Find a file

Harald Hoyer c3902ff0f1 docs: add development guidelines in CLAUDE.md - Introduce coding standards, testing commands, and tool usage. - Outline architecture notes, style, and logging conventions. - Provide guidance on modular design and authentication protocols.		2025-03-20 15:10:10 +01:00
src	feat: integrate tracing for structured logging	2025-03-20 15:04:52 +01:00
.gitignore	Implement JSON credential storage	2025-03-20 13:16:39 +01:00
Cargo.toml	feat: integrate tracing for structured logging	2025-03-20 15:04:52 +01:00
CLAUDE.md	docs: add development guidelines in CLAUDE.md	2025-03-20 15:10:10 +01:00
docker-compose.yml	Initial commit: Vault Hierarchical Initializer	2025-03-20 12:49:44 +01:00
Dockerfile	Initial commit: Vault Hierarchical Initializer	2025-03-20 12:49:44 +01:00
flake.lock	Initial commit: Vault Hierarchical Initializer	2025-03-20 12:49:44 +01:00
flake.nix	Initial commit: Vault Hierarchical Initializer	2025-03-20 12:49:44 +01:00
README.md	feat: add hierarchical document signing with Vault API	2025-03-20 14:39:22 +01:00
test_docker.sh	Update test script to use jq and readarray	2025-03-20 13:56:33 +01:00
test_local.sh	Improve test script portability	2025-03-20 13:19:17 +01:00

README.md

Hierarchical Document Signing with HashiCorp Vault

This project implements a hierarchical document signing system using HashiCorp Vault. It allows for secure document signing with a requirement of a specific number of signatures from different departmental groups.

Features

Hierarchical Signing: Requires 3 of 5 signatures to validate a document, with at least 1 signature from each department
Department Structure: Two departments (Legal and Finance) with 5 users each
Document API: Upload, sign, and verify documents through a RESTful API
Vault Integration: Leverages HashiCorp Vault's Transit engine for cryptographic operations

System Architecture

The system consists of:

Vault Server: Provides secure storage and cryptographic operations
Rust Application: Initializes Vault and provides a REST API for document operations
User Hierarchy: 10 users organized into 2 departments
Signature Requirements: 3 of 5 signatures needed, with at least 1 from each department

API Endpoints

POST /api/login: Authenticate with username/password and get a token
POST /api/documents: Upload a new document for signing
GET /api/documents/:id: Retrieve document metadata
POST /api/documents/:id/sign: Sign a document with your user credentials
GET /api/documents/:id/verify: Check if a document has sufficient signatures

Getting Started

Prerequisites

Docker and Docker Compose
Rust development environment (if building from source)

Running with Docker

Start the Vault server and initialization program:
```
docker-compose up -d
```
The service will automatically:
- Initialize Vault (if needed)
- Unseal Vault
- Create 10 users in a hierarchical structure
- Start the API server on port 3000
User credentials:
- Legal department: legal1/legal1pass through legal5/legal5pass
- Finance department: finance1/finance1pass through finance5/finance5pass

API Usage Examples

Login:

curl -X POST http://localhost:3000/api/login \
  -H "Content-Type: application/json" \
  -d '{"username":"legal1","password":"legal1pass"}'

Upload Document:

curl -X POST http://localhost:3000/api/documents \
  -F "name=Contract" \
  -F "file=@/path/to/document.pdf"

Sign Document:

curl -X POST http://localhost:3000/api/documents/DOCUMENT_ID/sign \
  -H "Content-Type: application/json" \
  -d '{"username":"legal1","token":"USER_TOKEN"}'

Verify Document:

curl -X GET http://localhost:3000/api/documents/DOCUMENT_ID/verify

Security Considerations

All cryptographic operations are performed by Vault's Transit engine
Each user has their own signing key
Root token should be secured in production environments
Consider adding TLS for production deployments

License

MIT