Vaults Push Dataflow

[amydevs]

Specification

Where We're At

Currently Vaults can only be pulled by Nodes that have been shared it. This is encapsulated in the polykey vaults pull command that exists within PK-CLI. This pull dataflow means that responsibility to synchronize secrets is always left up to the consumer of a shared vault.

Bootstrapping

The vaults push flow will require a bootstrapping stage to configure the initial registration. The initial vault cloning process should signify to the node that houses the vault that another node will actively seek for changes to the vault. Hence, register it as a node to push to when polykey vaults push is called. The registration list should be shared with all nodes that are registered to that vault, allowing them to push if they are given the correct permissions

Vault Pushing

polykey vaults push will look for all registered nodes for the given vault, and push the changes to those nodes. Nodes that are shared that vault with permissions to push, should also be able to run polykey vaults push, given that they have derived the registration list from the node that the vault originated from.

Additional context

Tasks

1. Implement state to store registered nodes to given shared vaults.
2. Add logic to clone vault handler to register it as a push target.
3. Implement polykey vaults push in PK-CLI