nathan/smt
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases 2 Wiki Activity

readme update
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Nathan Coad
2023-12-28 15:48:21 +11:00
parent 6baa0fe103
commit fb2dce5414
2 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -6,9 +6,9 @@ Build Hash: `{SHA1VER}`
## Overview
Provide REST API for CRUD to store and retrieve secrets. Only password is encrypted, via AES256 GCM. Values stored encrypted within a sqlite database.
Provide REST API for CRUD to store and retrieve secrets with associated username, device name and optionally device class. Secret is stored in sqlite database once encrypted using an AES256 block cipher wrapped in Galois Counter Mode with the standard nonce length.
A successful authentication returns a JWT token which must be provided for all other operations.
All secret operations (Create, Read, Update or Delete) require successful authentication. A JWT token is returned upon login, which must be provided for all other operations.
Multiple user roles are supported, with each user only able to access secrets matching their user role. One exception is the built in administrator role that is able to access all secrets.
@@ -97,7 +97,7 @@ Data
"password": ""
}
```
This API call will return a JWT token that must be present for any other API calls to succeed. The validity duration of this token is based on the configured TOKEN_HOUR_LIFESPAN value. JWT token is returned as value of `access_token`.
This API call will return a JWT token that must be present for any other API calls to succeed. The validity duration of this token is based on the configured TOKEN_HOUR_LIFESPAN value. JWT token is returned as value of `access_token`, and must be supplied via a HTTP header in the form `"Authorization: Bearer <JWT_TOKEN>"` for all subsequent API calls.
#### List Roles
GET `/api/admin/roles`

6
index.htm
View File

@@ -6,9 +6,9 @@
<h2>Overview</h2>
<p>Provide REST API for CRUD to store and retrieve secrets. Only password is encrypted, via AES256 GCM. Values stored encrypted within a sqlite database.</p>
<p>Provide REST API for CRUD to store and retrieve secrets with associated username, device name and optionally device class. Secret is stored in sqlite database once encrypted using an AES256 block cipher wrapped in Galois Counter Mode with the standard nonce length.</p>
<p>A successful authentication returns a JWT token which must be provided for all other operations.</p>
<p>All secret operations (Create, Read, Update or Delete) require successful authentication. A JWT token is returned upon login, which must be provided for all other operations.</p>
<p>Multiple user roles are supported, with each user only able to access secrets matching their user role. One exception is the built in administrator role that is able to access all secrets.</p>
@@ -168,7 +168,7 @@ WantedBy=multi-user.target
}
</code></pre>
<p>This API call will return a JWT token that must be present for any other API calls to succeed. The validity duration of this token is based on the configured TOKEN_HOUR_LIFESPAN value. JWT token is returned as value of <code>access_token</code>.</p>
<p>This API call will return a JWT token that must be present for any other API calls to succeed. The validity duration of this token is based on the configured TOKEN_HOUR_LIFESPAN value. JWT token is returned as value of <code>access_token</code>, and must be supplied via a HTTP header in the form <code>&quot;Authorization: Bearer &lt;JWT_TOKEN&gt;&quot;</code> for all subsequent API calls.</p>
<h4>List Roles</h4>