diff --git a/artifacts/wiki/app.js b/artifacts/wiki/app.js new file mode 100644 index 0000000..232d67d --- /dev/null +++ b/artifacts/wiki/app.js @@ -0,0 +1,33 @@ +document.addEventListener('scroll', function () { + const headers = document.querySelectorAll('.section-header'); + const pageOffset = window.scrollY; + + headers.forEach(header => { + const headerOffset = header.offsetTop; + const headerHeight = header.offsetHeight; + + if (pageOffset >= headerOffset - headerHeight && pageOffset < headerOffset + headerHeight) { + header.classList.add('active'); + } else { + header.classList.remove('active'); + } + }); +}); + +function copyToClipboard() { + const codeElement = document.querySelector('.code'); + const range = document.createRange(); + range.selectNode(codeElement); + window.getSelection().removeAllRanges(); + window.getSelection().addRange(range); + document.execCommand('copy'); + window.getSelection().removeAllRanges(); + + + const notification = document.getElementById('copy-notification'); + notification.classList.add('show'); + + setTimeout(() => { + notification.classList.remove('show'); + }, 3000); +} \ No newline at end of file diff --git a/artifacts/wiki/style.css b/artifacts/wiki/style.css new file mode 100644 index 0000000..3ddf4c4 --- /dev/null +++ b/artifacts/wiki/style.css @@ -0,0 +1,231 @@ +:root { + --bold-default: 800; + --bold-text: 500; + --bg-primary: #f9f9f9; + --clr-text: #262626; + --clr-primary: #2b3e50; + --clr-secondary: #007acc; + --clr-header: #fff; + --code-primary-clr: #33333344; + --clr-code-light: #ffffffba; + --font-primary: 'Roboto', sans-serif; + --font-code: 'Fira Code', monospace; + --font-size-large: 1.6rem; + --font-size-mid: 1.4rem; + --font-size-small: 1rem; + --margin-small: 1.6rem; + --margin-mid: 3rem; + --margin-large: 5rem; +} + +html { + scroll-behavior: smooth; +} + +body { + font-family: var(--font-primary); + margin: 0; + padding: 0; + background-color: var(--bg-primary); + color: var(--clr-text); + line-height: 2rem; +} + +header { + background-color: var(--clr-primary); + color: var(--clr-header); + padding: 1rem; + text-align: center; + font-size: var(--font-size-mid); + font-weight: 700; +} + +.container { + display: flex; + justify-content: center; + align-items: center; + padding: 20px; + font-size: var(--font-size-mid); +} + +nav { + flex: 1; + align-self: self-start; + position: sticky; + top: 20px; + max-width: 200px; + font-size: var(--font-size-small); +} + +nav ul { + list-style-type: none; + padding: 0; +} + +nav ul li a { + text-decoration: none; + color: var(--clr-primary); + padding: 8px 0; + display: block; + font-weight: var(--bold-text); +} + +nav ul li a:hover { + color: var(--clr-secondary); +} + +.content { + flex: 3; + padding: 0 20px; +} + +h2 { + color: var(--clr-primary); + font-size: 1.75rem; + margin-top: 1rem; +} + +h3 { + color: var(--clr-primary); + font-size: 1.5rem; + margin-top: 1rem; +} + + +a { + color: var(--clr-secondary); + text-decoration: none; +} + +a:hover { + text-decoration: underline; +} + +/* text style */ +.bold { + font-weight: var(--bold-text); +} + +.i { + background-color: var(--code-primary-clr); + padding: 2px 7px; + /* border-radius: 5px; */ +} + +.default { + font-weight: var(--bold-default); +} + + + +/* code style */ + +.code { + margin: 0; +} + +.code-container { + position: relative; + background-color: var(--clr-primary); + color: var(--clr-header); + padding: 15px 20px; + border-radius: 10px; + font-family: var(--font-code); + font-size: var(--font-size-small); + /* overflow-x: auto; */ + cursor: pointer; + max-width: 768px; + height: 160px; +} + +.copy-btn { + background-color: transparent; + position: absolute; + top: 10px; + right: 10px; + border: none; + border-radius: 5px; + padding: 5px 10px; + cursor: pointer; + font-size: var(--font-size-mid); + transition: color 0.3s; + color: var(--clr-header); +} + +.copy-btn:hover { + /* Change to your desired hover color */ + color: var(--clr-secondary); + /* Change to your desired text color on hover */ +} + +#copy-notification { + position: fixed; + bottom: -50px; + /* Start off-screen */ + left: 50%; + transform: translateX(-50%); + background-color: var(--clr-secondary); + color: var(--bg-primary); + padding: 10px 20px; + border-radius: 5px; + font-size: 14px; + opacity: 0; + transition: bottom 0.5s ease, opacity 0.5s ease; + z-index: 1000; +} + +#copy-notification.show { + bottom: 30px; + opacity: 1; +} + +.code span { + color: var(--clr-code-light); +} + +/* end of code styling */ + + +/* scroll animation */ +.section-header { + padding-top: 20px; + transition: color 0.3s ease, background-color 0.3s ease; + color: var(--clr-primary); +} + +.section-header.active { + color: var(--clr-secondary); +} + +/* end of scroll animation */ + +.rc .code-container { + margin-bottom: var(--margin-small); +} + + + + +/* responsive */ + +@media only screen and (max-width: 768px) { + nav { + display: none; + } + + header { + font-size: var(--font-size-mid); + + } + + .code { + padding: 10px 10px; + font-size: var(--font-size-small); + overflow-x: auto; + width: 300px; + } + + .content { + padding: 30px 0; + } +} \ No newline at end of file diff --git a/artifacts/wiki/wiki.html b/artifacts/wiki/wiki.html new file mode 100644 index 0000000..ec038c5 --- /dev/null +++ b/artifacts/wiki/wiki.html @@ -0,0 +1,314 @@ + + + + + + + Boundary-Vault-Stack Documentation + + + + + + + + + + + + + +
+ Boundary-Vault-Stack Documentation +
+ +
+ + +
+
+

Getting Started

+

After the server is properly provisioned and configured, you'll have Vault and Boundary up and + running. + For the sake of education, the stack will be initialized with minimum resources for both services, + including KV and Transit engine Vault and a series of auth-methods, host + catalog, credential + stores, etc. Boundary. As the contributions increase, the resources will + be enriched accordingly, covering + more arbitrary resources and features in the format of Infrastructure as Code (IaC).

+

To grasp what's going on under the hood, you can reach out to the section you wish to explore in this + documentation.

+ +

About Hashicorp Vault and Boundary +

+

According to Hashicorp documentation:

+

Boundary is an + identity-aware proxy that simplifies and secures least-privileged access to cloud infrastructure. It + enables SSO, just-in-time access, dynamic credentials, and session management.

+

Vault is an identity-based + secrets + and encryption management system. A secret is anything that you want to tightly control access to, + such + as API encryption keys, passwords, and certificates. Vault provides encryption services that are + gated + by authentication and authorization methods. Using Vault’s UI, CLI, or HTTP API, access to secrets + and + other sensitive data can be securely stored, managed, tightly controlled (restricted), and audited. +

+

Learn more:

+ +
+ +
+

Workflows

+

Vault

+

Vault workflow involves setting up authentication methods, secret engines, and policies. The key + components include:

+
    +
  • Auth Methods: How users and applications authenticate to Vault.
    • +
  • Secret Engines: Where secrets are stored, such as key-value pairs, + database credentials, or + encryption keys.
    • +
  • Policies: Rules that define what actions an authenticated user or + service can perform within + Vault.
    • +
+ +

Boundary

+

Boundary workflow involves managing sessions, targets, and credentials. The key components include: +

+
    +
  • Sessions: Establish secure, just-in-time access to resources.
    • +
  • Targets: The infrastructure resources that users need access to, such + as servers or + databases. +
    • +
  • Credential Stores: Where dynamic or static credentials are retrieved + for access to targets. +
    • +
+
+ + +
+

Configurations

+

Environment Variables

+

Environment variables need to be configured for both Vault and Boundary. Here's an example:

+

STACK_ENV (mandatory)

+

This variable determines in which mode/environment the stack is deployed.

+
    +
  • development
    • +
  • test
    • +
  • staging
    • +
  • production
    • +
+

default : development

+
+

STACK_INIT (mandatory)

+

When first running the stack, vault-init and + boundary-init services are in charge of initiating the basic + configurations for Boundary and + `vault`. This variable determines whether these services should be executed or not. So if it's not your first time running the stack successfully, set to false. +

+
    +
  • true
    • +
  • false
    • +
+

default : true

+
+

SSH_INJECTION (optional)

+

SSH injection variable enables Boundary vault credential store. only works on paid + plan!!

+
    +
  • true
    • +
  • false
    • +
+

default : false

+ +
+ +
+

Return/Exit Codes

+

In this project, several scripts use return/exit codes to indicate the result of operations. + Understanding these codes is essential for diagnosing issues and ensuring proper execution of the + scripts. Below is a detailed explanation of each return/exit code used in the project.

+ +

Exit Code 1: Service Not Installed

+

Description: This exit code indicates that the required service is not + installed on the system.

+

Possible Causes:

+
    +
  • The service was not installed during the setup process.
    • +
  • The installation process was interrupted or failed.
    • +
+

Resolution:

+
    +
  • Verify and ensure that the installation was successful by running the prepare_env role.
    • +
+ +

Resolution:

+
+ + 
$ scripts/init.sh vault
+
+# Output: Terraform not installed
+# Exit code: 1
+
+
+
+
Copied!
+ +

Exit Code 2: Terraform Init Failed

+

Description: This exit code indicates that the `terraform init` command + failed.

+

Possible Causes:

+
    +
  • The Terraform configuration files are missing or + + corrupted.
    • +
  • There is a network issue preventing Terraform from accessing necessary modules or providers. +
    • +
  • Incorrect permissions to the directory where Terraform is being initialized.
    • +
  • Wrong terraform directory path.
    • +
+

Resolution:

+
    +
  • Ensure that all required Terraform configuration files are present and correctly configured. +
    • +
  • Refer to the Terraform Documentation for more details.
    • +
  • Check network connectivity and permissions.
    • +
+ +

Resolution:

+
+ + 
+$ scripts/init.sh vault
+
+# Output: Terraform init failed
+# Exit code: 2
+
+
+
+

Exit Code 3: Configuration is Invalid

+

Description: This exit code indicates that `terraform validate` was not + successfully executed.

+

Possible Causes:

+
    +
  • The configuration file has syntax errors.
    • +
  • Required configuration parameters are missing or incorrect.
    • +
+

Resolution:

+
    +
  • Validate the configuration file against the expected schema.
    • +
  • Ensure all required parameters are correctly specified.
    • +
+ +

Resolution:

+
+ + 
+$ scripts/init.sh vault
+
+# Output: Configuration is invalid
+# Exit code: 3
+
+
+
+

Exit Code 4: Arguments and Options are Invalid.

+

Description: This exit code indicates that the arguments or options passed + to the script are invalid.

+

Possible Causes:

+
    +
  • Incorrect or missing arguments/options.
    • +
  • The script was invoked with unsupported options.
    • +
+

Resolution:

+
    +
  • Refer to the script usage documentation to ensure all required arguments and options are + correctly specified.
    • +
  • Use the `--help` option with the script to view the correct usage.
    • +
+ +

Resolution:

+
+ + 
+$ ./start.sh --environment development
+
+# Output: Invalid option: --environment
+# Exit code: 4
+
+
+
+
+ +
+

Bear In Mind

+

Keep the following in mind when working with the Boundary-Vault stack:

+
    +
  • If you have issues with DockerHub make sure you change the image registry in deployments and + `prepare_env` role.
    • +
  • If the target node(s) get restarted, the vault gets sealed and boundary container will be in + restarting mode.
    • +
  • In case the vault container gets restarted, it will be sealed and + you'll have an error on your + boundary container, there manage to get them working together again. +
    • +
  • You can additionally add session recording and other paid plan features.
    • +
  • Vault is initialized with 1 shared-key to simplify the process, consider increasing the number + of keys and threshold for better security.
    • +
+
+ +
+

Still Having Issues

+

For further assistance, feel free to open up a new issue on the GitHub Issues page.

+
+ +
+
+ + + + + + \ No newline at end of file