From af7af9940d26aee3a202488e86bcfb2b24d4aa38 Mon Sep 17 00:00:00 2001 From: Dwayne Bradley Date: Mon, 11 Mar 2024 20:19:08 -0400 Subject: [PATCH 1/2] Remove subscription overlap between database and application keys topics --- server/nats.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/nats.go b/server/nats.go index 6314945..73fe4cc 100644 --- a/server/nats.go +++ b/server/nats.go @@ -70,7 +70,7 @@ func (n *NatsBackend) SetupMicro() error { return err } - databaseGroup := srv.AddGroup("piggybank.database") + databaseGroup := srv.AddGroup("piggybankdb") if err := databaseGroup.AddEndpoint("lock", micro.HandlerFunc(n.LockRequest)); err != nil { return err } From e16d56e70c4391098bf91fa3c074b52d5a317936 Mon Sep 17 00:00:00 2001 From: Dwayne Bradley Date: Mon, 11 Mar 2024 20:24:35 -0400 Subject: [PATCH 2/2] Update README with database changes --- README.md | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 2a9cdee..084430a 100644 --- a/README.md +++ b/README.md @@ -4,15 +4,19 @@ Piggy Bank is a secrets storage tool for applications that works with NATS. Secr A decryption key is returned from the initialization phase. If this key is lost, all of the data is unrecoverable. +## Add KV bucket + +Be sure to add the KV bucket to NATS: `nats kv add piggybank` + ## Example Usage 1. Start piggybank `piggybank start` -2. Initialize the database `nats req piggybank.database.initialize ""` -3. Unlock the database with key sent from step 1 `nats req piggybank.database.unlock '{"database_key": "foobar"}'` +2. Initialize the database `nats req piggybankdb.initialize ""` +3. Unlock the database with key sent from step 1 `nats req piggybankdb.unlock '{"database_key": "foobar"}'` 4. Add a secret for an application `nats req -H method:post piggybank.myapplication.registrySecret "somesecrettext"` -5. Retrieve a secret `nats req -H method:get piggybank.myapplication.registrySecret` -6. Lock the database `nats req piggybank.database.lock ""` -7. Try to retrieve the secret again `nats req -H method:get piggybank.myapplication.registrySecret` +5. Retrieve a secret `nats req -H method:get piggybank.myapplication.registrySecret ""` +6. Lock the database `nats req piggybankdb.lock ""` +7. Try to retrieve the secret again `nats req -H method:get piggybank.myapplication.registrySecret ""` ## Permissions Permissions are defined as normal NATS subject permissions. If you have access to a subject, then you can retrieve the secrets. This means the permissions can be as granular as desired. @@ -20,4 +24,4 @@ Permissions are defined as normal NATS subject permissions. If you have access t ## Config Piggy Bank requires a config file. It uses Cue to read the configs, but the configs can also be in json or yaml format. -The Cue schema is in `cmd/schema.cue`. \ No newline at end of file +The Cue schema is in `cmd/schema.cue`.