You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently Vaults can only be pulled by Nodes that have been shared it. This is encapsulated in the polykey vaults pull command that exists within PK-CLI. This pull dataflow means that responsibility to synchronize secrets is always left up to the consumer of a shared vault.
Bootstrapping
The vaults push flow will require a bootstrapping stage to configure the initial registration. The initial vault cloning process should signify to the node that houses the vault that another node will actively seek for changes to the vault. Hence, register it as a node to push to when polykey vaults push is called. The registration list should be shared with all nodes that are registered to that vault, allowing them to push if they are given the correct permissions
Vault Pushing
polykey vaults push will look for all registered nodes for the given vault, and push the changes to those nodes. Nodes that are shared that vault with permissions to push, should also be able to run polykey vaults push, given that they have derived the registration list from the node that the vault originated from.
Additional context
Tasks
Implement state to store registered nodes to given shared vaults.
Add logic to clone vault handler to register it as a push target.
Implement polykey vaults push in PK-CLI
The text was updated successfully, but these errors were encountered:
Specification
Where We're At
Currently Vaults can only be pulled by Nodes that have been shared it. This is encapsulated in the
polykey vaults pull
command that exists within PK-CLI. This pull dataflow means that responsibility to synchronize secrets is always left up to the consumer of a shared vault.Bootstrapping
The vaults push flow will require a bootstrapping stage to configure the initial registration. The initial vault cloning process should signify to the node that houses the vault that another node will actively seek for changes to the vault. Hence, register it as a node to push to when
polykey vaults push
is called. The registration list should be shared with all nodes that are registered to that vault, allowing them to push if they are given the correct permissionsVault Pushing
polykey vaults push
will look for all registered nodes for the given vault, and push the changes to those nodes. Nodes that are shared that vault with permissions to push, should also be able to runpolykey vaults push
, given that they have derived the registration list from the node that the vault originated from.Additional context
Tasks
polykey vaults push
in PK-CLIThe text was updated successfully, but these errors were encountered: