jesus/secretumvault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
secretumvault/examples/demo-server.nu

193 lines
9.5 KiB
Plaintext
Raw Normal View History

chore: upgrade README and add CHANGELOG with production PQC status - Add badges, competitive comparison, and 30-sec demo to README - Add Production Status section showing OQS backend is production-ready - Mark PQC KEM/signing operations complete in roadmap - Fix GitHub URL - Create CHANGELOG.md documenting all recent changes Positions SecretumVault as first Rust vault with production PQC.
2026-01-21 10:45:44 +00:00
#!/usr/bin/env nu
# SecretumVault Server HTTP API Demo
const VAULT_URL = "http://localhost:8200"
const VAULT_TOKEN = "mytoken"
print ""
print "════════════════════════════════════════════════════════════════════════════════"
print "🔐 SecretumVault Server HTTP API Demo"
print "════════════════════════════════════════════════════════════════════════════════"
print ""
# Test 1: Health Check
print "════════════════════════════════════════════════════════════════════════════════"
print "Test 1: Health Check"
print "════════════════════════════════════════════════════════════════════════════════"
print ""
print "Endpoint: GET /v1/sys/health"
print ""
let health = (curl -s -H $"X-Vault-Token: ($VAULT_TOKEN)" $"($VAULT_URL)/v1/sys/health" | from json)
print "Response:"
print $" Status: (($health | get status))"
print $" Sealed: (($health.data | get sealed))"
print $" Initialized: (($health.data | get initialized))"
print ""
# Test 2: Generate PQC Key
print "════════════════════════════════════════════════════════════════════════════════"
print "Test 2: Generate ML-KEM-768 Key \(POST\)"
print "════════════════════════════════════════════════════════════════════════════════"
print ""
let key_id = "api-demo-" + (date now | format date "%s")
print $"Endpoint: POST /v1/transit/pqc-keys/($key_id)/generate"
print ""
let gen_pqc = (curl -s -X POST -H $"X-Vault-Token: ($VAULT_TOKEN)" -H "Content-Type: application/json" -d "{}" $"($VAULT_URL)/v1/transit/pqc-keys/($key_id)/generate" | from json)
print "Response:"
print $" Status: (($gen_pqc | get status))"
if (($gen_pqc | get status) == "success") {
print "✅ Key generated successfully"
}
print ""
# Test 3: Retrieve Key Metadata
print "════════════════════════════════════════════════════════════════════════════════"
print "Test 3: Retrieve Key Metadata \(GET\)"
print "════════════════════════════════════════════════════════════════════════════════"
print ""
print $"Endpoint: GET /v1/transit/keys/($key_id)"
print ""
let key_data = (curl -s -H $"X-Vault-Token: ($VAULT_TOKEN)" $"($VAULT_URL)/v1/transit/keys/($key_id)" | from json)
if (($key_data | get status) == "success") {
let data = ($key_data | get data)
print "Response:"
print $" Status: (($key_data | get status))"
print $" Name: (($data | get name))"
print $" Algorithm: (($data | get algorithm))"
print $" Current Version: (($data | get current_version))"
print $" Created: (($data | get created_at))"
if (($data | get -o public_key) != null) {
let size = (($data | get public_key) | decode base64 | bytes length)
print $" Public Key Size: ($size) bytes"
print "✅ Public key available in API response"
}
} else {
print $"Error: (($key_data | get error))"
}
print ""
# Test 4: System Status
print "════════════════════════════════════════════════════════════════════════════════"
print "Test 4: System Status \(GET\)"
print "════════════════════════════════════════════════════════════════════════════════"
print ""
print "Endpoint: GET /v1/sys/status"
print ""
let status = (curl -s -H $"X-Vault-Token: ($VAULT_TOKEN)" $"($VAULT_URL)/v1/sys/status" | from json)
if (($status | get status) == "success") {
let data = ($status | get data)
print "Response:"
print $" Status: (($status | get status))"
print $" Sealed: (($data | get sealed))"
print $" Initialized: (($data | get initialized))"
print $" Engines: ((($data | get engines) | length))"
print ""
print "Mounted engines:"
($data | get engines) | each { |e| print $" - ($e)" }
}
print ""
# Test 5: List Mounts
print "════════════════════════════════════════════════════════════════════════════════"
print "Test 5: List Mounted Engines \(GET\)"
print "════════════════════════════════════════════════════════════════════════════════"
print ""
print "Endpoint: GET /v1/sys/mounts"
print ""
let mounts = (curl -s -H $"X-Vault-Token: ($VAULT_TOKEN)" $"($VAULT_URL)/v1/sys/mounts" | from json)
if (($mounts | get status) == "success") {
let data = ($mounts | get data)
print "Response:"
print $" Status: (($mounts | get status))"
print ""
print "Mounted engines:"
# Print mount information
$data | to json | print
}
print ""
# Test 6: Generate Data Key
print "════════════════════════════════════════════════════════════════════════════════"
print "Test 6: Generate Data Key \(POST\)"
print "════════════════════════════════════════════════════════════════════════════════"
print ""
print "Endpoint: POST /v1/transit/datakeys/plaintext/generate-key"
print ""
let payload = ({bits: 256} | to json)
let datakey = (curl -s -X POST -H $"X-Vault-Token: ($VAULT_TOKEN)" -H "Content-Type: application/json" -d $payload $"($VAULT_URL)/v1/transit/datakeys/plaintext/generate-key" | from json)
if (($datakey | get status) == "success") {
let data = ($datakey | get data)
print "Response:"
print $" Status: (($datakey | get status))"
if (($data | get -o algorithm) != null) {
print $" Algorithm: (($data | get algorithm))"
}
print " Plaintext: Generated successfully"
print " Ciphertext: Generated successfully"
print "✅ Data key generation complete"
} else {
print $"Error: (($datakey | get error))"
}
print ""
# Summary
print "════════════════════════════════════════════════════════════════════════════════"
print "📋 API Endpoints Reference"
print "════════════════════════════════════════════════════════════════════════════════"
print ""
print "System Endpoints:"
print " • GET /v1/sys/health Health check"
print " • GET /v1/sys/status Vault status"
print " • GET /v1/sys/mounts List mounted engines"
print " • POST /v1/sys/seal Seal vault"
print " • POST /v1/sys/unseal Unseal vault"
print ""
print "Transit Engine - Keys:"
print " • GET /v1/transit/keys/\{name\} Get key metadata"
print " • POST /v1/transit/pqc-keys/\{name\}/generate Generate PQC key"
print ""
print "Transit Engine - Operations:"
print " • POST /v1/transit/encrypt/\{key\} Encrypt data"
print " • POST /v1/transit/decrypt/\{key\} Decrypt data"
print " • POST /v1/transit/datakeys/plaintext/... Generate derived key"
print ""
print "Authentication:"
print " • Header: X-Vault-Token: mytoken"
print ""
print "Configuration:"
print " • URL: http://localhost:8200"
print " • Token: mytoken"
print ""
print "════════════════════════════════════════════════════════════════════════════════"
print "✅ Server HTTP API Demo Complete"
print "════════════════════════════════════════════════════════════════════════════════"
print ""
Reference in New Issue Copy Permalink