/
run_ockam.sh
executable file
·36 lines (32 loc) · 1.44 KB
/
run_ockam.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#!/bin/bash
set -ex
# This script is used as an entrypoint to a docker container built using ../ockam.dockerfile.
# Run `ockam project enroll ...`
#
# The `project enroll` command creates a new vault and generates a cryptographic identity with
# private keys stored in that vault.
#
# The enrollment ticket includes routes and identifiers for the project membership authority
# and the project’s node that offers the relay service.
#
# The enrollment ticket also includes an enrollment token. The project enroll command
# creates a secure channel with the project membership authority and presents this enrollment token.
# The authority enrolls presented identity and returns a project membership credential.
#
# The command, stores this credential for later use and exits.
ockam project enroll /etc/ockam/enrollment/ticket
# Create an ockam node.
#
# Create an encrypted relay to this node in the project at address: mongodb.
# The relay makes this node reachable by other project members.
#
# Create an access control policy that only allows project members that possesses a credential with
# attribute mongodb-inlet="true" to connect to TCP Portal Outlets on this node.
#
# Create a TCP Portal Outlet to mongodb at - localhost:27017.
ockam node create
ockam relay create mongodb
ockam policy create --resource-type tcp-outlet --expression '(= subject.mongodb-inlet "true")'
ockam tcp-outlet create --to 127.0.0.1:27017
# Run the container forever.
tail -f /dev/null