380 lines
18 KiB
HTML
380 lines
18 KiB
HTML
<!DOCTYPE HTML>
|
|
<html lang="en" class="light sidebar-visible" dir="ltr">
|
|
<head>
|
|
<!-- Book generated using mdBook -->
|
|
<meta charset="UTF-8">
|
|
<title>SecretumVault Integration - VAPORA Platform Documentation</title>
|
|
|
|
|
|
<!-- Custom HTML head -->
|
|
|
|
<meta name="description" content="Comprehensive documentation for VAPORA, an intelligent development orchestration platform built entirely in Rust.">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
|
<meta name="theme-color" content="#ffffff">
|
|
|
|
<link rel="icon" href="../favicon.svg">
|
|
<link rel="shortcut icon" href="../favicon.png">
|
|
<link rel="stylesheet" href="../css/variables.css">
|
|
<link rel="stylesheet" href="../css/general.css">
|
|
<link rel="stylesheet" href="../css/chrome.css">
|
|
<link rel="stylesheet" href="../css/print.css" media="print">
|
|
|
|
<!-- Fonts -->
|
|
<link rel="stylesheet" href="../FontAwesome/css/font-awesome.css">
|
|
<link rel="stylesheet" href="../fonts/fonts.css">
|
|
|
|
<!-- Highlight.js Stylesheets -->
|
|
<link rel="stylesheet" id="highlight-css" href="../highlight.css">
|
|
<link rel="stylesheet" id="tomorrow-night-css" href="../tomorrow-night.css">
|
|
<link rel="stylesheet" id="ayu-highlight-css" href="../ayu-highlight.css">
|
|
|
|
<!-- Custom theme stylesheets -->
|
|
|
|
|
|
<!-- Provide site root and default themes to javascript -->
|
|
<script>
|
|
const path_to_root = "../";
|
|
const default_light_theme = "light";
|
|
const default_dark_theme = "dark";
|
|
</script>
|
|
<!-- Start loading toc.js asap -->
|
|
<script src="../toc.js"></script>
|
|
</head>
|
|
<body>
|
|
<div id="mdbook-help-container">
|
|
<div id="mdbook-help-popup">
|
|
<h2 class="mdbook-help-title">Keyboard shortcuts</h2>
|
|
<div>
|
|
<p>Press <kbd>←</kbd> or <kbd>→</kbd> to navigate between chapters</p>
|
|
<p>Press <kbd>S</kbd> or <kbd>/</kbd> to search in the book</p>
|
|
<p>Press <kbd>?</kbd> to show this help</p>
|
|
<p>Press <kbd>Esc</kbd> to hide this help</p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div id="body-container">
|
|
<!-- Work around some values being stored in localStorage wrapped in quotes -->
|
|
<script>
|
|
try {
|
|
let theme = localStorage.getItem('mdbook-theme');
|
|
let sidebar = localStorage.getItem('mdbook-sidebar');
|
|
|
|
if (theme.startsWith('"') && theme.endsWith('"')) {
|
|
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
|
|
}
|
|
|
|
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
|
|
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
|
|
}
|
|
} catch (e) { }
|
|
</script>
|
|
|
|
<!-- Set the theme before any content is loaded, prevents flash -->
|
|
<script>
|
|
const default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? default_dark_theme : default_light_theme;
|
|
let theme;
|
|
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
|
|
if (theme === null || theme === undefined) { theme = default_theme; }
|
|
const html = document.documentElement;
|
|
html.classList.remove('light')
|
|
html.classList.add(theme);
|
|
html.classList.add("js");
|
|
</script>
|
|
|
|
<input type="checkbox" id="sidebar-toggle-anchor" class="hidden">
|
|
|
|
<!-- Hide / unhide sidebar before it is displayed -->
|
|
<script>
|
|
let sidebar = null;
|
|
const sidebar_toggle = document.getElementById("sidebar-toggle-anchor");
|
|
if (document.body.clientWidth >= 1080) {
|
|
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
|
|
sidebar = sidebar || 'visible';
|
|
} else {
|
|
sidebar = 'hidden';
|
|
}
|
|
sidebar_toggle.checked = sidebar === 'visible';
|
|
html.classList.remove('sidebar-visible');
|
|
html.classList.add("sidebar-" + sidebar);
|
|
</script>
|
|
|
|
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
|
|
<!-- populated by js -->
|
|
<mdbook-sidebar-scrollbox class="sidebar-scrollbox"></mdbook-sidebar-scrollbox>
|
|
<noscript>
|
|
<iframe class="sidebar-iframe-outer" src="../toc.html"></iframe>
|
|
</noscript>
|
|
<div id="sidebar-resize-handle" class="sidebar-resize-handle">
|
|
<div class="sidebar-resize-indicator"></div>
|
|
</div>
|
|
</nav>
|
|
|
|
<div id="page-wrapper" class="page-wrapper">
|
|
|
|
<div class="page">
|
|
<div id="menu-bar-hover-placeholder"></div>
|
|
<div id="menu-bar" class="menu-bar sticky">
|
|
<div class="left-buttons">
|
|
<label id="sidebar-toggle" class="icon-button" for="sidebar-toggle-anchor" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
|
|
<i class="fa fa-bars"></i>
|
|
</label>
|
|
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
|
|
<i class="fa fa-paint-brush"></i>
|
|
</button>
|
|
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
|
|
<li role="none"><button role="menuitem" class="theme" id="default_theme">Auto</button></li>
|
|
<li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
|
|
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
|
|
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
|
|
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
|
|
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
|
|
</ul>
|
|
<button id="search-toggle" class="icon-button" type="button" title="Search (`/`)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="/ s" aria-controls="searchbar">
|
|
<i class="fa fa-search"></i>
|
|
</button>
|
|
</div>
|
|
|
|
<h1 class="menu-title">VAPORA Platform Documentation</h1>
|
|
|
|
<div class="right-buttons">
|
|
<a href="../print.html" title="Print this book" aria-label="Print this book">
|
|
<i id="print-button" class="fa fa-print"></i>
|
|
</a>
|
|
<a href="https://github.com/vapora-platform/vapora" title="Git repository" aria-label="Git repository">
|
|
<i id="git-repository-button" class="fa fa-github"></i>
|
|
</a>
|
|
<a href="https://github.com/vapora-platform/vapora/edit/main/docs/src/../setup/secretumvault-integration.md" title="Suggest an edit" aria-label="Suggest an edit">
|
|
<i id="git-edit-button" class="fa fa-edit"></i>
|
|
</a>
|
|
|
|
</div>
|
|
</div>
|
|
|
|
<div id="search-wrapper" class="hidden">
|
|
<form id="searchbar-outer" class="searchbar-outer">
|
|
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
|
|
</form>
|
|
<div id="searchresults-outer" class="searchresults-outer hidden">
|
|
<div id="searchresults-header" class="searchresults-header"></div>
|
|
<ul id="searchresults">
|
|
</ul>
|
|
</div>
|
|
</div>
|
|
|
|
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
|
|
<script>
|
|
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
|
|
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
|
|
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
|
|
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
|
|
});
|
|
</script>
|
|
|
|
<div id="content" class="content">
|
|
<main>
|
|
<h1 id="secretumvault-integration"><a class="header" href="#secretumvault-integration">SecretumVault Integration</a></h1>
|
|
<p>VAPORA integrates with <strong>SecretumVault</strong>, a post-quantum ready secrets management system, for secure credential and API key management across all microservices.</p>
|
|
<h2 id="overview"><a class="header" href="#overview">Overview</a></h2>
|
|
<p>SecretumVault provides:</p>
|
|
<ul>
|
|
<li><strong>Post-quantum cryptography</strong> ready for future-proof security</li>
|
|
<li><strong>Multi-backend storage</strong> (filesystem, SurrealDB, PostgreSQL, etcd)</li>
|
|
<li><strong>Fine-grained access control</strong> with Cedar policy engine</li>
|
|
<li><strong>Secrets server</strong> for centralized credential management</li>
|
|
<li><strong>CLI tools</strong> for operations and development</li>
|
|
</ul>
|
|
<h2 id="integration-points"><a class="header" href="#integration-points">Integration Points</a></h2>
|
|
<p>SecretumVault is integrated into these VAPORA services:</p>
|
|
<div class="table-wrapper"><table><thead><tr><th>Service</th><th>Purpose</th><th>Features</th></tr></thead><tbody>
|
|
<tr><td><strong>vapora-backend</strong></td><td>REST API credentials, database secrets, JWT keys</td><td>Central secrets management</td></tr>
|
|
<tr><td><strong>vapora-agents</strong></td><td>Agent authentication, service credentials</td><td>Secure agent-to-service auth</td></tr>
|
|
<tr><td><strong>vapora-llm-router</strong></td><td>LLM provider API keys (Claude, OpenAI, Gemini, Ollama)</td><td>Cost tracking + credential rotation</td></tr>
|
|
</tbody></table>
|
|
</div>
|
|
<h2 id="architecture"><a class="header" href="#architecture">Architecture</a></h2>
|
|
<pre><code>┌─────────────────────────────────────────────────────────────┐
|
|
│ VAPORA Services │
|
|
├─────────────┬──────────────────┬────────────────────────────┤
|
|
│ Backend API │ Agent Orchestration │ LLM Router │
|
|
└──────┬──────┴────────┬─────────┴──────────┬─────────────────┘
|
|
│ │ │
|
|
└───────────────┼────────────────────┘
|
|
│
|
|
▼
|
|
┌─────────────────────────────┐
|
|
│ SecretumVault Server │
|
|
├─────────────────────────────┤
|
|
│ • Credential storage │
|
|
│ • Policy enforcement │
|
|
│ • Audit logging │
|
|
│ • Key rotation │
|
|
└──────────┬──────────────────┘
|
|
│
|
|
┌───────────┴────────────┐
|
|
▼ ▼
|
|
Storage Layer Policy Engine
|
|
(SurrealDB) (Cedar)
|
|
</code></pre>
|
|
<h2 id="configuration"><a class="header" href="#configuration">Configuration</a></h2>
|
|
<h3 id="environment-variables"><a class="header" href="#environment-variables">Environment Variables</a></h3>
|
|
<pre><code class="language-bash"># SecretumVault server connection
|
|
SECRETUMVAULT_URL=http://secretumvault:3030
|
|
SECRETUMVAULT_TOKEN=<identity-token>
|
|
|
|
# Storage backend
|
|
SECRETUMVAULT_STORAGE=surrealdb
|
|
SURREAL_URL=ws://surrealdb:8000
|
|
SURREAL_DB=secretumvault
|
|
|
|
# Crypto backend
|
|
SECRETUMVAULT_CRYPTO=openssl # or aws-lc for post-quantum
|
|
</code></pre>
|
|
<h3 id="cargo-features"><a class="header" href="#cargo-features">Cargo Features</a></h3>
|
|
<p>SecretumVault is integrated with these features enabled:</p>
|
|
<pre><code class="language-toml">secretumvault = { workspace = true }
|
|
# Automatically uses: "server", "surrealdb-storage"
|
|
</code></pre>
|
|
<h2 id="usage-examples"><a class="header" href="#usage-examples">Usage Examples</a></h2>
|
|
<h3 id="in-vapora-backend"><a class="header" href="#in-vapora-backend">In vapora-backend</a></h3>
|
|
<pre><pre class="playground"><code class="language-rust"><span class="boring">#![allow(unused)]
|
|
</span><span class="boring">fn main() {
|
|
</span>use secretumvault::SecretClient;
|
|
|
|
// Initialize client
|
|
let client = SecretClient::new(
|
|
&env::var("SECRETUMVAULT_URL")?,
|
|
&env::var("SECRETUMVAULT_TOKEN")?,
|
|
).await?;
|
|
|
|
// Retrieve API key
|
|
let api_key = client.get_secret("llm/claude-api-key").await?;
|
|
|
|
// Store credential securely
|
|
client.store_secret(
|
|
"database/postgres-password",
|
|
&password,
|
|
Some("postgres-creds"),
|
|
).await?;
|
|
<span class="boring">}</span></code></pre></pre>
|
|
<h3 id="in-vapora-llm-router"><a class="header" href="#in-vapora-llm-router">In vapora-llm-router</a></h3>
|
|
<pre><pre class="playground"><code class="language-rust"><span class="boring">#![allow(unused)]
|
|
</span><span class="boring">fn main() {
|
|
</span>use secretumvault::SecretClient;
|
|
|
|
// Get LLM provider credentials
|
|
let openai_key = client.get_secret("llm/openai-api-key").await?;
|
|
let claude_key = client.get_secret("llm/claude-api-key").await?;
|
|
let gemini_key = client.get_secret("llm/gemini-api-key").await?;
|
|
|
|
// Fallback to Ollama (local, no key needed)
|
|
<span class="boring">}</span></code></pre></pre>
|
|
<h2 id="running-secretumvault"><a class="header" href="#running-secretumvault">Running SecretumVault</a></h2>
|
|
<h3 id="local-development"><a class="header" href="#local-development">Local Development</a></h3>
|
|
<pre><code class="language-bash"># Terminal 1: Start SecretumVault server
|
|
cd /Users/Akasha/Development/secretumvault
|
|
cargo run --bin secretumvault-server --features server,surrealdb-storage
|
|
|
|
# Terminal 2: Initialize with default policies
|
|
cargo run --bin secretumvault-cli -- init-policies
|
|
</code></pre>
|
|
<h3 id="production-kubernetes"><a class="header" href="#production-kubernetes">Production (Kubernetes)</a></h3>
|
|
<pre><code class="language-bash"># Will be added to kubernetes/
|
|
kubectl apply -f kubernetes/secretumvault/
|
|
</code></pre>
|
|
<h2 id="security-best-practices"><a class="header" href="#security-best-practices">Security Best Practices</a></h2>
|
|
<ol>
|
|
<li>
|
|
<p><strong>Token Management</strong></p>
|
|
<ul>
|
|
<li>Use identity-based tokens (not basic auth)</li>
|
|
<li>Rotate tokens regularly</li>
|
|
<li>Store token in <code>.env.local</code> (not in git)</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p><strong>Secret Storage</strong></p>
|
|
<ul>
|
|
<li>Never commit credentials to git</li>
|
|
<li>Use SecretumVault for all sensitive data</li>
|
|
<li>Enable audit logging for compliance</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p><strong>Policy Enforcement</strong></p>
|
|
<ul>
|
|
<li>Define Cedar policies per role/service</li>
|
|
<li>Restrict access by principle of least privilege</li>
|
|
<li>Review policies during security audits</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p><strong>Crypto Backend</strong></p>
|
|
<ul>
|
|
<li>Use <code>aws-lc</code> for post-quantum readiness</li>
|
|
<li>Plan migration as quantum threats evolve</li>
|
|
</ul>
|
|
</li>
|
|
</ol>
|
|
<h2 id="related-documentation"><a class="header" href="#related-documentation">Related Documentation</a></h2>
|
|
<ul>
|
|
<li><a href="../../../../secretumvault/">SecretumVault Project</a></li>
|
|
<li><a href="vapora-architecture.html">VAPORA Architecture</a></li>
|
|
<li><a href="../architecture/roles-permissions-profiles.html">Security & RBAC</a></li>
|
|
</ul>
|
|
<hr />
|
|
<p><strong>Integration Status</strong>: ✅ Active
|
|
<strong>Services</strong>: Backend, Agents, LLM Router
|
|
<strong>Features</strong>: server, surrealdb-storage, cedar-policies</p>
|
|
|
|
</main>
|
|
|
|
<nav class="nav-wrapper" aria-label="Page navigation">
|
|
<!-- Mobile navigation buttons -->
|
|
<a rel="prev" href="../../setup/tracking-quickstart.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
|
|
<i class="fa fa-angle-left"></i>
|
|
</a>
|
|
|
|
<a rel="next prefetch" href="../../features/index.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
|
|
<i class="fa fa-angle-right"></i>
|
|
</a>
|
|
|
|
<div style="clear: both"></div>
|
|
</nav>
|
|
</div>
|
|
</div>
|
|
|
|
<nav class="nav-wide-wrapper" aria-label="Page navigation">
|
|
<a rel="prev" href="../../setup/tracking-quickstart.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
|
|
<i class="fa fa-angle-left"></i>
|
|
</a>
|
|
|
|
<a rel="next prefetch" href="../../features/index.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
|
|
<i class="fa fa-angle-right"></i>
|
|
</a>
|
|
</nav>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
|
<script>
|
|
window.playground_copyable = true;
|
|
</script>
|
|
|
|
|
|
<script src="../elasticlunr.min.js"></script>
|
|
<script src="../mark.min.js"></script>
|
|
<script src="../searcher.js"></script>
|
|
|
|
<script src="../clipboard.min.js"></script>
|
|
<script src="../highlight.js"></script>
|
|
<script src="../book.js"></script>
|
|
|
|
<!-- Custom JS scripts -->
|
|
|
|
|
|
</div>
|
|
</body>
|
|
</html>
|