Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hashicorp Vault wallet implementation #781

Merged
Merged
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions .github/workflows/deploy.yml
Original file line number Diff line number Diff line change
@@ -2,8 +2,9 @@ name: Docker

on:
push:
tags:
- '*'
branches:
- main
workflow_dispatch:

jobs:
docker:
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -107,3 +107,6 @@ dist
.tern-port
packages/athena/json_docs/json_validation/ibp_openapi_v3.publish.yaml
packages/athena/env/dev.json

# IDEs
.idea
29 changes: 29 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -133,6 +133,35 @@ You should be able to manage channels, Using 2.0 lifecycle to install, approve,
* URL - http://127.0.0.1:5985/_utils/
* Login - admin/password

# Configure Fabric Operations Console Wallet With Hashicorp Vault
The Fabric Operations Console wallet stores and manages the cryptographic materials that represent different entities and identities who interact on the Hyperledger Fabric network. By default, the wallet stores the crypto materials inside the browser's local store. If that is the preferred setup, no further configuration or action is needed to configure the wallet.

HashiCorp Vault is an open-source tool designed to manage secrets and protect sensitive data like certificates, tokens, passwords, etc. If you decide to use HashiCorp Vault to securely store and manage the cryptographic materials, you may configure the wallet to use HashiCorp Vault.

The configuration is a JSON file with the following structure:

```json
{
"vaultEnginePath": "{% engine path %}",
"authMethodPath": "{% user authentication path %}",
"url": "{% Hashicorp Vault API url %}",
"username": "{% user name %}",
"password": "{% user password %}",
"vaultPath": "{% folder path to store the crypto materials %}",
"apiVersion": "v1"
}
```

The wallet requires a KV secrets engine path. You may create a new secrets engine dedicated to the console wallet. The configured user should be enabled with a username and password authentication method. The user should have a proper access policy to work with the configured secrets engine. You may configure the vault path variable to a convenient name. This path points to the root path under the configured secrets engine where your cryptographic materials will be stored and accessed by the wallet.

The properly configured JSON file should be accessible to the console at the following path:
```
/server/conf/vault/vault-config.json
```

You may consult the official HashiCorp Vault documentation for detailed instructions on how to create and configure a HashiCorp Vault secrets engine, user, and respective authentication method and access policy.


# Developing Fabric Operations Console
This repository is managed using [Lerna](https://github.com/lerna/lerna).

6 changes: 3 additions & 3 deletions docker/build_image.sh
Original file line number Diff line number Diff line change
@@ -15,8 +15,8 @@ docker build \
--build-arg CONSOLE_TAG=${GIT_TAG} \
--pull -f ${SRC_DIR}/console/Dockerfile ${SRC_DIR}/../packages/.

docker tag ${IMAGE_BUILD_NAME} ghcr.io/hyperledger-labs/fabric-console:latest
docker tag ${IMAGE_BUILD_NAME} ghcr.io/senofi/fabric-console:latest
if [[ -n $GIT_TAG ]]; then
echo "Creating tagged image $GIT_TAG:"
docker tag ${IMAGE_BUILD_NAME} ghcr.io/hyperledger-labs/fabric-console:${GIT_TAG}
echo "Creating tagged image $GIT_TAG:"
docker tag ${IMAGE_BUILD_NAME} ghcr.io/senofi/fabric-console:${GIT_TAG}
fi
2 changes: 1 addition & 1 deletion docker/docker-compose-console.yaml
Original file line number Diff line number Diff line change
@@ -7,7 +7,7 @@ networks:
services:
fabric-console:
container_name: fabric-console
image: ghcr.io/hyperledger-labs/fabric-console:latest
image: ghcr.io/senofi/fabric-console:latest
ports:
- "3000:3000"
volumes:
6 changes: 3 additions & 3 deletions docker/publish_image.sh
Original file line number Diff line number Diff line change
@@ -8,10 +8,10 @@ echo "Found tag $GIT_TAG"
# Push the images
echo "Pushing 'latest' image:"
echo ${GITHUB_TOKEN} | docker login ghcr.io -u $GITHUB_ACTOR --password-stdin
docker push ghcr.io/hyperledger-labs/fabric-console:latest
docker push ghcr.io/senofi/fabric-console:latest

# -n means if GIT_TAG's length is greater than 0
if [[ -n $GIT_TAG ]]; then
echo "Pushing tagged image $GIT_TAG:"
docker push ghcr.io/hyperledger-labs/fabric-console:${GIT_TAG}
echo "Pushing tagged image $GIT_TAG:"
docker push ghcr.io/senofi/fabric-console:${GIT_TAG}
fi
2 changes: 1 addition & 1 deletion docs/_config.yml
Original file line number Diff line number Diff line change
@@ -2,7 +2,7 @@ remote_theme: pmarsceill/just-the-docs
title: Fabric Operations Console
aux_links:
"Fabric Operations Console":
- "//github.com/hyperledger-labs/fabric-operations-console"
- "//github.com/senofi/fabric-operations-console"

# Back to top link
back_to_top: true
12 changes: 6 additions & 6 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading