diff --git a/README.rst b/README.rst index 28f05787..f74a0924 100644 --- a/README.rst +++ b/README.rst @@ -16,13 +16,17 @@ Lemur .. image:: https://travis-ci.org/Netflix/lemur.svg :target: https://travis-ci.org/Netflix/lemur -Lemur manages TLS certificate creation. It provides a central portal for developers to issue their own TLS certificates with 'sane' defaults. +Lemur manages TLS certificate creation. While not able to issue certificates itself, Lemur acts as a broker between CAs +and environments providing a central portal for developers to issue TLS certificates with 'sane' defaults. + It works on CPython 2.7, 3.3, 3.4. We deploy on Ubuntu and develop on OS X. Project resources ================= +- `Lemur Blog Post `_ - `Documentation `_ - `Source code `_ - `Issue tracker `_ +- `Docker `_ diff --git a/docs/guide/index.rst b/docs/guide/index.rst index bb369402..d34d4baf 100644 --- a/docs/guide/index.rst +++ b/docs/guide/index.rst @@ -3,46 +3,15 @@ User Guide These guides are quick tutorials on how to perform basic tasks in Lemur. -Create a New User -~~~~~~~~~~~~~~~~~ -.. figure:: settings.png - - From the settings dropdown select "Users" - -.. figure:: create.png - - In the user table select "Create" - -.. figure:: create_user.png - - Enter the username, email and password for the user. You can also assign any - roles that the user will need when they login. While there is no deletion - (we want to track creators forever) you can mark a user as 'Inactive' that will - not allow them to login to Lemur. - - -Create a New Role -~~~~~~~~~~~~~~~~~ - -.. figure:: settings.png - - From the settings dropdown select "Roles" - -.. figure:: create.png - - In the role table select "Create" - -.. figure:: create_role.png - - Enter a role name and short description about the role. You can optionally store - a user/password on the role. This is useful if your authority require specific roles. - You can then accurately map those roles onto Lemur users. Also optional you can assign - users to your new role. - Create a New Authority ~~~~~~~~~~~~~~~~~~~~~~ +Before Lemur can issue certificates you must configure the authority you wish use. Lemur itself does +not issue certificates, it relies on external CAs and the plugins associated with those CAs to create the certificate +that Lemur can then manage. + + .. figure:: create.png In the authority table select "Create" @@ -92,4 +61,43 @@ Import an Existing Certificate a certificate name but you can override that by passing a value to the `Custom Name` field. You can add notification options and upload the created certificate to a destination, both - of these are editable features and can be changed after the certificate has been created. + of these are editable features and can be changed after the certificate has been created. + + +Create a New User +~~~~~~~~~~~~~~~~~ +.. figure:: settings.png + + From the settings dropdown select "Users" + +.. figure:: create.png + + In the user table select "Create" + +.. figure:: create_user.png + + Enter the username, email and password for the user. You can also assign any + roles that the user will need when they login. While there is no deletion + (we want to track creators forever) you can mark a user as 'Inactive' that will + not allow them to login to Lemur. + + +Create a New Role +~~~~~~~~~~~~~~~~~ + +.. figure:: settings.png + + From the settings dropdown select "Roles" + +.. figure:: create.png + + In the role table select "Create" + +.. figure:: create_role.png + + Enter a role name and short description about the role. You can optionally store + a user/password on the role. This is useful if your authority require specific roles. + You can then accurately map those roles onto Lemur users. Also optional you can assign + users to your new role. + + diff --git a/docs/quickstart/index.rst b/docs/quickstart/index.rst index 14b7c53d..2944085f 100644 --- a/docs/quickstart/index.rst +++ b/docs/quickstart/index.rst @@ -16,7 +16,7 @@ Some basic prerequisites which you'll need in order to run Lemur: * PostgreSQL * Nginx -.. note:: Lemur was built with in AWS in mind. This means that things such as databases (RDS), mail (SES), and SSL (ELB), +.. note:: Lemur was built with in AWS in mind. This means that things such as databases (RDS), mail (SES), and TLS (ELB), are largely handled for us. Lemur does **not** require AWS to function. Our guides and documentation try to be be as generic as possible and are not intended to document every step of launching Lemur into a given environment. @@ -270,7 +270,9 @@ Decrypts sensitive key material - Used to decrypt the secrets stored in source d What's Next? ------------ -The above gets you going, but for production there are several different security considerations to take into account, +Get familiar with how Lemur works by reviewing the :doc:`../guide/index`. When you're ready +see :doc:`../production/index` for more details on how to configure Lemur for production. + +Remember the above just gets you going, but for production there are several different security considerations to take into account, remember Lemur is handling sensitive data and security is imperative. -See :doc:`../production/index` for more details on how to configure Lemur for production.