Add a Quick Start Guide. #136
Conversation
docs/source/quick.rst
Outdated
|
|
||
| [global] | ||
| # Listen on a socket named './quick' | ||
| server_socket = ./quick |
There was a problem hiding this comment.
make run uses a different socket name. Can we agree on one socket name for demos and test instances? I'm a bit worried that we are confusing people otherwise.
There was a problem hiding this comment.
No this tutorial explicitly sets a different socket to:
a) show that this is something you can set to what you want
b) avoid issues if the user executes make run during the tutorial
There was a problem hiding this comment.
As a reader I think this is fine. Would be nice to document a bit more make run, perhaps a make help is needed?
docs/source/quick.rst
Outdated
|
|
||
| Let's now create a new container for our secrets | ||
| :: | ||
| $ curls -X PUT http://localhost/secrets/bucket/ |
There was a problem hiding this comment.
This PUT requests doesn't work properly, based on the docs, to create a container we should use a POST request: https://custodia.readthedocs.io/en/latest/api.html#creating-containers
There was a problem hiding this comment.
Thanks for catching it, this is a typo
docs/source/quick.rst
Outdated
| Let's now retrieve the secret we just stored | ||
| :: | ||
| $ curls -H "Accept: application/octet-stream" http://localhost/secrets/bucket/mykey | ||
| P@ssw0rd |
There was a problem hiding this comment.
Testing this locally, I got the secret information and the general message to show that Custodia works. Is it he expected result?
$ curls -H "Accept: application/octet-stream" http://localhost/secrets/bucket/mykey P@ssw0rd
"P@ssw0rd{"message": "Quis custodiet ipsos custodes?"}"
There was a problem hiding this comment.
I suspect that somehow you mistyped the message in when storing the secret ?
There was a problem hiding this comment.
It is not expect if that is not the case and I haven't seen it happen when I tested the tutorial myself
There was a problem hiding this comment.
You're right, now it's works perfectly.
Codecov Report
@@ Coverage Diff @@
## master #136 +/- ##
=======================================
Coverage 59.83% 59.83%
=======================================
Files 34 34
Lines 3025 3025
Branches 337 337
=======================================
Hits 1810 1810
Misses 1125 1125
Partials 90 90Continue to review full report at Codecov.
|
|
Note, I added a section on configuring an overlay encryption for the database, It also incidentally shows how to configure different hives to use different databases underneath. |
|
sphinx fails with |
|
@tiran, I have no clue why it fails, do you know ? |
docs/source/quick.rst
Outdated
| We'll simply clone the git tree and use Custodia in place to quickly test it. | ||
| Clone the repository, and run the make egg_info command to prepare the tree for | ||
| execution:: | ||
| $ git clone https://github.com/latchset/custodia.git |
There was a problem hiding this comment.
I think it's missing an empty line here.
docs/source/quick.rst
Outdated
|
|
||
| Once the server is started we can move to another terminal to test it. | ||
| To avoid some typing we'll create a shell alias:: | ||
| $ alias curls='curl -s --unix-socket ./quick -H "REMOTE_USER: me"' |
docs/source/quick.rst
Outdated
|
|
||
| So far we have been using the most basic database used for testing which is | ||
| sqlite based. If you use the sqlite3 command to look into the secrets table you | ||
| will pretty quickly realize that all the stored secrets are availabel in plain |
simo5
force-pushed
the
moredocs
branch
2 times, most recently
from
586f45b to
5238bf8
Compare
|
|
||
| In this Quick Start Guide you've seen how to create and fetch secrets with the | ||
| Custodia API and a few of the simple authentication and authorization plugins | ||
| available. Other plugins are vailable, and custom ones are rather simple to |
docs/source/quick.rst
Outdated
|
|
||
| If we now examine the database with the sqlite3 editor we'll see that the keys | ||
| in the 'encrypted' table are indeed encrypted (the encryption format is just a | ||
| JWE[link to Jose RFC] token). We can also see that the key names are not |
There was a problem hiding this comment.
This missing link will be a problem for now?
| $ curls -X DELETE http://localhost/secrets/bucket/ | ||
|
|
||
|
|
||
| Adding Authentication |
There was a problem hiding this comment.
Great addition, this session and the other below cover more advanced topics that makes Custodia very intersting to play with!
docs/source/quick.rst
Outdated
|
|
||
| We'll use a simple a bare minimum configuration to start off. | ||
|
|
||
| Write a file named quick.conf with the followin contents (feel free to omit the |
docs/source/quick.rst
Outdated
|
|
||
| [global] | ||
| # Listen on a socket named './quick' | ||
| server_socket = ./quick |
There was a problem hiding this comment.
As a reader I think this is fine. Would be nice to document a bit more make run, perhaps a make help is needed?
|
|
||
| $ curls -X POST http://localhost/secrets/sak/ | ||
| $ curls -H "Content-Type: application/json" -X PUT http://localhost/secrets/sak/qid -d '{"type":"simple","value":"secretcode"}' | ||
|
|
There was a problem hiding this comment.
it would useful for the reader to explicitly specify what qid is.
docs/source/quick.rst
Outdated
| text. | ||
|
|
||
| Custodia comes with a nice overlay database type that can encrypt the data | ||
| stored in any backend storage. It i useful in case the backend chosen does not |
docs/source/quick.rst
Outdated
|
|
||
| If we now examine the database with the sqlite3 editor we'll see that the keys | ||
| in the 'encrypted' table are indeed encrypted (the encryption format is just a | ||
| JWE[link to Jose RFC] token). We can also see that the key names are not |
|
Thank you @JAORMX I should have addressed all your comments, could you open a RFE Issue for make help ? |
docs/source/quick.rst
Outdated
| $ curls -X POST http://localhost/secrets/sak/ | ||
| $ curls -H "Content-Type: application/json" -X PUT http://localhost/secrets/sak/qid -d '{"type":"simple","value":"secretcode"}' | ||
|
|
||
| We can now created a new key called qui (from the unimaginative Quick ID) and |
There was a problem hiding this comment.
doh sorry about that, fixed
simo5
force-pushed
the
moredocs
branch
3 times, most recently
from
b3d851c to
d5aaf8c
Compare
Signed-off-by: Simo Sorce <[email protected]> Closes latchset#136
|
Thank you, pushed to master |
Signed-off-by: Simo Sorce <[email protected]> Closes latchset#136
No description provided.