SentriusLLC
diff --git a/‎README.md‎
Lines changed: 135 additions & 93 deletions b/‎README.md‎
Lines changed: 135 additions & 93 deletions
diff --git a/‎api/src/main/resources/templates/fragments/error.html‎
Lines changed: 0 additions & 4 deletions b/‎api/src/main/resources/templates/fragments/error.html‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎api/src/main/resources/templates/sso/error.html‎
Lines changed: 0 additions & 4 deletions b/‎api/src/main/resources/templates/sso/error.html‎
Lines changed: 0 additions & 4 deletions
@@ -1,181 +1,223 @@
 Sentrius
 
-Sentrius is a secure shell access management solution that integrates zero trust principles to protect your infrastructure. Sentrius is divided into two primary Maven sub-projects: core and api. The core sub-project handles core functionalities such as enforcing zero trust policies, while the api sub-project is responsible for providing a REST API to interact with these functionalities.
+![image](docs/images/mainscreen.png)
+Sentrius is a secure shell (SSH) access management solution that integrates zero trust principles to protect your infrastructure. It is split into two primary Maven sub-projects:
 
-Internally Sentrius is formerly known as SSO ( SecureShellOps ). 
+    core – Handles the core functionalities (e.g., SSH session management, zero trust policy enforcement).
+    api – Provides a RESTful API layer to interface with the core module.
 
-Project Structure
-
-Sentrius consists of the following sub-projects:
-
-Core: The core functionality of Sentrius, which manages SSH connections and enforces security rules. This includes:
-
-Enclave management
+Internally, Sentrius may still be referenced by its former name, SSO (SecureShellOps), in certain scripts or configurations.
+Table of Contents
 
-Zero trust policy enforcement
+    Key Features
+    Project Structure
+    Prerequisites
+    Installation
+    Configuration
+    Running Sentrius
+    Usage
+    API Documentation
+    Deployment to Google Kubernetes Engine (GKE)
+    Contributing
+    License
+    Contact
 
-Secure connection handling
+Key Features
 
-API: A RESTful interface for interacting with the Sentrius core functionalities. The API allows users to create, manage, and visualize SSH enclaves and security rules in a flexible way.
+    Zero Trust Security
+    Sentrius enforces zero trust policies, ensuring that every SSH connection is authenticated, authorized, and constantly monitored.
 
-Features
+    SSH Enclaves
+    Group hosts into logical enclaves and apply role-based access control for fine-grained permissions. Simplify security oversight by separating and organizing your infrastructure.
 
-Zero Trust Security: Implements zero trust principles to ensure every connection is authenticated and authorized in real-time.
+    Dynamic Rules Enforcement
+    Define flexible, context-aware rules that adapt to real-time changes in your environment (e.g., user risk score, time of day, IP ranges).
 
-SSH Enclaves: Manage host groupings through enclaves, providing role-based access control to specific nodes.
+    REST API
+    Manage your SSH configurations, enclaves, security rules, and sessions programmatically using a well-documented REST API.
 
-Dynamic Rules Enforcement: Define and enforce zero trust rules at runtime, ensuring the security policies adapt to changing contexts.
+Project Structure
 
-REST API: Offers a fully accessible REST API to manage SSH configurations, enclaves, and rules programmatically.
+Sentrius consists of multiple sub-projects:
+
+    core
+    Contains business logic, including:
+        Enclave management
+        Zero trust policy enforcement
+        Secure SSH connection handling
+
+    api
+    A RESTful interface for interacting with the core functionalities. The api module exposes endpoints that let you:
+        Create and manage enclaves
+        Configure security rules
+        Visualize SSH sessions and logs
+        Handle user access and authentication
+
+sentrius/
+├── core/
+│   ├── src/
+│   └── pom.xml
+├── api/
+│   ├── src/
+│   └── pom.xml
+├── ops-scripts/
+│   └── gcp/
+│       └── deploy-helm.sh
+├── pom.xml
+└── ...
 
 Prerequisites
 
-Java 11 or later
-
-Apache Maven 3.6+
-
-A database (e.g., PostgreSQL, MySQL) configured for storing session and configuration data
+    Java 11 or later
+    Apache Maven 3.6+
+    Database (PostgreSQL, MySQL, etc.) for storing session and configuration data
+    (Optional) Docker & Kubernetes if you plan to deploy on a containerized environment
 
 Installation
 
-Clone the Repository
+    Clone the Repository
 
-$ git clone https://github.com/your-repo/sentrius.git
-$ cd sentrius
+git clone https://github.com/your-organization/sentrius.git
+cd sentrius
 
 Build the Project
 
-Sentrius uses Maven for building the project. Make sure you have Maven installed.
+Sentrius uses Maven for its build process. Ensure Maven is installed and then run:
 
-$ mvn clean install
+    mvn clean install
 
-This command will build both the core and api sub-projects.
+    This command will build both the core and api sub-projects, downloading any required dependencies.
 
 Configuration
 
-Sentrius requires configuration files for both core and api to be set up before running. Create a configuration file for each module in src/main/resources/application.properties or provide your own external configuration.
+Sentrius requires properties in order to connect to databases, authenticate users, and configure SSH session parameters. You can supply them in src/main/resources/application.properties or via external configuration (e.g., environment variables or config files).
 
-Configuration properties include:
+Typical settings include:
 
-Database configuration
+    Database Configuration
 
-SSH Settings (e.g., ports, timeouts)
+spring.datasource.url=jdbc:postgresql://localhost:5432/sentrius
+spring.datasource.username=postgres
+spring.datasource.password=postgres
+spring.jpa.hibernate.ddl-auto=update
 
-Security parameters for JWT or OAuth integration
+Security & Authentication
 
-Running Sentrius
+# JWT or OAuth
+sentrius.security.jwt.secret=YOUR_SECRET_KEY
+sentrius.security.jwt.expiration=3600
 
-Running Core
+SSH Settings
 
-Navigate to the core sub-project and run it using Maven:
+    sentrius.ssh.port=22
+    sentrius.ssh.connection-timeout=30000
 
-$ cd core
-$ mvn spring-boot:run
+    Core and API Specifics
+        Core might need additional application-specific properties (e.g., caching, logging).
+        The API often needs separate configurations for its own port, API versioning, or logging settings.
 
-Running API
+Feel free to structure your configs based on your environment (dev/test/prod). For large-scale deployments, we recommend using a secure secrets manager (HashiCorp Vault, AWS Secrets Manager, etc.) to avoid storing sensitive information in plain text.
+Running Sentrius
+1. Running the Core
 
-Navigate to the api sub-project and run it using Maven:
+Navigate to the core sub-project:
 
-$ cd api
-$ mvn spring-boot:run
+cd core
+mvn spring-boot:run
 
-After running the core and api, the API server should be accessible via http://localhost:8080/api/v1/. The endpoints are defined in the api module to interact with the core module.
+Once the core service is running, it will initialize the necessary security policies, database migrations, and SSH session handling.
+2. Running the API
 
-Usage
+In a separate terminal, navigate to the api sub-project:
 
-Create an Enclave
+cd api
+mvn spring-boot:run
 
-To create a new enclave, you can use the following API endpoint:
+The API will connect to the running core service and expose the REST endpoints (by default) at http://localhost:8080/api/v1/.
+Usage
 
-POST /api/v1/enclaves
+Below are examples of how to interact with Sentrius via the REST API. These can be tested using cURL, Postman, or any other HTTP client.
+1. Create an Enclave
 
-Payload example:
+POST /api/v1/enclaves
+Content-Type: application/json
 
 {
 "name": "Production Servers",
 "description": "Access group for production nodes"
 }
 
-Adding Hosts to an Enclave
-
-To add hosts to an enclave, use:
+2. Add a Host to an Enclave
 
 POST /api/v1/enclaves/{enclaveId}/hosts
-
-Payload example:
+Content-Type: application/json
 
 {
 "host": "192.168.1.10",
 "username": "admin",
 "port": 22
 }
 
-Establishing Secure Connections
-
-Sentrius allows establishing secure SSH sessions with enforced policies using:
+3. Establish a Secure Connection
 
 POST /api/v1/ssh/connect
-
-Payload example:
+Content-Type: application/json
 
 {
 "enclaveId": "12345",
 "hostId": "67890"
 }
 
+If your zero trust policies allow the connection, Sentrius will open a secure SSH session. The connection details (session ID, session logs, etc.) can be accessed through further API endpoints.
 API Documentation
 
-API documentation is provided via Swagger. Once the api module is running, you can access the Swagger UI at:
+Sentrius uses Swagger for API documentation. Once the api module is running, browse to:
 
 http://localhost:8080/swagger-ui.html
 
-Contributing
+Here, you can explore all available endpoints, models, and request/response structures.
+For advanced use cases, consult the automatically generated openapi.json/openapi.yaml file.
+Deployment to Google Kubernetes Engine (GKE)
 
-Feel free to submit issues, fork the repository, and make pull requests. Contributions are welcome to improve features, documentation, and to add more functionality.
+Sentrius can be containerized and deployed to a Kubernetes cluster. You can use the provided Helm script in ops-scripts/gcp/deploy-helm.sh to manage the deployment.
 
-License
+    Build Docker Image (if needed)
+    Make sure to build and tag your Docker image, then push it to a container registry accessible by GKE (e.g., Google Container Registry).
 
-Sentrius is licensed under the MIT License. See the LICENSE file for more details.
+    Configure GKE
+    Ensure you are logged into your Google Cloud account and have set the correct context for your GKE cluster.
 
-Contact
+    Run the Helm Deployment Script
+    From the project root (or from ops-scripts/gcp), run:
 
-For support or questions, please contact the project maintainers at [email protected].
+    ./ops-scripts/gcp/deploy-helm.sh <helm-release-name> <gcp-project-id> <any-other-key-or-params>
 
+        <helm-release-name> is the name you want to assign to the Helm release in your cluster.
+        <gcp-project-id> is your Google Cloud Platform project ID.
+        You may supply additional parameters (keys, environment variables, or overrides) as needed.
 
+This script will:
 
-Deploying to EKS
+    Deploy the required Kubernetes resources (Deployments, Services, etc.) for both core and api modules.
+    Apply zero trust security rules configuration as specified.
+    Expose the api service, typically via a LoadBalancer or an Ingress (depending on your Helm chart configuration).
 
-```bash
-eksctl create cluster \
-  --name sentrius-cluster \
-  --region us-east-1 \
-  --nodegroup-name sentrius-nodegroup \
-  --nodes 2 \
-  --nodes-min 1 \
-  --nodes-max 3 \
-  --managed \
-  --tags tenant=multi-tenant,project=sentrius
-
-
-```
-
-## Create customer namesapce
+Contributing
 
-```bash
+Contributions of all forms are welcome! To get started:
 
-kubectl create namespace sentrius-customer-1
+    Fork the repository.
+    Create a feature branch for your changes.
+    Open a pull request back into the main branch, describing your changes and rationale.
 
-```
+If you encounter any issues or have requests, feel free to open a GitHub Issue. We actively review and address bug reports, feature requests, and general improvements.
+License
 
-### Attach policy to an iam role
+Sentrius is licensed under the MIT License. For more details, please see the LICENSE file.
+Contact
 
-```bash
+Questions, feedback, or need commercial support? Reach out to the project maintainers:
 
-eksctl create iamserviceaccount \
-  --name sentrius-service-account \
-  --namespace sentrius \
-  --cluster sentrius-cluster \
-  --attach-policy-arn arn:aws:iam::<account-id>:policy/secretsmanager-read-policy \
-  --approve
-```
+Email: [email protected]
 
+We’re always happy to help you secure your infrastructure with Sentrius!
@@ -11,10 +11,6 @@
 <div class="navbar navbar-light bg-light fixed-top navbar-expand-md" role="navigation">
     <div class="container">
         <div class="navbar-brand">
-            <div class="nav-img">
-                <img src="/img/bastillion_40x40.png" th:src="@{/img/bastillion_40x40.png}"
-                     alt="bastillion">
-            </div>
             [[${systemOptions.systemLogoName}]]
         </div>
         <!--/.nav-collapse -->
 
@@ -11,10 +11,6 @@
 <div class="navbar navbar-light bg-light fixed-top navbar-expand-md" role="navigation">
     <div class="container">
         <div class="navbar-brand">
-            <div class="nav-img">
-                <img src="/img/bastillion_40x40.png" th:src="@{/img/bastillion_40x40.png}"
-                     alt="bastillion">
-            </div>
             [[${systemOptions.systemLogoName}]]
         </div>
         <!--/.nav-collapse -->