management, Scalability
 
-# ADR-0010: Session Token Storage Strategy for SPIKE Nexus
-
 ## Context
 
 **SPIKE Nexus** requires storage of session tokens for admin authentication. 

@@ -1,15 +1,14 @@
-![SPIKE](../assets/spike-banner.png)
+
+# ADR-0011: PostgreSQL as SPIKE's Backing Store
 
 - Status:
-  - Superseded by [ADR-0013: S3-Compatible Storage as SPIKE's Backing Store](adrs/adr-0013.md)
+   - Superseded by [ADR-0013: S3-Compatible Storage as SPIKE's Backing Store](adrs/adr-0013.md)
 - Date: 2024-11-07
 - History:
-  - 2024-11-04: Accepted
-  - 2024-11-07: Superseded by ADR-0013
+   - 2024-11-04: Accepted
+   - 2024-11-07: Superseded by ADR-0013
 - Tags: Database, Persistence, Storage, Backup
 
-# ADR-0011: PostgreSQL as SPIKE's Backing Store
-
 ## Context
 
 **SPIKE** needs a reliable, secure, and performant backing store to maintain 

@@ -1,11 +1,8 @@
-![SPIKE](../assets/spike-banner.png)
+# ADR-0012: HTTP Methods for SPIKE API
 
 - Status: accepted
 - Date: 2024-11-04
 - Tags: API, TLS, Semantics, Network, Operations
-
-# ADR-0012: HTTP Methods for SPIKE API
-
 ## Context
 
 SPIKE is a secrets management system that provides an HTTP API for CRUD 

@@ -1,13 +1,11 @@
-![SPIKE](../assets/spike-banner.png)
+# ADR-0013: S3-Compatible Storage as SPIKE's Backing Store
 
-- Status: 
+- Status:
   - accepted
-  - - Superseeds [ADR-0011: PostgreSQL as SPIKE's Backing Store](adrs/adr-0011.md)
+  - Superseeds [ADR-0011: PostgreSQL as SPIKE's Backing Store](adrs/adr-0011.md)
 - Date: 2024-11-07
 - Tags: Storage, Authorization, Policy, S3, MinIO
 
-# ADR-0013: S3-Compatible Storage as SPIKE's Backing Store
-
 ## Context
 
 SPIKE needs a reliable, secure, and performant backing store to maintain encrypted 

@@ -1,5 +1,3 @@
-![SPIKE](../assets/spike-banner.png)
-
 ## What is SPIKE?
 
 SPIKE (*Secure Production Identity for Key Encryption*) is a secrets management

@@ -1,5 +1,3 @@
-![SPIKE](../../assets/spike-banner.png)
-
 ## Flowcharts and Sequence Diagrams
 
 * [Key-Value Store](architecture/charts/key-value-store.md)
@@ -8,5 +6,4 @@
 * [SPIKE Nexus Root Key Provisioning](architecture/charts/day-zero.md)
 * [SPIKE Nexus Automatic Recovery](architecture/charts/recovery.md)
 * [SPIKE Manual System Re-Init](architecture/charts/re-init.md)
-* [SPIKE Forced Reset](architecture/charts/reset.md)
-* [SPIKE Database Design](architecture/charts/db.md)
+* [SPIKE Forced Reset](architecture/charts/reset.md)
@@ -1,5 +1,3 @@
-![SPIKE](../../assets/spike-banner.png)
-
 ## SPIKE Nexus Root Key Provisioning
 
 ```mermaid

@@ -1,5 +1,3 @@
-![SPIKE](../../assets/spike-banner.png)
-
 ## SPIKE Database Usage
 
 **SPIKE Nexus** is the only client for the backing store (*Postgres DB*).

@@ -1,5 +1,3 @@
-![SPIKE](../../assets/spike-banner.png)
-
 ## SPIKE Initialization
 
 ```mermaid

@@ -1,5 +1,3 @@
-![SPIKE](../../assets/spike-banner.png)
-
 ## Key-Value Store
 
 ```mermaid 

@@ -1,5 +1,3 @@
-![SPIKE](../../assets/spike-banner.png)
-
 ## SPIKE Login
 
 ```mermaid

@@ -1,5 +1,3 @@
-![SPIKE](../../assets/spike-banner.png)
-
 ## SPIKE Manual System Re-Initialization
 
 ```mermaid 

@@ -1,5 +1,3 @@
-![SPIKE](../../assets/spike-banner.png)
-
 ## SPIKE Nexus Automatic Recovery After Crash
 
 ```mermaid

@@ -1,5 +1,3 @@
-![SPIKE](../../assets/spike-banner.png)
-
 ## SPIKE Forced Root Key Reset
 
 This will make all the stored secrets obsolete, so it should be done

@@ -1,5 +1,3 @@
-![SPIKE](../assets/spike-banner.png)
-
 ## Monitoring and Observability
 
 ### Health Metrics

@@ -1,5 +1,3 @@
-![SPIKE](../assets/spike-banner.png)
-
 ## Recovery Mechanisms
 
 ### SPIKE Nexus Crash Recovery

@@ -1,5 +1,3 @@
-![SPIKE](../assets/spike-banner.png)
-
 ## SPIKE Security Model
 
 Here is a brief introduction to **SPIKE** security model.

@@ -1,5 +1,3 @@
-![SPIKE](../assets/spike-banner.png)
-
 ## SPIKE Components
 
 **SPIKE** has the following system components:

@@ -1,5 +1,3 @@
-![SPIKE](assets/spike-banner.png)
-
 # SPIKE Changelog
 
 ## Recent

@@ -1,5 +1,3 @@
-![SPIKE](assets/spike-banner.png)
-
 ## Configuring SPIKE
 
 You can use environment variables to configure the **SPIKE** components. 

@@ -14,17 +14,60 @@
   <link rel="icon" type="image/png" href="/assets/spike-favicon-128x128.png" sizes="128x128" />
 </head>
 <body>
-<div id="app"></div>
+<div id="app">
+
+
+
+</div>
+<style>
+  article {
+    min-height: calc( 100vh - 188px - 4em );
+  }
+  footer a {
+    color: #42b983;
+  }
+</style>
+<footer style="text-align:center;padding:1em;padding-top:2em;padding-bottom:2em;background:#fafafa;
+border-top: 1px #eeeeee solid;font-size: 18px;
+" id="footer">
+
+  Copyright © 2024-present <strong>SPIKE Contributors</strong>.<br>
+  <strong>SPIKE</strong>'s code
+  is distributed under <a class="text-blue-600 underline"
+  href="https://www.mozilla.org/en-US/MPL/2.0/">Mozilla Public License (v2.0)</a>.
+  <br>
+  The documentation on this website
+  is distributed under <a class="text-blue-600 underline" href="https://creativecommons.org/licenses/by/4.0/">CC-BY-4.0</a>.
+  <br><br>
+  We do not collect your data. This site does not use any tracking cookies or scripts.
+</footer>
 <script>
   var num = 0;
   mermaid.initialize({ startOnLoad: false });
+  setTimeout(function check() {
+    var main = document.getElementById('main');
+    if (main) {
+      main.parentNode.appendChild(document.getElementById('footer'));
+      return
+    }
+    setTimeout(check, 100);
+  }, 100);
+
+
   window.$docsify = {
+    repo: "https://github.com/spiffe/spike",
+    logo: "/assets/spike-banner.png",
+    name: "SPIKE",
     el: "#app", loadSidebar: true,
     markdown: { renderer: { code: function(code, lang) {
       if (lang === "mermaid") {return ('<div class="mermaid">' +
         mermaid.render('mermaid-svg-' + num++, code) + "</div>");}
+
+    console.log('a')
+    console.log(document.getElementById('main'))
     return this.origin.code.apply(this, arguments);
   }}}};
+
 </script>
 <script src="/assets/docsify.js"></script>
 </body>

@@ -1,5 +1,3 @@
-![SPIKE](assets/spike-banner.png)
-
 ## 🚨 Alpha Release Notice 🚨
 
 * **Project Status**: **Alpha**