Agenda
- Demo of Cactus integration with Vault Transit Engine - Pritam Singh
Recording
Pritam's Demo:
Sep_14_Peer_Programming_vault_identity.mp4
What this demo shows:
- Create a manager role in Vault, get a password for the manager
- Use the manager's password to get a token
- Login with the manager's token
- Create a role of client1, get a password for client1
- Use client1's password to get a token
- Enroll and then register client1 with "adminpw"
- Register and enroll client2 with secret key
- Post transactions in Fabric to query and record emissions
- Store Ethereum public and private key in Vault
- Tokenize Fabric records on Ethereum (hardhat) using public and private keys stored in Vault
How Vault can externally be used to manage client's identities.
- This will allow orgs to opt for authentication of their own choice, which isn't possible in demo 1
- Will also allow support for both Vault-X.509 and Ws-X.509 identity support for the application.
Steps:
Command for starting a vault server (for development) : `docker run --rm --name vault -d --cap-add=IPC_LOCK -p 8200:8200 -e 'VAULT_DEV_ROOT_TOKEN_ID=tokenId' -e 'VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200' vault:1.8.1`
Files :
client-tmpl.hcl :
```
# For creating key
path "transit/keys/{{identity.entity.name}}"{
capabilities = [ "create", "update", "read", "delete", "list" ]
}
# For signing
path "transit/sign/{{identity.entity.name}}"{
capabilities = [ "update" ]
}
# For key Rotate
path "transit/keys/{{identity.entity.name}}/rotate"{
capabilities = [ "update" ]
}
# For changing password
path "auth/userpass/users/{{identity.entity.name}}/password"{
capabilities = [ "update" ]
}
# For UI
path "transit/keys/*"{
capabilities = [ "list" ]
}
```
manager.hcl :
```
# For changing password
path "auth/userpass/users/{{identity.entity.name}}/password"{
capabilities = [ "update" ]
}
# for creating user pass auth for client
path "auth/userpass/users/*"{
capabilities = [ "create","list" ]
}
# for creating entity for client
path "identity/entity"{
capabilities = [ "update","list" ]
}
# for creating entity alias for client
path "identity/entity-alias"{
capabilities = [ "update","list" ]
}
# for UI
path "*" {
capabilities = [ "list","read" ]
}
```
|
Hyperledger is committed to creating a safe and welcoming community for all. For more information please visit the Hyperledger Code of Conduct. |
|---|
Time:
- Monday, August 13, 2021 at 09 AM Pacific
- Add Climate Action and Accounting SIG calls to your calendar
Dial-In Information: [ZOOM]
You can join either from your computer or from your phone:
- From computer: https://zoom.us/j/6223336701?pwd=dkJKdHRlc3dNZEdKR1JYdW40R2pDUT09
- From phone: +1(855)880-1246 (toll free US number) or view International numbers
Meeting ID: 622 333 6701