web/README.md at main · evan.jarrett.net/hsm-secrets-operator

A Kubernetes operator that bridges Hardware Security Module (HSM) data storage with Kubernetes Secrets, providing true secret portability th
fork
hsm-secrets-operator / web / README.md
at main 132 lines 4.2 kB view raw view rendered
wrap content
Evan Jarrett implement web api 8mo ago
b84bd90f
  1# HSM Secrets Manager Web UI
  2
  3A simple web interface for managing Hardware Security Module (HSM) secrets through the HSM Secrets Operator.
  4
  5## Features
  6
  7- **📋 List Secrets**: View all secrets stored in your HSM
  8- **➕ Create Secrets**: Add new secrets with JSON key-value pairs
  9- **🔍 View Details**: Examine secret contents and metadata
 10- **🗑️ Delete Secrets**: Remove secrets from both HSM and Kubernetes
 11- **📊 Health Monitoring**: Check API and HSM status
 12- **🔄 Auto-refresh**: Automatically updates every 30 seconds
 13
 14## Usage
 15
 16### Starting the Web UI
 17
 18The web UI is served by the HSM Secrets Operator manager on port 8090 by default:
 19
 201. **Using kubectl port-forward** (for local development):
 21   ```bash
 22   kubectl port-forward -n hsm-secrets-operator-system service/hsm-secrets-operator-manager-service 8090:8090
 23   ```
 24
 252. **Using ingress** (for production):
 26   Configure your ingress controller to route to the manager service on port 8090.
 27
 283. **Access the UI**:
 29   Open your browser to: `http://localhost:8090`
 30
 31### Creating Secrets
 32
 331. Click **"➕ Create New Secret"**
 342. Enter a **Secret Name** (this becomes the HSM path)
 353. Add **Key-Value Pairs**:
 36   - Click the **➕** button to add a new key-value pair
 37   - Enter the key name (e.g., `api_key`, `database_password`)
 38   - Enter the corresponding value
 39   - Use **➖** to remove pairs you don't need
 40   - Add as many pairs as needed for your secret
 414. Click **"Create Secret"**
 42
 43**Key Naming Rules:**
 44- Must start with a letter
 45- Can contain letters, numbers, and underscores only
 46- Examples: `api_key`, `db_password`, `webhook_secret`
 47
 48### Viewing Secrets
 49
 501. Click **"👁️ View"** next to any secret in the list
 512. See the full JSON structure and metadata
 523. Copy individual values as needed
 53
 54### Managing Secrets
 55
 56- **Refresh**: Click 🔄 to manually refresh the list
 57- **Delete**: Click 🗑️ and confirm to permanently remove a secret
 58- **Auto-sync**: The UI automatically refreshes every 30 seconds
 59
 60## API Integration
 61
 62The web UI communicates with the HSM Secrets Operator's REST API:
 63
 64- **List Secrets**: `GET /api/v1/hsm/secrets`
 65- **Get Secret**: `GET /api/v1/hsm/secrets/{name}`
 66- **Create Secret**: `POST /api/v1/hsm/secrets/{name}`
 67- **Delete Secret**: `DELETE /api/v1/hsm/secrets/{name}`
 68- **Health Check**: `GET /api/v1/health`
 69
 70## Security Considerations
 71
 72- The web UI serves static files from the manager pod
 73- All API calls go through the manager, which proxies to HSM agent pods
 74- Secrets are displayed in the browser - use HTTPS in production
 75- Consider network policies to restrict access to the web interface
 76
 77## Ingress Example
 78
 79```yaml
 80apiVersion: networking.k8s.io/v1
 81kind: Ingress
 82metadata:
 83  name: hsm-secrets-ui
 84  namespace: hsm-secrets-operator-system
 85  annotations:
 86    nginx.ingress.kubernetes.io/ssl-redirect: "true"
 87spec:
 88  tls:
 89    - hosts:
 90        - hsm-secrets.example.com
 91      secretName: hsm-secrets-tls
 92  rules:
 93    - host: hsm-secrets.example.com
 94      http:
 95        paths:
 96          - path: /
 97            pathType: Prefix
 98            backend:
 99              service:
100                name: hsm-secrets-operator-manager-service
101                port:
102                  number: 8090
103```
104
105## Troubleshooting
106
107### UI Not Loading
108- Check that the manager pod is running: `kubectl get pods -n hsm-secrets-operator-system`
109- Verify port-forward is active: `netstat -an | grep 8090`
110- Check manager logs: `kubectl logs -n hsm-secrets-operator-system -l app.kubernetes.io/name=hsm-secrets-operator`
111
112### API Errors
113- Ensure HSM agents are running and healthy
114- Check HSMPool status: `kubectl get hsmpool`
115- Verify HSM devices are discovered: `kubectl get hsmdevice`
116
117### No Secrets Visible
118- Confirm secrets exist via CLI: `examples/api/list-secrets.sh`
119- Check agent connectivity from manager pod
120- Verify PKCS#11 configuration in HSMDevice CRDs
121
122## Development
123
124The web UI consists of:
125- `index.html`: Main interface with responsive design
126- `app.js`: JavaScript API client and UI logic
127- Served via Gin router's static file handler
128
129To modify the UI:
1301. Edit files in the `web/` directory
1312. Rebuild the manager: `make build`
1323. Redeploy or restart the manager pod
Configure Feed

Configure Feed
