From ed1504c2826f6a5d406dd72e51f5a90b77ffea45 Mon Sep 17 00:00:00 2001
From: Mike Crute <mike@crute.us>
Date: Wed, 21 Dec 2022 22:06:29 -0800
Subject: Upgrade to latest golib

---
 README.md | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 1a892a5..ad96813 100644
--- a/README.md
+++ b/README.md
@@ -55,8 +55,10 @@ proxy. You will need:
 
 - [Mongodb](https://www.mongodb.com/)
 - [Vault](https://www.hashicorp.com/products/vault)
+- [Netbox](https://netbox.dev/)
 - [GitHub Oauth Application](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app)
-- [SSL certificates](https://letsencrypt.org/).
+- [SSL certificates](https://letsencrypt.org/)
+- Internal DNS Service (for LetsEncrypt DNS challenges)
 
 Once the requisite infrastructure (see below) is configured, run the binary
 like so:
@@ -66,8 +68,7 @@ VAULT_ROLE_ID="..." \
 VAULT_SECRET_ID="..." \
 VAULT_ADDR="https://your-vault-addr:8200" \
     ./cloud-identity-broker \
-		--mongodb-uri="mongodb://your-mongodb-host:27017/your-db-name?authSource=admin" \
-		--mongodb-vault-path="database/static-creds/your-cred-name" \
+		--mongodb-uri="your-vault-path@your-mongodb-host/your-db-name" \
 		--github-oauth-vault-path="service/service-name/github-oauth" \
 		web
 ```
@@ -192,10 +193,22 @@ collection. Those records have the following form:
 - `VaultMaterial` the path to the Vault material that contains the account
   credentials document, as above.
 
+## Notes on Infrastructure
+
+The infrastructural decisions of the project were made based on the
+systems readily available to the original author and their production
+readiness. The code itself has been structured to avoid forcing those
+decisions on future users. Everything is coded to generic models and
+interfaces for database and secret access. With a little additional code
+it should be possible to swap in preferred implementations for both of
+those systems. The project is happy to entertain alternative back-ends
+for these interfaces.
+
 ## To Do
 
 - Allow GitLab CI jobs to auth using [job tokens](https://docs.gitlab.com/ee/api/jobs.html#get-job-tokens-job)
 - Implement an Admin UI, all admin ops are directly on the DB at the moment
+- Remove internal service dependencies
 - Support dynamic mongodb credentials
 - Support for other clouds
   - GCP
-- 
cgit v1.2.3