- Introduced a new end-to-end test module in `nix/checks/e2e-test.nix`.
- Added a script to set up a local Vault server, run tests, and verify functionality.
- Integrated the tests into the Nix checks for better validation of `vault-hier`.
- Reformat argument list for better readability and consistency.
- Update indentation and braces to align with standard conventions.
No functional changes introduced.
- Extracted checks (clippy, doc, fmt, and toml-fmt) into modularized Nix files under `nix/checks`.
- Updated `flake.nix` to import checks from the new modularized structure.
- Improved clarity and maintainability by separating concerns for each check.
Fixed document signing permissions by using explicit usernames in transit/sign
policies instead of relying on {{identity.entity.name}} templates, which were
not properly resolving during authorization checks. This enables users to
successfully sign documents with their respective vault transit keys.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Added fixed API_PORT and API_URL variables for easier debugging.
- Introduced robust error handling functions and cleanup traps.
- Enhanced test flow with detailed logs and fallback logic for token creation.
- Increased server start wait time for reliability and added new document operations.
- Introduced CLI commands for server, login, upload, sign, verify, and more using `clap`.
- Updated Dockerfile and docker-compose to default to `server` command on startup.
- Enhanced `test_local.sh` for testing the server and client operations.
- Added multipart support to `reqwest` and new CLI documentation in `README.md`.
- Updated `Cargo.toml` with new dependencies to support CLI and multipart uploads.
- Replaced `tokio::net::TcpListener` with direct `SocketAddr` setup.
- Simplified server address configuration while maintaining functionality.
- Reduced unnecessary dependencies for cleaner API handling.
- Set `ui` to `false` in test_local.sh and docker-compose.yml.
- This change ensures the Vault UI is disabled for local tests.
- Helps streamline configurations for non-UI testing environments.
- Introduced `initialize_vault` function to handle Vault setup, including health checks, initialization, and unsealing.
- Moved Vault-related logic into dedicated modules (`vault_init` and `vault_setup`) for cleaner separation of concerns.
- Simplified `main.rs` by delegating Vault initialization to a modular function.
- Added `tracing` and `tracing-subscriber` for improved logging, replacing `println` statements with `info`, `debug`, `warn`, and `error`.
- Annotated key methods with `#[instrument]` for better tracing of function calls and arguments.
- Configured logging initialization in `main.rs` with `EnvFilter` to control log verbosity.
- Introduced a new hierarchical signing system using HashiCorp Vault.
- Added Rust modules for user management, secrets setup, and document API.
- Implemented API endpoints for login, document upload, signing, and verification.
- Updated README with features, usage, and API examples.
- Use jq for JSON credential extraction
- Use readarray with process substitution for elegant key parsing
- Assume modern Bash for readarray support (version 5+)
- Improve array handling for environment variables
- Streamline key extraction and application
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Replace #!/bin/bash with #!/usr/bin/env bash for better portability
- This helps ensure scripts run correctly on different systems where bash
might be located in different paths
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add JSON format for storing Vault credentials
- Update save_credentials function to support both formats
- Save both .json and .txt files for compatibility
- Update test_docker.sh to use jq for reliable JSON parsing
- Improve key extraction for unseal operations
- Update .gitignore to exclude JSON credentials
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Use better pattern matching to extract sealed status
- Add more verbose logging of seal status
- Make status checks more resilient to formatting differences
- Ensure test correctly interprets Vault status output
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Use direct Vault commands for unsealing
- Improve key extraction and handling
- Clarify test messages to match expected state
- Fix array handling and proper Bash syntax
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Replace Bash pattern matching with grep for more consistent testing
- Add more explicit comments about detecting sealed/unsealed status
- Improve overall reliability of the test script
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Update JSON parsing to handle Vault status response correctly
- Remove redundant status extraction with grep
- Use safer string matching approach with Bash pattern matching
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
This commit adds the full implementation of vault-hier, a Rust utility for:
- Initializing HashiCorp Vault in production mode (non-dev)
- Handling Vault seal/unseal operations with key thresholds
- Using Docker Compose for containerized operation
- Supporting persistent storage via Docker volumes
Key components:
- Rust application for Vault interaction
- Docker and Docker Compose configuration
- Test scripts for local development
- Nix flake for development dependencies
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Harald Hoyer