diff --git a/README.md b/README.md index eac6eee..6e98990 100644 --- a/README.md +++ b/README.md @@ -16,16 +16,61 @@ Once the device is approved, the new client must prove it actually possesses the This strict protocol guarantees that even if the network transport is entirely compromised, the payload remains mathematically inaccessible to anyone except the exact client device that generated the initial request. +## Installation + +To compile and install the server directly from the source code, you will need the Rust toolchain installed on your system. + +Execute the following command in your terminal to build the release binary: + +```bash +cargo build --release +``` + +The compiled executable will be located in the target release directory. You can copy this binary to any location in your execution path. + +Alternatively, you can utilize the included Docker configuration to build a container image without needing the Rust compiler installed locally: + +```bash +docker build -t bootstrap_auth_server:latest . +``` + ## Deployment and Configuration The server requires minimal setup. It compiles to a single binary and utilizes SQLite for its persistent storage, eliminating the need for complex database infrastructure. The application is configured using standard environment variables: -* `SERVER_MASTER_KEY` : A highly secure string used to derive the AES encryption key. This is required for encrypting and decrypting the database secrets. +* `SERVER_MASTER_KEY` : A highly secure string used to derive the AES encryption key. This is required for encrypting and decrypting the database secrets. +> [!NOTE] +> You can easily generate a cryptographically secure string directly in your terminal using the following utility: +> ```bash +> openssl rand -base64 32 +> ``` * `DATABASE_URL` : The connection string for the SQLite database. Defaults to a local file named data.db. * SERVER_PORT : The network port the Axum server will listen on. Defaults to 3000. +## Usage + +Before starting the application, you must define the required environment variables. Create a file named secrets.json in the same directory where you plan to execute the server if you wish to provision initial data. + +Start the server by passing the master key as an environment variable: + +```bash +SERVER_MASTER_KEY="your_highly_secure_random_string_here" cargo run --release +``` + +If you are using Docker, you can start the container in detached mode and map the necessary ports and volumes: + +```bash +docker run -d \ + -p 3000:3000 \ + -e SERVER_MASTER_KEY="your_highly_secure_random_string_here" \ + -v /absolute/path/to/data:/app/data \ + bootstrap_auth_server:latest +``` + +Once the server is running, you can monitor the logs to verify that the database migrations have completed successfully and that the server is actively listening for incoming authentication requests on the specified port. + ## Initial Secrets Provisioning When the server starts, it automatically looks for a file named secrets.json in the current working directory. If this file is found, the server parses the key and value pairs, encrypts the values securely using the master key, and stores them persistently in the database.