Update readme

Author: phrocker

README.md

@@ -86,6 +86,18 @@ Installation
 git clone https://github.com/your-organization/sentrius.git
 cd sentrius
 
+Running Sentrius
+
+For convenience the ops/local directory contains a "run-sentrius.sh" script which will start the core and api modules. You can run this script from the project root:
+
+./ops/local/run-sentrius.sh
+
+You are welcome to run the core and api modules separately, as needed. You can start the core module by running:
+
+    mvn install
+    cd api
+    mvn spring-boot:run
+
 Build the Project
 
 Sentrius uses Maven for its build process. Ensure Maven is installed and then run:
@@ -110,8 +122,20 @@ spring.jpa.hibernate.ddl-auto=update
 Security & Authentication
 
 # JWT or OAuth
-sentrius.security.jwt.secret=YOUR_SECRET_KEY
-sentrius.security.jwt.expiration=3600
+To configure Keycloak, you can use the following properties:
+
+    keycloak.realm=sentrius
+    keycloak.base-url=${KEYCLOAK_BASE_URL:http://localhost:8180}
+    spring.security.oauth2.client.registration.keycloak.client-secret=${KEYCLOAK_SECRET:defaultSecret}
+    
+    spring.security.oauth2.client.registration.keycloak.client-id=sentrius-api
+    spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
+    spring.security.oauth2.client.registration.keycloak.redirect-uri=${BASE_URL:http://localhost:8080}/login/oauth2/code/keycloak
+    spring.security.oauth2.client.registration.keycloak.scope=openid,profile,email
+    
+    spring.security.oauth2.resourceserver.jwt.issuer-uri=${KEYCLOAK_BASE_URL:http://localhost:8180}/realms/sentrius
+    spring.security.oauth2.client.provider.keycloak.issuer-uri=${KEYCLOAK_BASE_URL:http://localhost:8180}/realms/sentrius
+
 
 SSH Settings
 
@@ -123,67 +147,7 @@ SSH Settings
         The API often needs separate configurations for its own port, API versioning, or logging settings.
 
 Feel free to structure your configs based on your environment (dev/test/prod). For large-scale deployments, we recommend using a secure secrets manager (HashiCorp Vault, AWS Secrets Manager, etc.) to avoid storing sensitive information in plain text.
-Running Sentrius
-1. Running the Core
-
-Navigate to the core sub-project:
-
-cd core
-mvn spring-boot:run
-
-Once the core service is running, it will initialize the necessary security policies, database migrations, and SSH session handling.
-2. Running the API
-
-In a separate terminal, navigate to the api sub-project:
-
-cd api
-mvn spring-boot:run
-
-The API will connect to the running core service and expose the REST endpoints (by default) at http://localhost:8080/api/v1/.
-Usage
-
-Below are examples of how to interact with Sentrius via the REST API. These can be tested using cURL, Postman, or any other HTTP client.
-1. Create an Enclave
-
-POST /api/v1/enclaves
-Content-Type: application/json
-
-{
-"name": "Production Servers",
-"description": "Access group for production nodes"
-}
-
-2. Add a Host to an Enclave
-
-POST /api/v1/enclaves/{enclaveId}/hosts
-Content-Type: application/json
-
-{
-"host": "192.168.1.10",
-"username": "admin",
-"port": 22
-}
-
-3. Establish a Secure Connection
-
-POST /api/v1/ssh/connect
-Content-Type: application/json
-
-{
-"enclaveId": "12345",
-"hostId": "67890"
-}
-
-If your zero trust policies allow the connection, Sentrius will open a secure SSH session. The connection details (session ID, session logs, etc.) can be accessed through further API endpoints.
-API Documentation
-
-Sentrius uses Swagger for API documentation. Once the api module is running, browse to:
-
-http://localhost:8080/swagger-ui.html
 
-Here, you can explore all available endpoints, models, and request/response structures.
-For advanced use cases, consult the automatically generated openapi.json/openapi.yaml file.
-Deployment to Google Kubernetes Engine (GKE)
 
 Sentrius can be containerized and deployed to a Kubernetes cluster. You can use the provided Helm script in ops-scripts/gcp/deploy-helm.sh to manage the deployment.